Computer Support Forum

**Infected, but cannot remove the malware - access to microsoft & all antivirus website are blocked by the malware !...

Question: **Infected, but cannot remove the malware - access to microsoft & all antivirus website are blocked by the malware !...

Dear helper,

Am I infected ?? What should I do ?

Window XP, Internet Explorer 6, Sony VGN-SZ18GP laptop bought in 2006.

System crash last night, with rapid lost of hard-disc drive space (from 15 GB down to 100 Mb within 2 hours). Norton security (2006 version) & Internet explorer were busted afterward, was not able to run at all. The build-in system recovery programme was also affected.

Was forced to use back-up system recovery CD to restore the laptop back in its origin shipping state.

However afterward it is still not right. Installed McAfee (from my internet service provider) but the update function is not working - repeatly state that it can now update because I am not connect to the internet, when I'm actually conneted to your website typing this email right this moment. Also internet access to microsoft and all other common antivirus website (Norton, McAfee, AVG, Kaspersky, Avast, etc) are all block. Hence I can't even attempt to find out what happen to my laptop.

What virus have I been infected ? What programme should I use to remove the malware now that I cannot access to any of the antivirus website or microsoft website ?

Thank you

Jason

More replies
Relevance 100%
Preferred Solution: **Infected, but cannot remove the malware - access to microsoft & all antivirus website are blocked by the malware !...

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Relevance 100.04%

Hello. My computer had gotten extremely slow and opening new tabs on Firefox that I don't think I opened, so I downloaded Malwarebytes today. Ever since I downloaded I keep getting a pop up message that states "Successfully blocked access to a potentially malicious website (then the ip address) Type: outgoing. The IP address changes frequently but I have noticed a couple that keep appearing. My scan did show 2 trojan viruses: FakeMS and Agent.MIO. The most common of the IP addresses is 217.23.9.140. Thank you for your assistance.

Sherry

Answer:Malware popup access to potentially malicious website blocked: outgoing

Hello,would you post that log.Please DownloadTDSSkillerLaunch it. Click on change parameters-Select TDLFS file system Click on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan results.Please download aswMBR ( 4.5MB ) to your desktop.Double click the aswMBR.exe icon, and click Run.When asked if you'd like to "download the latest Avast! virus definitions", click Yes.Click the Scan button to start the scan.On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.I'd like us to scan your machine with ESET OnlineScanHold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.Double click on the
icon on your desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under scan settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take s... Read more

12 more replies
Relevance 93.89%

Hi:

My colleague brought me his computer. Apparently, he uninstalled AVG and at some point installed Malware Defense. I've deleted all traces of Malware Defense from the registry and unregistered the associated dlls but I cannot successfully install AVG9--the installation always fails due to not responding in a timely fashion. I can install Spybot 1.62 but it won't launch in either regular nor safe mode. Likewise I can install Malwarebytes Anti-Malware but it won't respond.

Any ideas?

Thanks,

Tom

More replies
Relevance 90.61%

Dear Support Team,

My problems are similar to the ones described in this post

>>Can not access [COLOR=green ! important][COLOR=green ! important]Microsoft[/COLOR][/COLOR] or Anti Virus sites (In Progress<<
Link: http://forums.techguy.org/virus-other-malware-removal/995025-can-not-access-microsoft-anti-2.html
My computer got infected about a week ago, most security related websites are blocked, including ESET online scanner, but fortunately I can access your website.

After reading around similar cases so far I have run Malware Bytes scan, Combofix, TDSS Killer, Bootkit Remover, Spybot Search & Destroy, Superanti Spyware scans.

I had AVG virus scanner, but its resident shield was detecting EVERYTHING as a threat, therefore, I removed it (since it could not stop this malware infection in the first place, I wasn't too impressed with it anyway)

In the other post (link above) you suggested using MSE - but bcoz microsoft websites are blocked I am unable to download it.

I attach a HJT log to give you a starting point for your diagnosis. I would be grateful and happy to donate to your website, if you run such a system.

Thanks in advance.

