Computer Support Forum

avira virus detection beeps with detection pop ups

Question: avira virus detection beeps with detection pop ups

Okay i have turned my pc on after not having it on in 3 months (due to having to buy a new graphics card) anyway everything was running smooth untill i heard a few beeps only to see that avira has detected few viruses i had a choice to either remove or ignore so i pushed remove 10 minutes later avira is detecting the virus again so i click remove and then do a quick scan with Malwarebytes and it did not detect anything so i did a full scan with my Avira Anti Virus and it found 1 warning 13 hidden files and 30 detections now i would like to know what to do from here to completely get rid of the 30 detections that it has found the two that it has detected look like this: TR/BHO.ZWANGI.Trojan TR/GerVar.EJ Trojan there are 30 of them in my Avira quarantine so what i would like to know is where to go from here thank you.

Relevance 100%
Preferred Solution: avira virus detection beeps with detection pop ups

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: avira virus detection beeps with detection pop ups

Hello,Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.

2 more replies
Relevance 108.46%

Okay i have turned my pc on after not having it on in 3 months (due to having to buy a new graphics card) anyway everything was running smooth untill i heard a few beeps only to see that avira has detected few viruses i had a choice to either remove or ignore so i pushed remove 10 minutes later avira is detecting the virus again so i click remove and then do a quick scan with Malwarebytes and it did not detect anything so i did a full scan with my Avira Anti Virus and it found 1 warning 13 hidden files and 30 detections now i would like to know what to do from here to completely get rid of the 30 detections that it has found the two that it has detected look like this: TR/BHO.ZWANGI.Trojan TR/GerVar.EJ Trojan there are 30 of them in my Avira quarantine so what i would like to know is where to go from here thank you.DDS (Ver_10-03-17.01) - NTFSx86 Run by DJ at 19:40:17.32 on Thu 09/09/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.518 [GMT -7:00]AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\windows\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\windows\system32\spoolsv.exeC:\Program Files\Avira&... Read more

Answer:avira virus detection beeps with detection pop ups

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

2 more replies
Relevance 75.4%

I have yet another antivirus question as I still haven't decided what antivirus I'm going to install. I was pretty set on Avast until I saw on a few websites that Avira AntiVir has better virus detection than avast as well as less of an impact on system performance. Does anyone out there know if this is actually the case? I would like to go for the most secure option with the least impact on the system. Thank you for any help!
 

Answer:Avira AntiVir better virus detection than Avast?

Yes. The information is right. Avira AntiVir PersonalEdition Classic has far higher detection rates than Avast. Also, it is very light on system resources. You can take this for sure. You will never regret your decision of installing Avira Antivir PersonalEdition Classic. Here are two links to support my statement.

Avira vs Avast!
AV-Comparatives

Hope my answers satisfy your doubts. Good Luck.
 

3 more replies
Relevance 93.89%

As i said under some Post i want to make a Thread of it so no off topics anymore

Some people dont believe Avira has multiple detection methods but thats Isnt treu..

As you can see under the screenshot it clearly has Behavior scanner.
 

Answer:Avira's detection methods

Well I like Avira very much. It is installed on my Gaming PC since the dinasours age hahahahah.
I hope they get better! New protection technologies are welcome
 

9 more replies
Relevance 93.07%

Windows VistaFirst Discovered the problem when Norton 360 scan stayed at number zero for items scanned...Upon closing scan and restarting, the scan gives a message of already scan in progress....I know, I know. Norton 360...Norton detects a virus...The old lady threw away my note pad...so bear with me while I try to remember the name...it will pop up soon, then I can give correct info.. backdoor.TidservTried system restore...Will not complete...Microsoft? Windows? Malicious Software Removal Tool (KB890830) would not install..Tried emergency disk and wouldnt take...Installed Avira AntiVir Personal....Periodically will give detection of Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'detected in file 'C:\Windows\System32\drivers\ESQULqnnqxnxcdtojbpifmdxfgwqiihpnfgqe.sys.Action performed: Deny access and scan works. Also everytime I open Explorer it gives me this error message...iexplore.exe Bad image globalroot\systemroot\system32\ESQUL-more letters So thats was removed wrong..Is there anyone that could help me remove this malware or trojan???Or whatever it is out of this bleeping computer......I will be online until fixed,I am sure...and the only thing I downloaded was a WildTangent game from HP..Maybe I need to email those bastards...

Answer:TR/Crypt.ZPACK.Gen -- Avira Detection

Hello and welcome .. I would like for you to try running both of these and post back the logs,thanks.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives se... Read more

8 more replies
Relevance 93.07%

I don't think it's possible for a security product to have a 99.99% detection rate. What do you think on this matter and do you think Avira is right for saying this?
 

Answer:Avira claims to have 99.99% detection rate.

A antivirus alone can't have 99.99% detection.... Whoever put that there had to be drunk.
 

48 more replies
Relevance 92.25%

AV-Comparatives' test only considered the premium version, but how much worse are the numbers usually for the free version?
 

Answer:Avira Free detection rates vs Premium's

based on their site's comparison these are the differences between the free and the premium version.
 

9 more replies
Relevance 91.84%

Comodo SiteInspector has new features and it's for free to sign up. Good service for those who have own websites.
 

Answer:Malware detection and blacklist detection for Websites..sign up for free!

I saw this earlier, looks like they changed it from 30 days to 365 days.

These type of services from Comodo I like.

http://siteinspector.comodo.com/public

http://siteinspector.comodo.com/public/features
 

9 more replies
Relevance 91.02%

I recently replaced Avast with Avira free a/v. Regular monitoring and frequent quick scans haven't turned up much. Today I ran the first full scan and Avira detected 6 files associated with what they call a virus named BAT/KillProc.E batch I looked into the source of the files and they are in a users downloads folder. Two files with the exact same name: ENGAGE Theme by X-Generator.7z I have no idea where these files came from and in need of some expert clarification. So far, all I have done is a system back up to a removable hard drive and came straight here. I did not move the files to quarantine per Avira's suggestion. Thank you for your consideration and time. TSG is a great resource and I, for one, greatly appreciate it!

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 10 Home, 64 bit
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 4008 Mb
Graphics Card: Intel(R) HD Graphics, 1812 Mb
Hard Drives: C: Total - 935859 MB, Free - 834530 MB; F: Total - 476837 MB, Free - 460854 MB;
Motherboard: Dell Inc., 0GDG8Y
Antivirus: Avira Antivirus, Updated and Enabled
 

Answer:ENGAGE Theme by X-Generator.7z (Avira detection) clarify ?

I wouldn't worry about that at all. Just delete the files found.
If it was in downloads folder, they you or a user on that computer did download it and it is a theme changer. However I wouldn't personally use it or any other theme downloaded from the internet. Any theme change not approved by Microsoft carries the risk of breaking the computer when windows updates.
While it is inside the zip file they are totally harmless and cannot run, so just delete the zip files

BAT/KillProc.E is frequently a false detection and had been often detected in graphics driver updates and other updates that try to replace running files on a computer without rebooting.
It is one of these dual use "programs" where although designed for good & safe use is frequently abused by malware developers to attempt to replace running windows files
 

2 more replies
Relevance 90.2%

Hi, I was a big fan of Avira free antivirus, but since version 15.0.17 (I think) it is no possible to choose interactive action on detection for the Real -Time protection module. It always send the detected file to quarantine.

Anybody knows how to restore the old behavior?
 

More replies
Relevance 78.72%
Question: Virus Detection

I think I have a virus but malwarebytes nor superantispyware can find it and whenever I try to access some sites it redirect me,I just need someone to check if I am infected or not,tyvm.Here is my hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:58 PM, on 10/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMob... Read more

Answer:Virus Detection

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

1 more replies
Relevance 78.72%

My adware is detecting a trojan downloader but it can't get rid of it. When I try finding the virus on norton nothing shows up. Any information regarding this would be helpful.

Answer:virus detection????

stop spamming

5 more replies
Relevance 78.72%

Hello all,

my wife was on a website last night about nursery rhymes and she clicked on something and AVG instantly came up with a warning telling me that files 61883.sys, aec.sys and asyncmac.sys are infected with Trojan horse Agent_r.G. after looking u what the files were i believe them to be legitimate sys files, but could they get infected? We have pop ups for smileys and bingo and i can't start up safe mode.

Anyone have any ideas??

A very grateful Dave. :confused
 

Answer:AVG Virus detection

Welcome to Major Geeks!

Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First. If TDSSserv is not found, just continue on with the READ & RUN ME.
TDSSserv Non-Plug & Play Driver Disable

READ & RUN ME FIRST. Malware Removal Guide

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to ... Read more

4 more replies
Relevance 78.72%
Question: Virus detection

I was able to run an antivirus program I am using (AVG free edition). It came up with a detection that reads:

File
c:\windows\syste...\i8042prt.sys

Infection
trojan horse agent_r. BAV

Result
object is white listed (critical/system file that should not be removed)

What does this mean?
 

Answer:Virus detection

You need to start a thread in the Virus & Other Malware Removal section of this site.

Before you post though, you need to read THIS guide.
 

2 more replies
Relevance 78.72%
Question: Virus detection

Hello everyone!

I'm the 'new girl (well granny actually!) on the block!'

Has anybody encountered this virus, detected by AVG free v7, as I can find very little info on it through google searches etc.

IRC/BackDoor/Trojan/SdBot.55.U

It's gone from my system now (I think!) but I am curious as to it's origin and 'popularity'!