Roger
Ps. In addition my computer won't start in safe mode ( - If i select safe mode, it laods a bunch of .sys files and gets stuck at one of them
 

Answer:Microsoft and Antivirus website's Blocked plus Redirects

16 more replies
Relevance 86.1%

Hi,
Just recently I've been having a problem where while connecting to GameSpy in Microsoft Flight Sim 10, Malwarebytes says that a certain IP has been blocked, on multiple ports. I did a WHOIS lookup and it redirected me to the RIPE NCC, which I followed to CJSC ER-Telecom Holding in Nizhny Novgorod, Russia. I ran a scan with MBAM and ESET db 4/24 (it mysteriously lost my username and password) and they found nothing (ESET has found threats before). So I ran a netstat and saw one peculiar result:
TCP on port 49224: www-15-01-prn1 which was established and shown as InHost.
I disconnected and reconnected and now I only have 1 active connection. Anything to worry about, or is it just random? I opened the game and connected to GameSpy again, I am waiting right now and looks like nothing is happening.

Thanks for taking the time to read this long and boring post.
________________
Stats:
Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft® Windows Vista&#8482; Home Premium , Service Pack 2, 64 bit
Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 4
RAM: 4029 Mb
Graphics Card: NVIDIA GeForce 9800 GT , 512 Mb
Hard Drives: C: Total - 466967 MB, Free - 291439 MB; D: Total - 466904 MB, Free - 456389 MB;
Motherboard: Acer, EG45M, ,
Antivirus: ESET Smart Security 4.0, Updated and Enabled
--------------------
Log Contents:

11:42:55 Pierce MESSAGE IP Protection stopped
11:43:01 Pierce MESSAGE ... Read more

More replies
Relevance 85.28%

Hi.
I need help. Totally new to all these things.
Sincearound 1 week  I am getting a pop up from the malwarebytes antimalware " "malicious website blocked ,Domain,IP,Port,Type :Inbound ,Process:C:\windows\system32\svchost.exe"
 
each time IP & Port are different , but Type :Inbound  & Process:C:\windows\system32\svchost.exe are same .
 
I googled it but not understanding anything about different malwares & etc .
 
Any help will be appreciated .
Thanks..
 
Following DDS txt file is  pasted & Attach file is attached as told .
 
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.51.2
Run by My at 21:44:31 on 2014-06-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.91.1033.18.6052.3474 [GMT 5.5:30]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Pro... Read more

Answer:Intermittently getting pop up from malware bytes "malicious website blocked"

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).===Download the correct version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The... Read more

17 more replies
Relevance 85.28%

Hello computer experts!

My laptop appears to be infected with a plethora of virus/ torjans etc and i have tried all scans etc but things just keep reapprearing.

The problems are:

1) something reconfigured my internet settings

2) continutal blocking by anti malware of 'potentially malicious websites', e.g. 208.87.33.151

3) trojan horses are continally being found by avira anti-vir, e.g tr/kazy.35735.1 (which is flagged as a torjan horse generic 24.bkkc

Please advise guys, i would greatly apprehciate it as i have no idea what else to do.

sam

Answer:potentially malicious website keeps being blocked by anti-malware

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

50 more replies
Relevance 85.28%

So I was on Facebook the other day, browsing a group I'm a member of.  I clicked on a link that I thought was going to take me to NBC news, and that's when all of my problems began.
My norton antivirus began to warn me of "Malicious Toolkit Activity 3".  I did a full system scan with Norton, it found nothing.  I used norton's power eraser, and the warning popups halted after two scans and reboots.
 
I had no problems for several days, but then norton warned me of a blocked intrusion effort from an external IP.  I scanned again, both power eraser and the nortan antivirus found nothing, so i downloaded Malware bytes.
 
I performed a Flash Scan, which found nothing.  I then performed a Quick Scan, which found nothing.  Lastly, I did a full system scan, which also came up empty handed.
 
To be doubly sure, I downloaded Malwarebytes anti-rootkit, and did another full system scan, which found nothing.  
 