Answer:Virus detection

Hi silverlady This is what Symantec Security Response has to say. See link below for full report.Backdoor.Sdbot is a Backdoor Trojan horse that allows the Trojan's creator to control a computer by using Internet Relay Chat (IRC). Backdoor.Sdbot can update itself by checking for newer versions over the Internet. http://securityresponse.symantec.com/avcen...door.sdbot.html

1 more replies
Relevance 78.72%

himy system has virusthis virus when i click on folder or file , open delete window and also when turn on system automatic  open panel setupplease help me

Answer:help in detection virus

Hi there!Read directions in this thread and post logs for me back here please: http://www.computerhope.com/forum/index.php/topic,46313.0.html

1 more replies
Relevance 78.72%

I had did a scan and found these on my computer. Here is the report:

Avira AntiVir Personal
Report file date: Sunday, December 05, 2010 05:06

Scanning for 3110546 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : XP-E

Version information:
BUILD.DAT : 10.0.0.596 31825 Bytes 11/16/2010 15:57:00
AVSCAN.EXE : 10.0.3.1 434344 Bytes 11/3/2010 01:06:45
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 13:19:04
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 13:19:14
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 13:19:35
VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 13:19:49
VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 01:06:45
VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 01:06:45
VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 01:06:... Read more

Answer:Virus detection. Please help me. Anybody

16 more replies
Relevance 78.72%
Question: Virus detection

Hi there,

I clicked on a link in Facebook and I think it has given my machine a virus. I ran MSE which picked up 3 or 4 severe threatss. Have got MSE to remove these threats from my machine but my machine is still running slow. If I have to do a reinstall can windows easy transfer copy and reinstall my drivers. If not does anyone have any good free software links that will backup and reinstall my drivers? Im downloading AVG free just now to see if that can pick up anything. Have ran malwarebytes. I think this could be looking at a reinstall now. Any help is greatly appreciated.

Answer:Virus detection

Hi clark,

you only need one AV pkg - MSE seems to be favored around here. I don't have a dog in that fight, so since you have MSE, stick with it.

MalwareBytes (MwB) is a good companion to any AV software - keep MwB too. I'm not sure why you think you have to re-install (slowness?) if your system came up clean MSE, MwB). That's an awful big hammer to use, but.....

5 more replies
Relevance 78.72%
Relevance 78.72%
Question: Virus Detection

hi all,this is my first posting,so be kind.im using AVG Antivirus and Symantec Corporate Edition.AVG keeps detecting a Trojan virus,but i cant send it to the virus vault or delete it.Symantec doesnt ever detect the trojan when running a scan.Will this trojan affect my PC?Any advice would be much appreciated.im using XP Pro.

Answer:Virus Detection

The problem is probably caused because you are using more than one anti-virus program.NEVER run multiple AV programs - they will always clash with each other.Make your choice and get rid of one.

9 more replies
Relevance 78.72%

Greetings:My name is Jon. I have a Toshiba laptop, and recently received a virus (possibly through limewire, but I am not sure). I normally have AntiVir, but all full scans of the system come up without any detections. I then downloaded the free trial of Mcafee, and each time it finds trojans and tracking cookies. It cleans them up, but the initial virus that is causing all of this still remains. Here are the symptoms that let me know it's still here:Whenever I open Internet Explorer, a hidden file "idgrvecqmn" is created on my desktop. Also, whenever I try to search something (from Yahoo or Google) the links to the sites that come back all lead to advertisement pages instead of the desired page.Occasionally, Windows Explorer closes down as soon as I start my computer, and I have to ctrl-alt-dlt to restart the computer or at least restart Windows Explorer. This hasn't happened in the past day or two.The most recent symptom is back with Internet Explorer, as when it is in full-screen mode it does this weird thing where I cannot see the toolbar for Windows Explorer at the bottom of the screen (unless I minimize Internet Explorer or make it just a partial screen), and on the top where I would type in internet addresses it disappears until I scroll the mouse to the top of the screen.When I first ran McAfee it told me it didn't detect anything. Then the virus tried to do something (first time Windows Explorer crashed and had to be restarted) and now viruse... Read more

Answer:Virus without Detection

Try using the free ESET online scanner for another opinion of what's actually on your pc and alsosee the computer hope malware help guide and follow the directions and a malware specialist will help you get you on your way with your pc.

14 more replies
Relevance 78.72%
Question: Virus detection

I know i have a virus as i cant view task manager or regedit without renaming them. My search function on the computer wont work either ( i cant view "serch files and folders" or what drive and whatever). also when on the the internet, i click to go to a page, and the progress bar will whizz to completion and say 'done' in the oposite corner but the page doesn't change. I thought i had the msclock.exe virus, but when i followed all instructions to remove it (rename regedit...go thru and find msclock.exe) it wasn't there. I then pressed edit and find, and serched for msclock.ex and it found it so i delted it. i hoped this would fix the probblem but it wouldn't. It also found when i searched for msclock.exe, bling, sasser.worm.e. (or something like that) this [Y E W E Z X] (it wasn't acctually them letters but that what it lookwd like) anyway, i delted al them as well. However this still didn't fix the problem, so i downloaded hijackthis and saved the log for you guys on here to have a look at and hopefully help me out. Can you guys please tell me what (if anything is harmful, and what i dont acctually need e.g. bulleye networking)Thanx xxxLogfile of HijackThis v1.98.2Scan saved at 19:55:26, on 01/09/2004Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system3... Read more

Answer:Virus detection

Your log shows that you are seriously behind on windows updates. It is essential that you update your windows before we continue to help you as the infections could reoccur. Go to http://www.windowsupdate.com and if it asks to install software, let it. Then click on the Scan link and let it do its thing. When its done you will see on your left a section called critical updates. Click on that section and install everything that you can. When it prompts you to reboot, do so. Then repeat this process again until there are no more critical updates listed. Then post a new log.

4 more replies
Relevance 78.72%
Question: virus detection

I was informed through e-mail from the [email protected] that a message I had sent to [email protected] contained a virus{ WORM-KLEZ.H} What does this mean? The mail message was (file:III.exe). I have McAfee virusScan. This is the first time I have ever had a virus detected by someone else. Actually as far as I know I have never had a virus. Please advise. Thanks. I'm still kinda new at this.
 

Answer:virus detection

Klez is a very smart virus. It may only appear to have been sent by you, because Klez spoofs the from address. THis is the case, unless you sent an email to that person, and you really have the virus.
 

1 more replies
Relevance 77.49%

When doing CTRL+ALT+DEL I get "Defscangui" running in the background. It seems to stop my doing a scan disk and defrag. Whilst doing scan disk, I get a message saying that this drive is already being used and scan disk has retried 10 times but cannot continue. I think it was something that I downloaded, have now deleted but it is still lurking. Can anyone help please?

Answer:Virus Scan detection

have a Trojan running on your system. Go to Symantec site ( Security Response ) and type Defscangui into the search box. It comes up with this click here

6 more replies
Relevance 77.49%

It started of a week ago. I was checking my mail then I got a warning. WARNING VIRUS DETECTED: file : http//: 83.133.124.199/inst_n105.exethreat: Win32/TrojanClicker.Delf.NBX trojan after that I got another one WARNING VIRUS DETECTED:file: http://moviefact.com/install.52032.exethreat: Win32/Kryptik.DOR trojanNow it's repeating that warning every 10 minutes when I'm browsing on the internet. I scanned the pc with NOD32 and Ad-Aware. They found nothing. I don't know what it is and what to do about it. Can some-one help me. If you don't understand, I'm sorry my english is not that good. Just reply

Answer:Virus detection every 10 minutes. What do I do ?

Frituurkonijn,SAS, may take a long time to scanPlease download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.FirstReboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear wit... Read more

2 more replies
Relevance 77.49%

norton has found an infected file and has stated that it is unable to repair it and that access was denied after a full scan using norton2003 fully updated norton still says computer is still infectedI`ve still got a virus alert screen on my computer which will not go away

Answer:norton virus detection

Clear all your restore points.

4 more replies
Relevance 77.49%

Hey guys. I was scanning with SpyBot and it detected an infected file: WIN\SYS\TRNC.DLL. The message said it contained the virus "TR/Small.GS.2"

I deleted it, but my question is, why didn't my AV notify me? I use AntiVir Personal Edition 6.24. It's configured correctly, and I check for updates daily. Any ideas?

Thanks
 

Answer:Virus Detection Question

Either it wasn't listed in the virus definitions, or the virus itself falls under more of a spyware category than virus.

There is a fine line between malware and virus sometimes.
 

2 more replies
Relevance 77.49%

Have you heard of a program called EAnthology and stop-sign? When i scan my pc it says that i have the following viruses Win32.Benny.6382, Win.exe.virus, Com.TSR.virus and Com.TSR.Crypt.virus. Do these programs claim to find viruses so that they can sell you their anti virus packages.When i do a scan with AVG it says that i have no viruese?I think i will remove EAnthology.Any ideas.

Answer:Virus detection software

Spyware - ingore them

6 more replies
Relevance 77.49%

Ok...I've been working my way through the prescribed procedure. A few things to note:

I did not read the instruction to keep the bitdefender file even if there were no problems discovered. There were no problems discovered ... so I deleted it.

also, the GetRunKey thing seems to be working, but every time I try to attach it here, it says that it cannot accept this type of file. I do not understand that because the newfiles thing worked fine. I did note that the notepad popup had nothing in it when I ran the getrunkey.

Panda did find two problems ... every other scan did not detect anything.

Will change the name of hyjackthis and send that next.

Thanks...if I need to re-do the bitdefender or do something different with getrunkey, let me know please!confused

big poppa (john)
 

Answer:Help with Virus Detection Procedure.

My hijack this log is attached.
 

5 more replies
Relevance 77.49%

Hi, Names Rayeann I need some help.
I had a notice come from AVG that a javabyte sun had a virus actually several of them. SOme i oculd heal others I could not. I did a hyjack this and saved. Can some one tell me how to remove the files. Let me warn you that I am pc illiterate. Thanks Muchly
Rayeann

Logfile of HijackThis v1.99.1
Scan saved at 12:25:11 AM, on 3/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\SECRET~1\run.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GDAVC9AN\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Softwar... Read more

Answer:AVG Virus detection Javabyte HELP

Before you do anything else, please create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Temp folder. This is required because HijackThis will create backups and we don't want them to be deleted.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

This should clear the java byte problem.

Click on the Start menu
Select Settings
Select Control Panels
Select Java Plug-in
Click o... Read more

5 more replies
Relevance 77.49%

Machine is so slow I can't stand it any more. Don't know what to do!!
 

Answer:virus detection and removal

It would help you if you would list your system specs (Chip, Ram, Video card and MoBo at least) and a few details as to how long you've had the problem and some behavioral specifics.
 

3 more replies
Relevance 77.49%

A few days ago a nasty program was installed by my sister trying to get into a zipped folder.
I am still having trouble with it after a couple of days of scanning
I managed to get rid of quite alot of "junk" and came across things like "close 16.exe"
Another virus that has been popping up lately is the Detection: New Win32 (Virus)
File Path: F:\Documents and Settings\*\Local Settings\Temp\V1FSFHa00220 - Mcafee has been discovering things in here today

Also, when I know open Internet explorer, it makes a "beep beep" noise, as if something is loading or trying to load
 

Answer:Detection: New Win32 (Virus)

I have also just discovered a program that has popped up in Task Manager in the last 5minutes - guard.exe - I read up on this and it can make a "beeping" noise
 

9 more replies
Relevance 77.49%

I don't think the DDS worked properly, but it is attached. Also, RootRepeal wouldn't run again, so all I have is the drivers from what Blaze had me run previously; it is attached as well. Thanks.

Answer:Cannot Run Any Virus Detection Software

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 77.49%

Apparently I have a virus that is shutting down any antivirus program that I try to run. The program will start, but just disappear after a minute or so. Any help? Thanks.

Answer:Cannot Run Any Virus Detection Software

Hello golf71 and to BleepingComputer.Let's try this.Please install RootRepealNote: Vista users ,, right click on desktop icon and select "Run as Administrator."Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorDisconnect from the Internet or physically unplug your Internet cable connection.Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver. Temporarily disable your anti-virus and real-time anti-spyware protection.After starting the scan, do not use the computer until the scan has completed.When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.Extract RootRepeal.exe from the zip archive.Open on your desktop.Click the "Drivers" tab, and then click the button.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.~BladeIn your next reply, please include the following:RootRepeal log

4 more replies
Relevance 77.49%

HiWhile running AdAware, it came up with a mesage telling me I have a trojan on my PC named awi.exe. I have already seen this message twice recently and each time, I disable System restore, run AVG (after rebooting) then enable system restore. Each time AVG reported finding nothing so I am surprised this keeps springing up.Is it a case of AVG being unable to disinfect the PC of this trojan or is it a case of a program installed that when run, triggers the 're-deployment' of this virus?I run the TrendMicro HouseCall online scan to see what it would report and is also reported finding nothing!I browsed to the file via the path reported while running AdAware and deleted the entire folder in the Temp directory and run AdAware again. This time the virus message pop-up box did not appear. Strange.Your thoughts/comments?Regards,Tj_El

Answer:AdAware SE: Virus detection

AVG is an anti-virus program, AdAware is an anti-malware program.AVG probably cannot detect this .exe program because it is malware/spyware, rather than a virus.You were wise to run your scan with System Restore turned off but, generally, it is safe to allow AdAware to remove any nasties which it finds.

10 more replies
Relevance 77.49%

A pop-up indicating detected viruses exist on this computer. It is not the installed native Avast Free edition and the pop-up has repeated a 2nd day in a row which is making me suspicious. Unfortunately, I got rid of it by using 'Task manager' both times and didn't pay attention as to what it was trying to sell me on. I know for sure it was nothing to do with Avast.

I ran Ccleaner prior to running the following requested logs.

When attempting to run GMER only 3 lowest boxes were checked above C: drive selection and the others were grayed out - could not select.

GMER did not find any rootkit modifications

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:21:46 AM, on 9/7/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\PROGRA~2\MICROS~1\wkcalrem.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Soft... Read more

More replies
Relevance 77.49%

My father-in-law recently manager to contract the fake FBI/DOJ virus that locked up his computer. Using HitmanPro and Malwarebytes Antimalware, I've managed to get the computer operational again. However, I believe I still have the virus that started it all on. The reason I believe that is because when I type something into google and click on a link in chrome, I'm often redirected to another page - one of which already tried to download something. However, I can't find the virus. I checked the proxy settings and the hosts file, but they both look good. Bitdefender, Panda, and MBAM all say the computer is clean, but something is causing those redirects.
 
Thank you,
Aaron
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16576
Run by Larry at 2:04:06 on 2013-06-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4061.1897 [GMT -4:00]
.
AV: Panda Internet Security 2013 *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Personal Firewall 2013 *Enabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Win... Read more

Answer:Redirect virus detection

Hello BE0921 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", ... Read more

3 more replies
Relevance 77.49%

As of yesterday, my XP computer is not able to update Spybot, Malwarebytes, or AVG. Won't open IE7. I ran Combofix, but don't know what to do with the log. As instructed, I've attached the two dds text files that give info about my computer. Any suggestions on what to do next?
Thanks,
Dennis

Answer:Virus detection and removal help

Hello Dennis,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you. Also, please include the original ComboFix log, if you still have it. Please do this:1. Download HijackThis? here:http://www.trendsecure.com/portal/en-US/th.../hijackthis.php2. Click 'Do a System Scan and Save log'.The HJT log will open in notepad.Thanks,tea

2 more replies
Relevance 77.49%

I ran through all 5 steps, except for the panda scan. It kept closing out midway through the scan. The computer is not having popups anymore, but is still very slow. I detected virtumonde through spybot but am not sure if it is completly removed yet.


Deckard's System Scanner v20071014.68
Run by Owner on 2008-03-09 14:19:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
44: 2008-03-09 21:20:05 UTC - RP51 - Deckard's System Scanner Restore Point
43: 2008-03-08 04:23:17 UTC - RP50 - System Checkpoint
42: 2008-03-07 03:58:18 UTC - RP49 - Software Distribution Service 3.0
41: 2008-03-06 11:05:28 UTC - RP48 - System Checkpoint
40: 2008-03-05 10:20:19 UTC - RP47 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-02-02 01:53:13 UTC - RP8 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 448 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-09 14:22:18
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\sys... Read more

Answer:Virtumonde detection + Other possible virus'

Just got Kaspersky to run all the way through. Here is the log from that run.


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, March 09, 2008 06:55:23 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/03/2008
Kaspersky Anti-Virus database records: 620192
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 98835
Number of viruses found: 6
Number of infected objects: 12
Number of suspicious objects: 0
Duration of the scan process: 01:55:38

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\UE.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gn skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Owner\LOCALS~1\Temp\~cdsf3kj09u.tmp Infected: Trojan.Win32.Qhost.zv skipped
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Da... Read more

16 more replies
Relevance 77.49%
Relevance 77.49%

My avg anit virus program listed 14 programs which were locked and it was associated wih microsoft office and some windows messages about setting/documents etx stated field were lock and could not be tested is this a normal message or is there something wrong?
 

More replies
Relevance 77.49%

I have the exact same problem. Every ten minutes or so my AVG Internet Security find that same file, "83.133.124.199/inst_n105.exe"

my browser also trieds to open page that AVG reacts to and calls the file "searchaddca.org/cgi-bin/103". I don't know if it's connected in any way.

Malware bytes does not find anything, nor AVG. I hope someone knows of some way to get rid if this. It's so annoying.

More replies
Relevance 77.49%

Either I have been lucky up to now or my AV progs have been working.Over the weekend my AVG (free) has thrown up 3 Trojan horse virus infection warnings.These are: Downloader.Small.42.M located in C:\BLA.EXE Downloader.Generic.JW located in C:\Temp\SS.STOPSIGN[1].EXE Downloader.Small.42.M located in C:\Windows\Temp Int Files\ Content.IE5 ZVLA2HAY\AY[1].CLASSI find that a folder has been set up in C:\ drive named $virus$.avg and I presume this is the Virus Vault referred to in the progs Test Center. In this folder are 3 files with unknown names but I assume they are, or are copies of, the offending files.As I have the free version of AVG I do not think I have access to a virus encyclopedia and therefor do not know how bad the virus are or how they can be cured.The AVG prog does not appear to be able to heal any of the virus as that operation in the tool bar has a cross on it for each virus.Assistance is sought on:1 How serious are the virus (virii?)2 Are the files in the $virus$.avg folder just backups OR do the virus files still exist in their original folder. Although I can not spot them.3 Must I find the original virus file and delete it OR can I just delete the backup.4 Any other advice.Thanks in advance.Mananin My Computer Specification:-Mbd.- MSI MS 6340M v. 5; AMD Duron XP 1200 Mhz; Video-Pro Savage S3; Audio- Via AC 67Windows 98SE; Internet Explorer 6.0.28; Outlook Express 5.5 . ISP is BT Yahoo (PAYG) with Pop-up Blocker and Spam Guard. Protection:- Grisoft AVG 7; Nor... Read more

Answer:Virus Detection and Cure

click here download and run to clear all the temp files. Then download Sunbelt counterspy click here it is a free trial and you only have to give your email addy. Run it and delete all it finds. Start up in safe mode and delete bla.exe if it is still there. You can delete all the files in the AVG vault. AVs will not always stop Trojans, if you unwittingly execute the programme no amount of firewalls and AVs will stop it. Sunbelt does provide 'real-time' protection though and it is free for a month or so. Worth paying for IMHO as it is virtually the same as MS Antispy but it can run on other OS's than just XP. MS Antispy will only run on XP.G

2 more replies
Relevance 77.49%

I am running Windows ME and suffered a crash earlier this summer. I reinstalled everything, including upgrades to AOL 9.0 and RealPlayer 10. I think I might have a virus. When I try to burn CDs placed in my internal drive to an external burner, RealPlayer gives me an error that reads "CD drive not detected." Strangely, my internal drive still reads DVDs fine, which leads me to believe it is a program virus. I am also running Selective Startup, since I got two error messages: one that says my system has caused an "SMC error" and the other that reads "msxml3.dll." Are these viruses? How can I get rid of them? Thanks.
 