Then, Malwarebytes began to send me notifications such as the following:
2013/08/09 14:42:54 -0500 JOHN-HP John IP-BLOCK 80.82.64.5 (Type: incoming, Port: 19, Process: svchost.exe)
and
2013/08/09 22:40:22 -0500 JOHN-HP John IP-BLOCK 222.186.23.101 (Type: incoming, Port: 1433, Process: svchost.exe)
 
 
I am at a loss as to where to go next, as the strongest scanning tools I know of are not finding anything.  The notifications do not come up very often (maybe once or twice a day), but I am still quite concerned. &... Read more

Answer:Pop-ups warnings from Malware Bytes about Malicious Website Blocked

Malwarebytes Anti-Malware IP Protection (malicious website blocking) is part of the Protection Module in the Pro version and works after it is enabled. When attempting to go to a potential malicious website, Malwarebytes will block the attempt and provide an alert. Notification that an IP address has been blocked does not necessarily mean the computer is infected. Some legitimate programs on your computer (i.e. iTunes, Instant Messenger client, P2P programs, web browsers)) have access to the Internet and that action can trigger an IP alert if it tried to access a malicious IP address. These events are stored in the "protection-log". Your firewall should be able to give you a list of such programs so you can confirm if they are legitimate. IP Protection is also designed to block incoming connections it determines to be malicious. Botnets and Zombie computers scour the net, randomly scanning a block of IP addresses, searching for vulnerable ports - commonly probed ports and make repeated attempts to access them. Hackers use "port scanning", a popular reconnaissance technique, to search for vulnerable computers with open ports using IP addresses or a group of random IP address ranges so they can break in and install malicious programs. Malwarebytes is doing its job by blocking this kind of traffic and alerting you about these intrusion attempts and the events are stored in the "protection-log".

More information about IP Protection can be found in the Malwarebytes Anti-Malware I... Read more

1 more replies
Relevance 85.28%

I'm writing this post because I'm quite sure I've gotten another virus. I say another because I had an issue a few months back.

About a week or two ago I got constant popups from Malware Bytes stating "Malware Bytes blocked potentially malicious website." I did a scan with Malware Bytes and my AVG and did not get any results for viruses, malware, etc. A few days after, I received a notice from my Gmail that there was a suspicious login attempt that was blocked from Hong Kong. I again tried my virus searches. I got no results and decided to uninstall AVG and downloaded BitDefender to see if it would show any results.

The BitDefender found the virus Gen:Variant.Symmi.7281 located in c:\system volume information\_restore{129201fa-b0ac-49b3-96b2-deb8b91e727b}\rp41\a0017151.dll. The file was deleted and when I restarted the computer an error box popped up stating "Error loading C:\Documents and Settings\Tiffany Stembridge\Application Data\lemse.dll The specified module could not be found."

Today I turned on my computer and got the popup 90% of the time it was turned on. I kept having to turn it off because the hour glass would popup and couldn't click anything. I'm concerned I have a virus, and of course any help would be greatly appreciated.

Answer:Malware Bytes Blocked Website/DLL Module: VIrus?

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwar... Read more

9 more replies
Relevance 84.87%

Hello, this laptop will not allow McAfee to update and will not allow any anti-malware to be installed. The internet connection fails when trying to do so. I have no idea what to do. Any help will be greatly appreciated!
Here is the DDS.txt report:
DDS (Ver_09-01-19.01) - NTFSx86
Run by Tom at 19:52:47.68 on Wed 01/28/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.226 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Outdated)
FW: Norton Internet Worm Protection *disabled*
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\M... Read more

Answer:antivirus and anti-malware blocked

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

2 more replies
Relevance 84.46%

Hi there!

Maybe since I downloaded a file, "holdemindicator161_3019.exe (Trojan.FakeAlert)", as is reported by "Malwarebytes' Anti-Malware 1.33", I am no longer able to update my Anti-virus, AVG 8 Free.

I tried going to the Malwarebytes's site but the access was blocked, and while trying to solve my problem, I realized I couldn't access some anti-virus sites either.

I cannot install SpyBot, since it requires server access, and I could only access Malware's software by reinstalling it (it delivered me the error "vbaccelerator sgrid ii control runtime error '0' ").

Since some of the system files are infected, I don't think I should delete them, but I don't know how to heal them either.

I would appreciate your help.

Telmo
 

More replies
Relevance 84.05%

Noticed slow PC.
Norton 360 reported poweliks and AdClicker, but could not seem to remove.
Installed MalwareBytes Pro, some issues found and fixed.
But poweliks activity still reported by both Norton and MalwareBytes,
excessive numbers dllhost.exe processes and reports of both inbound and output
malicious internet activity.
 
Ran RogueKiller, found poweliks in registry, followed instruction to 
kill dllhost.exe processes, then let RogueKiller delete registry entry.
Seemed to fix the problems.  Per RogueKiller recommendation on removing PUPs, ran
AdwCleaner, took recommendations for clean.
 
Re-runs of Norton and MalwareBytes not reporting anything.
Do not notice excessive dllhost.exe processes.
 
But, every 30 to 60 minutes notice MalwareBytes pop-up:
= = = = = = = = =
Malwarebytes Anti-Malware
Malicious Website Blocked
Domain
IP: 88.214.193.212
Port: 50707
Type: Outbound
Process: C:\Windows\explorer.exe
= = = = = = = = =
 
Thinking that remnants of some malware remains on this computer.
Need help to resolve if some malware remains or this is a non-issue.
Thanks.
 
dds.txt follows:
******************************************************************************************************

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 11.25.2
Run by NguyenFamily at 19:24:40 on 2014-11-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3983.1234 [GMT -6:00]
.
AV: Norton 360... Read more

Answer:Malicious Website Blocked After poweliks Removed, Malware Remains?

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554476 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

10 more replies
Relevance 84.05%

hi
 
i am receiving a frequent popup message from malware bytes from this ip 91.212.124.159 with random port each time
 

 

Answer:Malicious Website Blocked Frequent Popup From Malware Bytes From 91.212.124.159

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.     HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.    Scan with FRST in normal modePlease download Farbar's Recovery Scan Tool to you... Read more

4 more replies
Relevance 84.05%

Hi, recently I might've accidentally installed some adware and in a desperate effort I've tried to clear it from my computer. It caused my computer to slow down and lag a lot, hijacked my both Firefox and Chrome browsers but I managed to clear them. I've also managed to uninstall most of the auto-installed adware in my computer but there is still a problem, temp files that are automatically created every time I boot up my computer. Even though they were deleted, they still managed to pop up after booting up. The temp files also blocked any antivirus companies (as shown below), and will re-add them back into the untrusted publishers list despite removing them. They stop re-adding once I stopped the processes. I suspect that these temp files might have slowed down my computer as the CPU and RAM usage has increased.

Steps I have tried to remove them:

Running CCleaner
Running TDDSKiller tool by Kaspersky
Running Malwarebyte's Adware Remover tool
Running Tweaking.com - Windows Repair tool

Resetting Registry settings
That's basically it. Thanks in advance for any help received.

System Properties
Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz, Intel64 Family 6 Model 37 Stepping 5
Processor Count: 4
RAM: 3959 Mb
Graphics Card: NVIDIA GeForce GT 710, -2048 Mb
Hard Drives: C: 111 GB (1 GB Free); D: 149 GB (20 GB Free); I: 465 GB (17... Read more

More replies
Relevance 82.82%

I was recently browsing People of Walmart when I get a message from Avast stating that malware has been blocked. I'm going to guess that it was from an banner ad on the site because the site that it originated from was not People of Walmart, but somethink called Afnolink. That was the only site I was browsing at the time. But when I check the statistics for Web Shield, it says there has been no blocked malware. I've checked all other Shield statistics and they are all clean. So, where did the info for it go? Does this mean that it was not sucessfully blocked?
P.S: If this is in the wrong section, I'm sorry.