Answer:RealPlayer CD detection -- virus?

For a start, what antivirus program do you run. If you don't have an av program, try one of these online scans.

Housecall : http://housecall.antivirus.com/housecall/start_frame.asp
Panda: http://www.pandasoftware.com/activescan/
 

1 more replies
Relevance 77.49%

Hi ya,
Im running windows xp, and using avg free ed. antivirus program, the resident shield has detected a virus but when I run the program it says no virus detected there are several files that it cannot open. What do I do about this? I also have ad aware and spybot. and there are several items on ad aware that can not be removed and some on spybot also.
Help please!
Thanks
Snowey
 

Answer:problems with virus detection

12 more replies
Relevance 77.49%

Everytime I run AdWare or Microsoft AntiSpyware, my McAffe virus scan always reports that Trojan Exploit Btye Verify is detected, somtimes in the local settings temp folder, sometimes in the AdWare folder....its always three files...loaderclass, installer class. WHy does it keep showing up, even though it says it has deleted it each time. And also, my computer is kinda slow, is there anything else that looks bad that could be causing problems. Thank you in advance.

Logfile of HijackThis v1.99.1
Scan saved at 2:22:51 PM, on 3/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Documents and Settings\Richard Alves\My Documents\Common Framework\FrameworkService.exe
C:\Documents and Settings\Richard Alves\My Documents\McAfee\mcshield.exe
C:\Documents and Settings\Richard Alves\My Documents\McAfee\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Documents and Settings\Richard Alves\My Documents\EMS Free Surfer\Free Surfer\fs20.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOS... Read more

Answer:Help With Recurring Virus Detection, Please.

Anyone?
 

1 more replies
Relevance 76.67%

I was referred to you by a friend of mine who is very knowledgable about computers. He linked a forum which contained info about getting rid of the same virus that someone else had problems with called the Trojan. My friend recommended I follow your advice so I downloaded the Hijack This program and it came up with this:

Logfile of HijackThis v1.99.1
Scan saved at 10:43:15 AM, on 6/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system32\mrdsregp.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\... Read more

Answer:Virus detection (and hopeful deletion)

16 more replies
Relevance 76.67%

Sana plans stand-alone antivirus product News Story by Robert McMillanSEPTEMBER 20, 2005Most antivirus products identify malicious software by comparing the software being run to pieces of known worm and virus code, called signatures. Primary Response, however, determines whether software is malicious based on a mathematical analysis of what it's trying to do.This means that, unlike other products, Primary Response can protect users even from unreported viruses,...computerworld.com/securitytopics

More replies
Relevance 76.67%

message deleted
 

Answer:Spysweeper Tamper Detection - A virus?

No those detections are nothing out of the ordinary. They are similar to what you would see if you started checking a software firewall log.

Please do not post any logs inline like that. It makes threads harder to read and takes longer to load the thread. If you suspect you have malware problems, please complete the instructions in the READ & RUN ME.
 

3 more replies
Relevance 76.67%

My anti-virus caught a bunch of viruses and quarantined but the internet is running really slow now. I've updated all software on the pc and it's still really slow. Sometimes not working at all.

Here is a copy of the virus log:

Verizon Internet Security Suite Anti-Virus
3/22/2009 7:27:14 PM
File Name Virus Action Date
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\XKX3VGQC\alla[1].htm Trojan-Downloader.JS.LuckySploit.e Quarantined 3/9/2009 10:29:04 PM
C:\Documents and Settings\Owner\Local Settings\Temp\jopaxx_1237399261.exe Net-Worm.Win32.Koobface.fd Quarantined 3/18/2009 2:01:25 PM
C:\Documents and Settings\Owner\Local Settings\Temp\jopaxx_1237399264.exe Trojan-Downloader.Win32.Zlob.bcgj Quarantined 3/18/2009 2:01:26 PM
C:\WINDOWS\tt_1237399266.exe Trojan-Dropper.Win32.Agent.ajnc Quarantined 3/18/2009 2:01:26 PM
C:\WINDOWS\tt_1237399268.exe Trojan-Dropper.Win32.Agent.ajcj Quarantined 3/18/2009 2:01:26 PM
C:\WINDOWS\tt_1237464188.exe Trojan-Dropper.Win32.Agent.ajnc Quarantined 3/19/2009 8:03:14 AM
C:\WINDOWS\tt_1237464190.exe Trojan-Dropper.Win32.Agent.ajcj Quarantined 3/19/2009 8:03:15 AM
C:\WINDOWS\ld02.exe Backdoor.Win32.Lithium.dw Quarantined 3/20/2009 8:07:11 AM
C:\WINDOWS\pp03.exe Trojan.Win32.Small.bvv Quarantined 3/20/2009 8:07:48 AM
C:\System Volume Information\_restore{68BEAC7D-A23E-4C77-8990-D95D2F47A75F}\RP144\A0034248.exe Backdoor.Win32.Lithium.dw Quarantined 3/20/2009 2:46:25 PM
C:\System Volume Inform... Read more

Answer:slow internet after virus detection

bump
 

2 more replies
Relevance 76.67%

My wife recently opened a virus/trojan (internetsecurity2010) which caused havoc on the computer. having used malware pro to defeat the problem, reinstalled and checked the computer and also installed Norton360 I am still unable to connect to the internet. We are using a thompson wireless router Vista business and have been instructed to reinstall via ethernet cable. However, the computer will not detect the device. I have tried various cables and the light on the ethernet port is not illuminating. After many frustrating hours this is a pleae for help from someone who knows more than me

Answer:Ethernet detection after virus/trojan

Have you looked in Device Manager for any yellow triangles? What OS do you have?

5 more replies
Relevance 76.67%

I am trying to run an online virus scan from symantec at http://security.symantec.com. I click the virus detection button and the scanning screen opens. The scan does not start. I receive an error message "unable to run virus detection"-In order to run Virus Detection you must be using Microsoft Internet Explorer 5.0 or higher with ActiveX and Scripting enabled.
I have checked my internet options under the security tab. I defaulted my options and made sure activeX and scripting is enabled. I have windows xp pro with Internet Explorer version 6.0
I have tried reinstalling IE6.0

I have an antivirus program and I am not at risk. How can I fix this problem? thanks.

Site of the message i receive:
http://security.symantec.com/sscv6/...ie&venid=sym&plfid=23&pkj=WGVMRHYTINMHDKDCWLL
 

More replies
Relevance 76.67%

Urgent

Recently I faced a virus problem, It costs me too much

Reformat my HD, Windows XP sp3 installing, Avira anti virus setup.

I have backup for main programs, a few of these programs are activated by using KeyGen, such as ShareMax and SpiderShare for Sat receiver and Sat sharing and Magnitude for ANSYS graphic simulator.
Avira antivirus gives me alarm that it contains Trojan Virus
Please see attached photos.





Program suppliers said to me it is not virus, and by pass the setup.
Please your advice is required

Sorry for my poor English.
Your reply will be too much appreciated.

Best regards

Answer:Ignore alarm of virus detection!

Please read this!

http://www.techsupportforum.com/f50/...re-248501.html

This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Before posting for help, uninstall any such applications.

Referring to the Forum Rules which you should have read at the time of Registering at this forum, TSF does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if cracked (illegal) software is present on the machine


==========================

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting pro... Read more

1 more replies
Relevance 76.67%

Is it possible to know when a virus entered your system, are there any anti-malware programs that will tell you when it got there?

I'm going to use a continous backup software (like Genie Timeline, Acronis True Image, etc) so that if I get a virus, I can restore the system to before it happened (I would use system restore, but I've had that fail on me sometimes)

But, suppose I set it to make backups of my system once a day, then a month later I my virus definitions have been updated and it can now detect a virus that entered my system 2 weeks ago. Then, I could set my computer back to the point before it happened. This would mean that I'd lose anything else that had been installed on my computer since then, and would need to be reinstalled, but I suppose that's the best I can do.

Though, it would help if there was a program which could also reinstall everything except the virus that was installed since then.