Answer:Avast Free Antivirus not showing blocked malware

I actually don't see a section for blocked malware. I do see a part where it shows number of scanned pages and number of infected pages. This is under Shield Traffic in the Web Shield area. What does the "infected pages" number show?

Orange Blossom

3 more replies
Relevance 82%

Hi there... thank you so much for offering this incredibly generous help.

A week or so ago, my Verizon Internet Security Suite started finding and quarantining a lot of viruses and worms, and I was the name koobface come up several times. My computer was definitely being squirrely and slow, but nothing specific was happening that I noticed. The firewall had also brought up two .exe programs over and over trying to connect that I blocked, and eventually looked up (they were viruses, but I never found any the files for one of them to remove where the various help sites said they would be -- the other one I removed... I don't remember the names at this point). The firewall was also showing reports of blocking packets here and there... some every day, which was not usual.

I looked up koobface because it kept coming up, for a starter, and the conventional wisdom seemed to be that I should download malwarebytes scanner and run it, which I did. It found 30 files, which I removed, and things seemed to be better (and much faster) for a few days). Then, all of a sudden a couple days ago, I noticed that my browser search results were sending me to sites I wasn't asking for, and the search page was looking weird.. now I guess I realize this is a browser hijacker. I tried to run malwarebytes again, but it wouldn't open.. nothing happened. That was when I tried to run my Verizon Yahoo virus scanner and realized it wasn't working, and I think maybe hadn't been for a day or two. We... Read more

Answer:Browser Hihacker (Mozilla) and blocked malware removers and some antivirus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

14 more replies
Relevance 82%

Hi,

a week ago my computer started showing signs of an infection (e.g. a couple of blue screens, etc). And suddenly my windows 7 profile got corrupted: whenever I tried to use it, I ended up getting logged in with a Temporary Profile. In this profile the Avast antivirus appeared as if it was an unregistered version (though I had renewed the subscription not long ago). I tried the easier recommendations to repair the corrupted profile (e.g. renaming in registry, etc) but none worked.

From the temporary profile (or a new one I created, not sure), I scanned the hardrive for viruses using Avast. The Quick Scan did not find anything. But the full scan stated that it could not verify around 90 files from the Temporary Internet Files of the corrupted profile, and that it found a possible virus ("Threat: Rootkit: hidden file) though it did not mention any specific names of the virus.

The file that allegedly contained the virus was in the following path:
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

If I recall correctly, then Avast asked for a boot-time scan, which I performed shortly after, though it did not provide any new messages. But I still got logged in with the Temporary Profile.

Though this is a personal computer, people from the IT help desk at work tried to repair the profile and could not do it. They instead created a new one to which I moved all my files. They suggested that I try to re-insert the licen... Read more

Answer:Suspected Malware Corrupted Windows Profile and Blocked Antivirus

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. Comb... Read more

8 more replies
Relevance 80.77%

Hi

OS: Window Vista Home Premium SP2 (Safe mode)
Regular start-up leading straight to blue screen error: *** STOP: 0x0000007F (0x00000008, 0x801EF000, 0x00000000, 0x00000000)

I've managed to get an infection which is terminating all the any anti-malware scans I've tried, avast, malwarebytes. I then tried running rKill but this too was terminated and I cannot reopen it. On trying to re-run these after termination an error message stating "Window's cannot access the specified file." This was acquired while trying to fix a Google redirect virus. (Using Firefox 5.0.0)

Following the malware removal request preparation guide, Defogger and DSS ran fine (log below) but when running GMER.exe this too was terminated mid scan and then on trying to rerun the program the same error message as above comes up.

Thanks in advance
Martin
DDS Log:

DDS (Ver_2011-06-23.01) - NTFSx86 MINIMAL
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_21
Run by Martin Perrett at 14:02:12 on 2011-08-23
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.2047.1479 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: STOPzilla Anti-Spyware *Enabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
.
============== Running Processes ===============
.
C: ... Read more

Answer:Infected - Anti-malware being terminated then blocked

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

10 more replies
Relevance 80.77%

Awhile ago my computer was infected with malware that appeared as a chrome extension called Dealz. Initially, I tried a few ways of deleting it like malwarebytes and adw, but neither of these detected it. I searched for the extension in my files and deleted it manually but it would always reinstall itself. I also tried reinstalling Chrome and Firefox but the malware would install right along with it.  
 