Answer:Question about virus detection (I don't need removal help)

No program I know that can do that if u get a virus use a normal antivirus to remove the infected file then restore to a point before the virus was detected, hope this helps

4 more replies
Relevance 76.67%

A window keeps popping up trying to "scan" my computer. It keeps trying to act like a spyware removal for windows but I can tell it's fake. It shuts down windows task manager every time I try to open it. Pop ups will fill my screen and then disappear suddenly. I have run MalwareBytes and it has detected over 600 trojans and supposedly deleted them all, but IT WON'T GO AWAY. I have copied and pasted my log from MalwareBytes below in hopes that you can identify the problem. Please help, I'm afraid it might be keylogging and stealing passwords and various info, thanks. *NEW INFO*: It has apparently erased all of my files on my desktop, and my pictures and other documents. Are these retrievable? this a fairly new computer, so I haven't backed up anything

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7868

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

10/4/2011 2:32:42 PM
mbam-log-2011-10-04 (14-32-42).txt

Scan type: Full scan (C:\|D:\|E:\|Q:\|)
Objects scanned: 380422
Time elapsed: 36 minute(s), 20 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 260
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 400

Memory Processes Infected:
c:\Users\Sidney\AppData\Roaming\ftwub1vo3mqd8lh\iuebzy0si3gq6.exe (Backdoor.Bot) -> 6544 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items d... Read more

Answer:Fake Spyware Detection Virus

Download the following program to your desktop:

Unhide tool

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.
Please be patient as this may take several minutes to run, it will scan and fix all Hard drives on your system. You will see a new window with the drive being processed, typically C:\ as below:

Changing as the next drive is processed as below:

You will get a success alert at the end.

Re-boot and see if your files are present.

Next,

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2
Ensure that Combofix is saved directly to the Desktop <--- Very important

Before saving Combofix to the Desktop re-name to Gotcha.exe as below:


Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.

Close any open browsers and any other programs you might have running

Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

Instructions for running Combofix available Here if required.

If you ... Read more

1 more replies
Relevance 76.67%

I have an old computer that is in my business. It's main function is video survailence for my business, however it does have internet. I came to work yesterday to find this computer popping up a bogus page stating it had a virus and it looked like a virus scanner running. I was told that they tried to close it but it kept popping back up. I tried to run avg but it found nothing. I tried to run spybot but during the scan it gave me errors stating something like i didnt have the proper permissions to perform these actions. There are no user accounts set up on this computer because the video security system reboots automatically every night and erases a certain amount of space on the hard drive to make room for the next days recordings. This computer would not let me on the internet except when i did attempt to get on the net it would first bring up the bogus security firewall page then i could control alt delete and it would then bring up an internet explorer page. I tried running trend micro house call but it found nothing. even in safe mode I was still having these same issues. I tried running spybot from a flash drive but still got the same errors. I disabled everything in msconfig. i was finally able to download avast and ran it. IT FOUND the virus and i told it to delete it. I no longer have the bogus scanner and security system popping up BUT I still have some major problems. If i click internet explorer i get the dialouge box that ask me what program i want to use t... Read more

Answer:wbl.exe Security popup box with virus detection

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Administrator


You only need to get one of them to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif
* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.

If you are having problems running Rkill, you can download iExplore.exe or eXplorer.exe, which are renamed copies of Rkill.com, and try them instead.

* If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run then try to immediately run the following.

Now download and Run exeHelper from Raktor
Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to clo... Read more

6 more replies
Relevance 76.67%

Hi.
I am unable to access any virus detection encyclopedea sites.
I had some already in my fav list. but from there or any were when I try to access them i get the "the page can not be displayed" msg.
This seems to only happen at sites that give info on removing viruses.
Does anyone know how to fix this. or perhaps what to look 4 in regestry to remove?
With so many many more viruses this year it'd be very helpful to have this info.

p.s. I know this forum said Spy and hijack. But I didnt c any were else to post.
and this is a type of hijack, I would think.
 

Answer:virus detection sites blocked!

First off, download HijackThis. http://http://majorgeeks.com/download.php?det=3155
Download Hijack this to its own folder. When I downloaded it, I saved onto my C drive. When it is download, open it up and then click SCAN. When it is done scanning DO NOT fix anything yet. Click save log, and then copy and paste the log on the message board so that your log can be analyzed and you can be informed on what to fix. Good luck


-CaNoFzOo
 

3 more replies
Relevance 76.67%

Computer listed is not correct, Dell Vostro 1500 laptopSon home from college and brought us a gift. He said his virus software wasn't updating (Since Feb), he was having problem with being redirected to random ad pages when using search engine. Also had false Virus Found warnings popping up directing him to page to purchase software. This has now spread to two other PC's on the network and I'm stuck and looking for help.Here's what I've done and where things stand as of now. After last reboot I can no longer access the internet from the PC. Connects to wireless but can't aquire network address. Tried repair but that failed too.Initially couldn't update existing anti-virus or load anything new. Was able to get to Microsoft web page and run their on-line tool. It found several items and cleaned the system. No log file or ability to cut and paste that window so no history. After that still having redirect issue but false Virus Found seemed to be gone. Updated SuperAntiSpyware and ran. More items found and quarantined. Still having redirect issue. Loaded and ran Malwarebytes, more items found and removed. After reboot can't access internet so not sure where I'm at now.Also at suggestions of wife's PC friend at work I checked the following file and removed what were described as extra entries.c:\windows\system32\drivers\etc\hosts127.0.0.1 local host (no edit, left)::1 local host (removed)91.212.127.226 osguard-pro.com.microsoft.com (removed)91.212.127.226 osguard-pr... Read more

Answer:DNS Redirect & False Virus Detection (maybe)

Try using Combo Fix found here: http://www.bleepingcomputer.com/com...And WinSock Fix found here to fix your internet connection: http://majorgeeks.com/WinSock_XP_Fi...(Which is what saved me when I too was DNS Hijacked last year).Let me know if it helps!

8 more replies
Relevance 76.67%

Malware Detection TechniquesSignature Based or Pattern Matching or String or Mask or Fingerprinting TechniqueA signature is an algorithm or hash (a number derived from a string of text) that uniquely identifies a specific virus. Depending on the type of scanner being used, it may be a static hash which, in its simplest form, is a calculated numerical value of a snippet of code unique to the virus. Or, less commonly, the algorithm may be behavior-based. A single signature may be consistent among a large number of viruses. A virus signature is the viral code. To identify viruses and other malware, antivirus software compares the contents of a file to a dictionary of virus signatures.Heuristic Analysis or Pro-Active DefenseRest of content can be seen here: http://forum.kaspersky.com/index.php?showtopic=234997&view=findpost&p=1845013Topic edited to conform to fair use laws and avoid copyright infringement. ~ Animal

Answer:Malware/Virus Detection Techniques

There are other malware checks which are not discussed in public to safeguard the program from malware writers who would use that information for nefarious purposes.

1 more replies
Relevance 76.67%

I'm not sure I'm going to ask this question correctly. I have a IBM Laptop that I was just given to me. It might have a bad HD because it clicks and will not load OP system, however someone stated that a virus might cause the same problem. It there a way to use a start up floppy to check for a virus

Smitty
 

Answer:Solved: Virus? Detection Question

Turns out it was the Hard Drive
 

1 more replies
Relevance 76.67%

I have a win 3.1 with DOS6.0 that is used to run old programs,in dos. It is working but not as it used to.If i copy a 3.5 inch disk from it, and try to read in more modern computer, i am told that a virus is present in boot up.Can i still get any virus software for the old system because the old programs are needed.

Answer:Windows 3.1 Virus detection needed

click hereI have no idea how good it is.

1 more replies
Relevance 76.67%

Windows XP Home edition. Got the Fake "Windows" threat detection bug. Rkill then Malwarebytes then Combofix finally got it. Can't access files on only one drive. All other drives have their content accessible. This one drive shows to have contents when clicking on properties but will not open when clicking on a specific folder in the drive. Just blank. But again will show the folder/file to have something under properties. Any help is appreciated. Thanks.

Answer:Fake Windows Virus Detection

O.K. I found if I go to TOOLS>Folder Options - View - "show hidden files and folders" I can see them but they are like ghost files that I can open. They are not normal in appearance. So there is still something awry. I will keep hacking at it. If someone else has anything to offer...Thanks again.

2 more replies
Relevance 76.67%

Hello

My PC has been running much slower than normal lately and I think I know why. I have Avira Antivir and it keeps detecting a certain virus called TR/Crypt.ZPACK.200907. I keep hitting remove but the infection keeps coming back. Please help!

My specs: Windows 8 64 bit

I went to run DDS, but it said that I could not run it in compatibility mode. Therefore I used Farbar Recovery Scan Tool because I saw someone else had the same problem in another thread. TSF advised them to use this tool.

Please let me know if I should post anything else. THanks!

More replies
Relevance 76.67%

What are the physical signs of virus on computer and how can one detect it,apart from slowing movement of the system? greetings to you all

Answer:VIRUS SIGNS AND DETECTION ON COMPUTER

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. *************************************************************************There are a great number of symptoms when your computer is infected. First of all, certain infections will only slow your... Read more

1 more replies
Relevance 76.67%

my system automatically create a folder name system volume information, desktop.ini, $recyle.bin and program data. i could not delete it using shift+delete keys because it keeps on returning back. Also my printer often jams then when i print a document in microsoft word with a page border it has a clearance of 0.5 inches the border wont fit in the page..pls help.. thanks

Answer:virus removal, detection, control

These are the hidden files, used to customize settings of folders which you create in windows.. You can delete them. According to the permission and security set on that folder and these files will appear again. For jammed papers you have to adjust printer's settings(look for the same in its manual)Solving Technical queries is my passion and I just Love it !!

6 more replies
Relevance 76.67%

I am trying to fix my teenage sister in-laws computer. I have tried to run Ad-Aware, Malwarebytes (but it hangs on installation) and nothing cleans it.

Here are the requested log files.