I got very busy with a new job and left it. This was a mistake and the problem has gotten worse. Web pages will often load slowly and I see that it is running through a proxy. I have tried disabling proxies but I have been blocked from administration access. I have also tried locating errors in my registry but have also been locked out of admin access to do anything on there (don't worry, I didn't change anything on my registry!!). I decided it was time I stopped trying to do this on my own and look for professional help. Any help would be appreciated!
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-10-2015
Ran by Chris Nelson (administrator) on CHRISNELSON-PC (03-10-2015 13:41:22)
Running from C:\Users\Chris Nelson\Downloads
Loaded Profiles: Chris Nelson (Available Profiles: Chris Nelson)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to... Read more

Answer:Infected with malware and blocked from windows functions

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===ATTENTION: System Restore is disabledTurn System Restore ON - Windows 10.http://www.ghacks.net/2015/08/02/check-if-system-restore-is-enabled-on-windows-10/===This program may have been compromised. Read the remarks.http://sourceforge.net/projects/audacity/I leave it to your to remove or keep this program in bold. Use the Add/Remove Programs applet.Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)p.s.If the problem started after you installed the program I suggest you remove it.===Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file. 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Windows\wnavga.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-2392065262-4004807674-2560732715-1000 - (No Name) - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - No File
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin... Read more

11 more replies
Relevance 80.77%

Malware has hijacked my internet connection.

My desktop is a Velocity Micro Pentium 4 3.0 ghz, with 1.49 gb RAM. 46% of the 120 gb hard drive is free. The OS is MS Windows XP Pro v.5.1.2600, Service Pack 3, Build 2600.

Recently my wife began complaining about an apparent redirection when attempting to access one of her favorite sites. My daughter was still able to access the same site with no problem, so I assumed her Firefox profile had been corrupted. Since everyone but my wife has migrated to laptops, I was in no rush. However, a couple of days ago, she complained that her favorite web site was coming up ?Server Not Found?. After checking on my laptop that the site was available, I decided it was time to do something.

I began by saving her Firefox profile and bookmarks in preparation for creating a new profile for her. However, when I logged onto my user account on the desktop and was unable to reach the site (also getting ?Server Not Found?), I decided something more insidious was going on. At that point, I knew bad things were going on, but it seemed to be limited to this one site, as every other site I went to was accessible.

The desktop firewall/antivirus was expiring, so I renewed it and upgraded to Norton 360. That download and installation seemed to go okay. Figuring I'd need more help, I decided to download and install Malwarebytes. However, typing the URL of Malwarebytes.org produced ?No Server Found.? I wound up downloading it to a USB stick a... Read more

Answer:Internet Access Blocked By Malware

Log on as an administrator, go Start > Run and type: "cmd". In the window that appears type: "netsh winsock reset". When the program is finished, you will receive the message: "Successfully reset the Winsock Catalog. You must restart the machine in order to complete the reset." Close the command box and reboot your computer.Go Start > Run > type: "cmd" In the window that appears type: "ipconfig /flushdns". Close the command box.Go Start > Control Panel > Network Connections. Right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties. Double-click on the Internet Protocol (TCP/IP) item. Select the radio button that says "Obtain DNS servers automatically". Reboot.Warning: Some Internet Service Providers need specific DNS settings. You need to make sure that you know if such DNS settings are required before you make this change.

2 more replies
Relevance 79.95%

Hello everyone,

This is my first post and I hope i will be quickly helped or will be provided with guidance to resolve my issue.

Now problem is i have made a website magnifyjobs.com and i found that it has been blocked due to malware. Following link with help you to understand better about my problem.

http://support.clean-mx.de/clean-mx/...t=first%20desc

Due to this i am not able to send email to yahoo. I dont know how to resolve this and where the problem lies.
I hope to get reply soon..

Regards,
Mihir

More replies
Relevance 79.95%

I can't get on the internet after quarantining infected malware files using Malwarebytes. How can I get rid of virus/malware without it disabling my internet access?

Steps Taken:
I ran McAfee, which didn't detect anything. I ran Malwarebytes - which found 35 infected files. When I quarantined the infected files, the internet access could not be connected - (it showed up as connected on the toolbar, but when you tried to do anything it said no internet access - regardless of which program used (mozilla or IE). I un-quarantined the infected files and got internet access back.
 

Answer:Internet Access Blocked After Quarantining Malware

Hi,

I would like to see Malwarebytes report. Can you fetch it?
 

19 more replies
Relevance 79.95%

My XP SP3 laptop started throwing strange IE 8 popups - sending me to alternate search engines or sites which showed search terms that had been entered into Google hours before. On 6/16/2010, around when these problems began, McAfee Security Center reported:

Generic FakeAlert!jb

and Quarantined it. I was still getting those strange popups and my CPU began to thrash. I tried to run Windows Defender but the Update failed. While investigating that problem, I determined that Windows Update itself was failing with an error saying "Cannot display the web page". I ran Spybot, Adaware, Malware Bytes, SuperAntiSpyWare and even Microsoft's online OneLive scanner. Only OneLive online scanner found anything other than cookies - it found a "Severe Problem" but gave no further information and produced no log file. It wasn't able to deal with the problem so I was left scratching my head.

I then ran across a thread that mentioned Kaspersky's online scanner. I disabled McAfee and ran the Kasperksy online scanner 7.0 and it found:

Trojan-Dropper.Win32.TDSS.bej

in my Temporary Internet Files folder under Content.IE5.

Since the online Ksspersky scanner 7.0 doesn't fix anything, I located that file and performed an On-Demand Scan using McAfee. McAfee now recognized it as a trojan called:

Generic Dropper!dev

and Quarantined it. I have no idea why this wasn't picked up earlier by McAfee.

I then re-ran Kaspersky Online Scanner agai... Read more

Answer:Malware / Trojan Removed - Somehow blocked Microsoft Update before being exterminated - What to do?

Hello,Please click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.Now check if the internet is working again.Now run NcAfee FakeAlert StingerRerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.

26 more replies
Relevance 79.54%

Whenever I try to to go to my website (www.blueprintgfx.com), Google Chrome tells me it's infected with malware from "iopap.upperdarby26.com". I deleted all the files from my ftp host, scanned all the files that were on my website, and reuploaded them. It worked again for a while then eventually it tells me I'm infected again. I use Webpage Maker to upload my files to the server, and I manually add some files with Filezilla (I scanned them all with Avira Antivir and Malware Bytes Antimalware). Does anybody know how I was infected and how to get rid of it permanently? Thanks...

Answer:My website is infected with malware

Also when I tried to go to my website with Firefox, Avira said there was a virus attacking my computer. The file 'C:\Users\Richie\AppData\Local\Temp\services.exe'contained a virus or unwanted program 'TR/Crypt.ZPACK.Gen' [trojan]Action(s) taken:The file was moved to the quarantine directory under the name '48432d9b.qua'.

2 more replies
Relevance 79.54%

hi ,
one of my website s infected by malware . the site s hosted n a shared hosting space and running php and mysql .

on accessing the website from ie8 , avira anti virus gives the alert saying your computer is affected by the following " HTML/Crypted.Gen Description:To avoid detection by antivirus software, authors of HTML malware use browser features like Java and VisualBasic Script. These scripts are small and very often quite simple encryption routines hiding the malicious parts of the script. Encrypted malware is detected as HTML/Crypted.Gen."
with firefox however there are no issues , using noscript firefox addon it was observed that the site is infected by malware and scripts are pointed towards hifgejig.cn , prostmirkost.net,traffics-inspector.cn

I took the site down and dropped the table and recreated it, changed all the passwords.

i verified all the java scripts and found no scripts are altered n the server side.