DDS


DDS (Ver_09-07-30.01) - NTFSx86
Run by Lindsey M at 11:28:30.81 on Tue 09/08/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1406.686 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmo... Read more

Answer:Personal Virus Detection? PVD.exe and demoscan4free.com

Download this tool to desktop:http://www2.gmer.net/mbr/mbr.exeDouble click it & post the log it creates on desktop. (mbr.log)

2 more replies
Relevance 76.67%

Referred from here: http://www.bleepingcomputer.com/forums/t/299284/removal-of-huhugafedll/ ~ OBHello,I have been posting for the past few days about the huhugafe.dll virus on my friend's computer. SAS reported the presence of Vundo variant and cleaned it, but the huhugafe.dll virus was still present on the computer. I am attaching the logs and asking for any advice on how to clean this computer.Thanks,AaronHere is DDS.txtDDS (Ver_09-12-01.01) - NTFSx86 Run by Owner at 19:03:54.26 on Mon 03/08/2010Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1075 [GMT -5:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exesvchost.exeC:\WINDOWS\Explorer.EXEsvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\windows\system\hpsysdrv.exeC:\WINDOWS\system32\ps2.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\ctfmon.exesvchost.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\Program Files\AVG\AVG9\avgnsx.exeC:\Program F... Read more

Answer:Logs for detection of possible rootkit virus

Hi Aaron,Please visit this webpage for download links, and instructions for running ComboFix tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully first.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, linkRemember to re-enable them afterwards.Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system:C:\ComboFix.txtNew dds log.A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

17 more replies
Relevance 76.26%

Hi I am pretty new to viruses, trojans etc... usually very careful online but it seems a clever virus has tricked me somehow... must be only the last week as recently i cant turn on user account control in windows security centre.

i cant open google chrome, i can use internet explorer and firefox. i can google search programs like malwarebytes but cant actually get there browser just says problem loading page.

cant boot spybot

I have ran malwarebytes it found one trojan and deleted it but no difference problems are still there. ran it again and found no threats.

trojan it found was called trojan.zbot.gen

had to run malwarebytes using the chameleon dos booter that came with it.

computer not running slow. had problems updating itunes. can't visit microsoft website either.

hope this is a thorough description of my problems and would be very grateful of any assistance...

regards...

Answer:virus i think cant run spybot or view virus detection progam web pages

Hello and welcome to TSF.

Thanks for the description but we want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and
Quote:




Having problems with spyware and pop-ups? First Steps




a link at the top of each page.

Please follow our pre-posting process outlined below. Use a USB flash drive to download and transfer the tools to the affected machine, if necessary. You might like to run the Flash_Disinfector.exe on the clean machine and the flash drive first to protect against any possible transfer of infection via USB.


NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 76.26%

in my start menu on the right of the clock it says VIRUS ALERT!

I believe the virus came from a bad file brought out by the disk defragmentor. When I ran the Disk Defragmentor, a file showed up on my computer called, Antiviruspro 2008, I looked it up online and noticed it was a spyware virus. I had McAfee 5.0 before running it, after running the Defragmentor, The Antivirus got deleted, my Windows Automatic Update won't work anymore, and while i'm on the administrator name my registery has been blocked by the administrator. I fixed that by getting RED (Registry Enabler & Disabler) and got it working, when I click on My Computer I can't find the file Local c: Drive, When I try to search for files or folders I can't press enter or click the search box nothing happens, Now. I'm not sure. I have on my add/remove programs alot of SP1 Hotfix (i honestly don't know what they are) And 1 XP SP2 Hotfix, but i don't believe i have sp1 or 2 and I can't get them because my Automatic Update doesn't work or because the website won't be displayed. I've tried to download numerous antiviruses and my browser wont let me go to the download site (I suspect that to be the Virus too), and I can't find any System Recovery, Application Recovery disks at the store or online that will support my system. I don't know what advice you could give me but any would help, I don't have much money. The System Info says it was made in 2001... Read more

Answer:Virus HELP!! Automatic Updates won't work, Virus detection can't be installed, etc.

6 more replies
Relevance 75.85%

Hi all,Yesterday Avast popped up to warn that svchost.exe was some kind of trojan or virus. So I clicked the option to delete the files and moved on. Later I restarted the pc and my new windows xp prof install was damaged: no avast nor ad aware icons in the sys tray. No network connections: no internet browsing. The network connections list is empty. So I started the pc with a win vista install on another disk. The avast scan found:25/07/2009 2:04:57 1964 Sign of "Win32:Bifrose-EGW [Trj]" has been found in "D:\WINDOWS\Installer\af3198.msp" file. After the cleaning I tried to run Malwarebytes AM on the xp install to see if it would pick up any virus that may have re-activated but now got a Runtime Error 372"Failed to Load Control 'VbalGrid' from vbalsgrid.ocx. Your version of vbalsgrid.ocx may be outdated. Make sure you are using the version of the control that was provided with your application". Still no avast nor ad aware icons in the sys tray. No network connections: no internet browsing. The log events in computer mngt don?t pop up on double click. there's more wrong but decided to surf the net for info and stopped here the hjt log hasnt been made yet.update: * false positive?? http://forum.avast.com/index.php?PHPSESSID...;topic=47063.30* hjt logs added* safe mode with networking works, * regedit works, but still no network connectionupdate 2 : sysprot log addedupdate 3: help fnc is not working, props of services in s... Read more

Answer:no network connections and no avast after virus detection

Update for 26/07/2009>Basically I believe what should be done is to let all necessary services -that no longer start up - start up at boot and repair missing dependencies which aren?t solved by the started services. <Actions performed the last 24 hours:The Avast and MBAM scans have scanned and cleaned my disks. In the Avast log I found ?win32:rootkit-gen found in svchost.exe?, thus it was deleted as I had confirmed the ?delete tread?? of the Avast pop up. After reboot this must have been causing several problems like services that no longer start up at boot and missing dependencies. Indeed there was no longer svchost.exe in \\ windows\system32 , so I copied it back. Unfortunately this sole action doesn?t make my pc work normally. So I think disabled services like the RPC must get working again. I tried c:\\windows\system32\svchost ?k rpcss, which started svchost and the process appeared in the task manager for 10 seconds, and then it disappeared. In order the try regain network functionality I registered some dll successfully. regsvr32 netcfgx.dll regsvr32 netshell.dllregsvr32 netman.dllBut network connections list is still empty.Hello b0gb0g,We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active ... Read more

3 more replies
Relevance 75.85%

I noticed  that no mention of network analyzer  IDS , NIDS , HIDS  software , for me in these times is fondamental for detect intrusion and virus , for know  in detail what happens on your computer.
in essence you can hear all communications to your computer and the answers, read the packet  and whic computers are connected ip and host  mac adress  ecc... and what they do.
i have used colasoft freee network analyzer in the past I recommend it exist one free version very complete.
I wish microsoft would put in windows 10 along with a good firewall would be great
 
 
http://en.wikipedia.org/wiki/Intrusion_detection_system    IDS software
 
 
http://en.wikipedia.org/wiki/Network_intrusion_detection_system  NIDS 
 
 
http://en.wikipedia.org/wiki/Host-based_intrusion_detection_system        for example eset smart security  use HIDS and firewall  that  intercept also exploit hacker and some other security problem

Answer:fondamental software for detection intrusion and virus

The leading open source NIDS are Snort and Suricata. But it's not something I would recommend to less experienced users.

3 more replies
Relevance 75.85%

Just today I began experiencing an annoying message on my laptop. I am very afraid that it may be a malware or a virus, and I want to know how I can get rid of it so it does not mess up my computer. Please please help me I do not want to loose any or all of my files! The message that constantly pops up, despite my ignoring it, is called Interactive Services Dialogue Detection. It says that there is a message my computer is trying to recieve via internet but something is in the way and it can not be opened. The two options it gives are "Show me the message" and "Remind me in a few minutes". I typed up the entire pop up below.

A Program Can't Display a Message on Your Desktop.
The program may need information or permission to complete a task.
Why does this happen?

-> Show me the message
-> Remind me in a few minutes

->Show program details
Program(s) or Device(s) requesting attention.
Message title: Internet Explorer
Program Path: C:/Program Files/Internet Explorer/iexplorer.exe
Recieved: Yesterday, September 05, 2010, 10:35:25 PM
This problem happens because of partial incompatibility with Windows.
Please contact the program or device manufacturer(s) for more information.

Can someone please please help me get rid of this!!

Answer:Interactive Services Dialogue Detection Virus!?

Run a complete antivirus scan

Download and make the full scan with malwarebytes. Be sure to update prior to running the scan. Post the results.

Malwarebytes' Anti-Malware: Malwarebytes
After your comply with these instructions an expert in the security field will make contact with you.

8 more replies
Relevance 75.85%

I wonder how many people caught this image during the rescue of the miners in Chile the other night. Avira AntiVir detecting a virus in the System Volume Information folder.
 

Answer:Virus detection during Chile Mine Rescue...

LOL...I don't watch fox news so didn't see it.
LukeFilewalker to the rescue!

I wonder if that's the "free" version of AntiVir.....on a TV studio workstation...hmmm....
 

10 more replies
Relevance 75.85%

Greetings

First off, I'd like to point out that when I say "pro" I don't just mean good at it, I mean do it for a living professionally.

I contacted Safer Networking recently about using Spybot - Search and Destroy on customers' computers and got a rude awakening. It turns out that a service license is required and it costs $8USD per computer scanned (no permanent installation - run from a CD or USB drive).

This got me thinking about other tools I use (such as NOD32 etc.) and if I'd be violating the license if I used it in a professional setting. I'll be investigating this today to find out if I need special licensing.

So I was wondering, what do you use on customers' computers? For private techs, do you use legit licensing for this purpose? I figure some people just stay under the radar (like with taxes) but I don't want to do that. I'm just a one man show right now but I decided to do everything completely legit because I figure that starting a business is complicated enough so I might as well get into good habits while there's relatively little to do. So I'm kind of looking for answers other than "I wouldn't worry about it, how will they find out?".

Thanks

P.S. Sorry if this is in the wrong section but it's about antivirus and anti-spyware so I figured it belongs here.
 

More replies
Relevance 75.85%

My son is running a PC with XP pro. I ran AVG antivirus and it has detected 3 viruses in a zip file (count.jar-43c66fb6-14c3949a.zip) called BlackBox.class, Verifier.class, and Beyond.class. I tried to follow through on the AVG suggested removal which says if you haven't got Java plug-ins installed you can delete the appropriate file. When I do this it appears to prevent access to the internet. Any advice much appreciated.A bit of further info, on boot up it keeps generating a message that New hardware relating to an Ipod has been found, even though no such item (we don't have one) or infact anything is plugged into any of the ports.I am not sure if the Online gaming that appears to have installed itself in favourites(and cannot be deleted is any connection, it also appears to have installed a browser bar at the bottom of the screen which also I don't appear to be able to remove.

Answer:Virus Problems & Hardware detection error

Try downloading Winsock fix click here then remove the file, then run Winsock fix.Also scan with Ewido click here

7 more replies
Relevance 75.85%

Running Win XP Home
Google Chrome,
Avast free antivirus,
 
Trojan Horse Blocked, 
Infection - HTML:HideMe-D [Trj],
 
Keeps occuring during Chrome/email.
Nuisance
 
Help appreciated.
 
 
 

Answer:Persistent virus detection - Trojan Horse

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Up... Read more

13 more replies
Relevance 75.85%

I have been passed a computer that appear to be badly infected with numerous nasties. Hopefully these are just adware but probably not

AVG reports the following

Adware MultiBundle.V
Adware Generic5.APKC
Adware Generic5.APFQ

Unfortunately the person has compounded the problem by downloading numerous PC speedup software offerings, the one I can see include

System Seedup
Optimizer Pro
SpeedUpMyPC
PC Speed Ip
PC Performer
PC Speed Maximizer

another program I don't recognise is
Advanced System Protector

Thankyou for any help you can give.

P.

Below is the DDS.txt file and attached is the attach.zip file as requested
-----------------------------------------------------------------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16798 BrowserJavaVersion: 10.21.2
Run by rachstock at 21:32:13 on 2014-04-02
Microsoft Windows 8 6.2.9200.0.1252.44.2057.18.8078.1833 [GMT 1:00]
.
AV: AVG AntiVirus 2014 *Enabled/Updated* thread tools menu 1
AV: Windows Defender *Disabled/Updated* thread tools menu 0
SP: Windows Defender *Disabled/Updated* / thread tools menu 9
SP: AVG AntiVirus 2014 *Enabled/Updated* / thread tools menu 8
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\dwm.exe
C:\Windows\sy... Read more

Answer:Multiple Virus detection and Rogue Programs.

loftyandroley,

Hi and welcome to TSF.

I am currently reviewing your logs. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please be patient with me during this time.

19 more replies
Relevance 75.85%

This morning decided to do a computer spring clean. Doing a scan using Ad-Aware SE, Avast kicked in stating that there was a virus present. Followed the Avast instructions and dealt with the warning!.Avast is running all the time, and is updated automatically, so I assume that everything is running to plan. Question: How did Avast miss this virus (if there was one), as no previous warning had been given.The computer was connected to the internet at that time, so the virus had not just crept into the system. Should I have doubts about the effective detection rate of Avast!.

Answer:Avast anti-virus detection failure!!

Correction: The computer 'was not' connected to the internet at the time.

7 more replies
Relevance 75.85%

I currently have spybot, adaware and AVG. What is the best that I can get?
 

Answer:What is the most powerful virus and detection and removal program?

11 more replies
Relevance 75.85%

Hi Geeks.
I'm wondering if you could help with some information. I ran a FULL computer scan (inc Ext HD's) with my MBAM (free version) when I went to bed last night and woke up this morning to find that it had detected 2 Trojan.Zbot viruses in the main C: drive:

Files Detected: 2
C:\Windows\System32\InstallShield\_isdel.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Windows\winsxs\wow64_microsoft-windows-i..llshield-wow64-main_31bf3856ad364e35_6.1.7600.16385_none_ca61f601a4548b8e\_isdel.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
(end).

I was a little alarmed as I only ran it last week and it seemed clean and did not pick up these two detections.
It is a shared computer yet the other persons sharing the PC don't use it too often.
I was wondering if you could shed any information on whether I need to completely remove these (delete) from Quarantine or whether they are false/positives and I ought to ignore them and restore them from quarantine.

Possibly (un)related and worth mentioning - lately I have noticed that my mouse seems to be quite slow when scrolling through webpages etc and wondered if this could be due to anything specifically virus related..
I use Ghostery when browsing and thought that maybe it was due to this. It seems to slow my browsing down considerably yet when I ask other Ghostery users about this, they say that it shouldn't do.
Any help on the above topics would be greatly appreciate... Read more

Answer:MBAM Virus detection. False/Positives?

The only way we can tell if you are infected is if you follow these procedures:

READ & RUN ME FIRST. Malware Removal Guide
 

1 more replies
Relevance 75.85%

First, please forgive me. I am a computer noob. I'm not very savvy with computers, so I might need "extra" help.

We have a shared family computer and today, all of a sudden, a window popped up and said something along the lines of, "Hard Drive Detection Error". My wife restarted the computer and everything on the desktop disappeared, none of the programs were in the Startup menu and we have no idea what happened and how to fix this. I've searched and found that others had similar experiences. I'm not sure if my hard drive really is out of commission or if we've contracted a virus.

I'm running Windows XP (sorry not sure which Service Pack). My hard drive is petitioned into 2 parts, Operating System is on the C:\ and everything else (music, games, pics, etc...) is on the E:\. It seems like everything still shows up on the E:\, that's why I believe I may have contracted a virus???

Can someone please help this noob out?

Thanks in advance!

Answer:Virus???: Hard Drive detection error

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Your files aren't missing, they're hidden and the hard drive errors you see are fake.

Please download this file and run it.

If necessary, you can run it straight from a USB drive.

------------------------------------------------------

Download dds and save it to your desktop from here or here.
Double-click dds to run the tool.When done, DDS will open two (2) logs: DDS.txt
Attach.txt

Save both reports to your desktop.
-----------------------------------------------------

Please include the following logs in your thread:Contents of the DDS.txt posted as text in your reply.
Attach the Attach.txt to your post by clicking the Manage Attachments button under Additonal Options>Attach Files on the composition page. Browse to where you saved the file, and click Upload.
------------------------------------------------------

Download GMER Rootkit Scanner from here and Save it to your Desktop.Double-click gmer.exe to run it. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warnin... Read more

17 more replies
Relevance 75.85%

I know many anti-virus applications, both free versions and paid versions, offer rootkit detection and removal. I know many people haven't had any problems with rootkit support in their anti-virus application of choice. My question is: which anti-virus application has the best rootkit detection and removal capability? Avira AntiVir? MSE? AVG? Avast!?

Peace...
 

Answer:Which anti-virus application has the best rootkit detection?

6 more replies
Relevance 75.85%

If you use MyHarmony from Logitech but haven't opened the application since September 15 (or thereabouts) can you please verify something for me before you open it again? The reason you need to do this before you open MyHarmony is because the file mentioned below will be overwritten with a later version (which doesn't have this problem).
 
Kaspersky identified the following MyHarmony temp file as containing a virus on my system:
 
..\AppData\Local\Apps\2.0\2EX4EJBB.QGL\9YAGWRTY.KYW\myha..tion_893f52c973591bc9_0001.0000_6a878e02a9e32088\AppFiles\temp\data\f_000009
 
I uploaded "f_000009" to VirusTotal to verify if this is a false-positive and this was the result. Yikes! Interestingly, someone uploaded the file a week before before I did (VirusTotal gives you the date first uploaded) so I'm obviously not the first one to notice this issue.
 
It will put my mind at ease if someone can upload their copy of f_000009 to VirusTotal to see if they get the same result. I run a very tight ship so this file was almost certainly downloaded from Logitech's servers so despite the many detections it's very likely that this is a false positve. 
 
Thanks!

More replies
Relevance 75.85%

Hello,
 
I use trend micro antivirus.  Today it detected TROJ_SPNV.03D214 affecting the two files C:\Users\Momen\AppData\Local\Temp\01396299820424.exe\$TEMP\nja.exe and C:\USERS\MOMEN\APPDATA\LOCAL\TEMP\nja.exe and removed them. Then, I scanned using Malwarebytes and it quarantined a file  at the location C:\USERS\MOMEN\APPDATA\LOCAL\Egdftion\CNBP_251.dll from the vendor virtool.vbcrypt. However, whenever I start my computer (Windows 7 desktop), I get a pop-up  with title RegSVr32 which says:
 
The module "C:\Users\Momen\AppData\E...\CNBP_251.dll failed to load. Make sure the binary is stored at the specified path or debug it to check for problems with the binary or dependent .dll files. The specified module could not be found.
 
There is an OK button to click at the bottom of the message and the pop-up goes away when I click on it. However, when I restart the computer the same message comes back.
 
Also, it seems that google search may not be functioning properly. For example, using Firefox browser only, if I search microsoft on google and click on the link for microsoft's website, it does not let me go the website ( I get a white screen with Connecting... as  the tab title) but if I directly type in the website's address into the address bar, I can get to the website. This issue of google search not working does not occur in Internet explorer.
 
What should I do to clean my computer?

Answer:Real time virus detection aftermath

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to t... Read more

15 more replies
Relevance 75.85%

I'm running Windows XP and AVG Anti-virus.

For the last few weeks I've been suffering from browser redirects, particularly from Google searches & AVG frequently detecting infected files. Reports as different infections, but today Katusha.a seems to be popular.

I have tried everything I could think of. Today I ran ESET & it found 44 infected files. Log below:

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Q19ZRF16\8nude_com[1].htm JS/Kryptik.DF trojan
C:\Documents and Settings\Richard\Application Data\Adobe\plugs\mmc1589046.txt a variant of Win32/Kryptik.NRS trojan
C:\Documents and Settings\Richard\Local Settings\Temp\1453E8.tmp a variant of Win32/Kryptik.NQQ trojan
C:\Documents and Settings\Richard\Local Settings\Temp\2143E8.tmp a variant of Win32/Kryptik.NQQ trojan
C:\Documents and Settings\Richard\Local Settings\Temp\40.tmp a variant of Win32/Kryptik.NVK trojan
C:\Documents and Settings\Richard\Local Settings\Temp\tmpC2BE.tmp a variant of Win32/Kryptik.NRL trojan
C:\Program Files\DFX\DFX 6.2 for Windows Media Player + Keygen\KEYGEN.0XE probably a variant of Win32/Spy.Agent.MDNGJAE trojan
C:\Program Files\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application
C:\Program Files\Window... Read more

Answer:Browser redirect & persistent virus detection

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 75.85%

You can all thank perfume for being the inspiration for this thread. : )

In this thread, perfume posted this comment in response to a comment I posted:
Dear tomdkat,
I have re-read your link and what i said as a response to that question of yours! Avira's Database must have been larger and more up-to date than AVG. I can't see any hidden reason except that.
I had the occasion to choose a free AV when my KIS2010 shipment was in transit. I chose AVIRA Antivir(free) without a blink of the eye! Avast(free) is real top-notch. IMO, AVG is travelling south. Recently i had the luxury of sending a seemingly "virus" to VirusTotal, and only one of the AVs reported positive. So,what do you do, especially if its a registry item! I took a once-in- a- lifetime chance and used Ccleaner's registry cleaner(please don't do it-i was lucky to get away)to mop up things and after reboot all was well! Freaky things ,these occurances!
PS: Machines are alive!
Click to expand...

The point about AntiVir's detection being larger and more up-to-date than AVG's database got me curious about the sizes of the detection databases of the various anti-virus apps we use.

So, I did a little research and found the number of threats in the databases of AVG 9 (free edition) and AntiVir 10 (free edition). Of course, these were NOT the version of these tools I was using when I posted the comments to which perfume responded.

If you like, please post the number of threats in... Read more

Answer:Size of anti-virus app detection databases

I'm not sure how big NOD 32's database is or, more importantly. how significant that total would be with a product that claims to stop threats by heuristic analysis of behaviour rather than simply referring to a database that will, in the nature of things, always be one step behind the bad guys.

I remember when I had NAV 2000 (or 2001), that it had an impressive looking number of definitions (well over 100,000 if my very unreliable memory serves me correctly) but that seemed slightly less impressive when you realised that over 30000 of the defs were for old MBR viruses, mostly spread via floppy discs which were not very widely used at the time!

Isn't it the case that the quality of the database (assuming that could be accurately measured), is more relevant than its quantity?
 

3 more replies
Relevance 75.85%

Hi folks.

A friend of mine asked me to post this for him, so I only have the details he's given me (which I hope will be enough). He burned the files/information to a CD and sent me them, but due to us being in different countries (possibly also mail problems) I only received the package a few days ago.

At the end of June, he updated the definitions on his version of AVG a few days before his internet was shut off (and won't be back until September/October, and he says he has no other readily accessible sources of the net'). He didn't run a scan until the following week in July, where his AVG 8.5 Free detected 3 viruses in the following location:

C:/Users/Jack/AppData/Roaming/.#/

All he said about the detection name was it was listed as Trojan.Generic_ something or other for all 3 - the same name.
The file names are the following:
[email protected]@27429F0.###
[email protected]@29529F0.###
[email protected]@28E29F0.###

He removed them from the virus vault and ran scans with SUPERAntiSpyware, Malwarebytes' Anti-Malware, and Windows Defender but they detected nothing. Afterward, he scanned with AVG again and let AVG stick them back in the virus vault for the time being. He navigated to that folder and found 6 other files with similar names, the only difference being the letter at the end (like C0.### instead of F0.###). The creation/modified date for the other 6 files were the day he got his computer (brand new from BestBuy, IIRC).

He said he left the computer (a laptop) on... Read more

More replies
Relevance 75.85%

C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Tall Emu\Online Armor\oasrv.exeC:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2010\WebProxy.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXEC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Tall Emu\Online Armor\oaui.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\PeerGuardian2\pg2.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exeC:\Progra... Read more

Answer:Virus/Malware not being detected by Spyware Detection

Hello and welcome to Bleeping Computer.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I wouldbe grateful if you would note the following: Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
Copy and paste all logs requested in you reply, Do not attach them unless asked too.
If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
If I do not hear back from you within 5 days of my last post, then this topic will be closed.Please download Malwarebytes' Anti-Malware from HereNote: If you already have Malwarebytes' Anti-Malware, just update then run it.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest ve... Read more

2 more replies
Relevance 75.85%

The title and topic of this article is clearly controversial. It is guaranteed to get a strong reaction from the anti-virus industry, which is firmly convinced it sees clear sailing ahead. So, is anti-virus scanning obsolete? In a word, yes - but don?t throw out your scanner. Its replacement hasn?t been created yet. In this article we will examine the weaknesses of virus scanning that will cause its eventual downfall.

Anti-virus scanning is based upon the age-old principle of Newton?s law; for every action there is an equal and opposite reaction. Each time a new virus, or a new viral approach, is discovered, anti-virus scanners must be updated. To be sure, this isn?t always true. Heuristic scanning does have the capability to recognize some attacks as viral without having specific detection for the virus it has alerted on. In general, however, each new virus discovery requires an update of the scanning software?s ?virus definition? files in order for the scanner to recognize the new virus.

In some cases (Melissa, for example) the scan ?engine? (the algorithm that does the comparison between the virus? behavior and the virus definition files and identifies viral content) must also be updated for the anti-virus scanner to be effective at detection (and hopefully eradication.) This constant updating process has several flaws. We?ll look at these flaws in detail.Click to expand...

Source

if you pick the average person off the street and ask them about ... Read more

Answer:Is Anti-Virus Scanning/Detection Obsolete?

Of course this is obsolete .... Who does not know ?
That's why Symantec developped Norton Insight which is quite powerfull ...
Comodo's developped autosandboxing tech based on DDP (anything not whitelisted is run inside autosandbox)
Avast's developped autosandboxing tech based on FileRep and others things (anything with low rep is run inside autosandbox)...

off topic: Please reply to my last PM.
 

13 more replies
Relevance 75.85%

Computer Information: Windows XP, Dell Latitude D600, ~5yrs old

Background information:(critical information follows) Earlier today my computer gave me a blue screen and an error message that meant I had either a hardware problem (likely) or software problem (unlikely) according to the Microsoft site. After system restoring back a month (which took awhile, since my computer kept giving me blue screens and shutdowns), I used my Symantec Endpoint Protection to do a full system scan. After an initial hiccup while it was downloading updates (the whole computer froze without an error message), it found nothing (except a harmless-seeming tracking cookie). I then uninstalled it, and installed a NOD32 30-day trial. It also found nothing in its full system scan, with no hiccups. I disabled that, then installed Ad-Aware. Again, it found nothing in its full system scan. I downloaded McAfee, which asked me to uninstall NOD32.

Critical Information: I uninstalled NOD32, and after the restart, McAfee finished its installation, did a full system scan. It found and quarantined "Artemis!9998383BFB73". Upon searching googling information on Artemis, I found that it is anything from "McAfee ... real-time malware detection technology" (http://scforum.info/index.php?topic=2678.msg5421;topicseen) to a virus found by "McAffe", which "is part of Mcafee, so of course you would have it" (http://answers.yahoo.com/question/index?qid=20090503065247AAbXkdK). Finall... Read more

Answer:Artemis!: Virus or McAfee Detection Technology?

8 more replies
Relevance 75.85%

Hello, since 5 days ago I got a virus on my computer. My AVG antivirus detected it and when I am trying to delete or put in on carantine; its says the following: Object is white-listed (critical/system file that should not be removed)"

I have been following some earlier case between shakar and net surfer and seem to have the some kind of virus. please check out my log:

"Scan ""Scan specific files or folders"" completed."
"Infections";"1";"0";"1"
"Information";"1"
"Folders selected for scanning:";"C:\;"
"Scan started:";"den 22 augusti 2010, 18:56:37"
"Scan finished:";"den 22 augusti 2010, 19:37:07 (40 minute(s) 29 second(s))"
"Total object scanned:";"573050"
"User who launched the scan:";"Joakim"

"Infections"
"File";"Infection";"Result"
"C:\Windows\System32\drivers\iaStor.sys";"Virus identified Win32/Patched.CG";"Object is white-listed (critical/system file that should not be removed)"

Answer:"Detection name";"Virus identified Win32/Patched.CG"

Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If Gmer won't run,skip it and move on.Let me know if that went well.

1 more replies