After cleaning up the site , put the site back and again within a day's time it got infected again

can some one guide me on what steps to be taken when cleaning up the site ?
 

More replies
Relevance 79.54%

My windows vista 64 pc was infected by an antivirus malware. I followed the instructions for removsl posted on how-to geek. I downloaded and ran superanti spyware and malwarebytes. The scans are now clean but I think I'm still infected because I cannot install or uninstall or run any antivirus program. I have avg 2011 and ms security essentials but neither will run or uninstall and I bought McAfee internet security 2012 but it will not load.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Eric at 11:02:43 on 2012-03-30
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3964.1577 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\A... Read more

Answer:infected by antivirus malware and can't run legitimate antivirus program

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Nothing suspicious was found on your DDS log.Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopIMPORTANT....1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Do not install any other programs until this if fixed.How to : Disable Anti-virus and Firewall...http://www.bleepingcomputer.com/forums/topic114351.htmlDouble click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt Note:Do not mouse click ComboFix's window while it's running. That may cause it to stallNote: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html===Third party programs if not up to date can be an open door for an infectionPlease run this security check for my review.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instruction... Read more

8 more replies
Relevance 79.13%

I received the Antivirus Soft virus/malware on Tuesday, 6/1. I followed the removal instructions and it seemed to be okay. Until I noticed that whenever I click on a link through Google, it will redirect me to a bogus website. If I copy and paste the address into the address bar or type the address directly into it there is no problem, it is only when I click on a link. Occasionally, Internet Explorer will pop up by itself and go to the same fake websites. I have used spybot sd and malwarebytes, but they are not picking up anything anymore. I have copied and attached the information you need. Any help would be greatly appreciated. Thank you for your time.DDS (Ver_10-03-17.01) - NTFSx86 Run by Logictrans at 16:37:58.65 on Thu 06/03/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.379 [GMT -5:00]AV: PC Tools AntiVirus Free *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\PC Tools Security\BDT\BDTUpdateServ... Read more

Answer:Antivirus Soft Removed / Now Have Website Redirect Virus/Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

15 more replies
Relevance 79.13%

Hello,

I'm infected with some malicious software, probably more than one culprit. I've tried to follow the advice in other forums, downloaded MBAM, HijackThis, KillBox, ComboFix, and other suggested utilities. But the infection(s) won't allow me to run any of these programs, even when they've been renamed! It is also blocking my access to most of the critical system utilities in the Control Panel and Windows folders.

I suspect one or more of these is the responsible agent.

MalPak.D
Virantix.B
Vundo.Q
AntiVirus 2009

The first symptom was the annoying hijacking of Google search results in Firefox and IE. But whatever was doing that must have recently opened the door to its vile friends, because the infection has become much more insidious, systematic and incapacitating in the past two days.

AV2009 was easy enough to deactivate through Task Manager. I deleted the (obvious) program folder and files and removed some suspicious items from the Start configuration - namely calls to hidden programs named "braviax," "vopereso," "hugupapu." I know it's not a fix, but at least I'm not getting interrupted constantly with the program's fake virus alerts. But it's killing me that I can't go any deeper, since I'm cut off from my tools, and I'm sure the system is still thoroughly littered with vestiges of AV2009. I'm unable to access and edit the registry with either RegEdit. And I can't even ... Read more

More replies
Relevance 78.72%

can anyone help me remove malicious code from my website
my server company wont help me and i cannot access the backup, so the server files are all ive got and its an interspire shop!

please help, will gladly make a donation
 

Answer:Malware code on website - need a specialist to remove it please

Problems like this are really more of a vulnerability issue and not truly malware. How people write their website code, how old/unupdated the software they write it with, and how secure the servers that host it are really the areas to look at. Issues here are commonly referred to as code injection ( see: http://en.wikipedia.org/wiki/Code_injection ) The things we do in this forum are not going to find problems in your code. None of these malware scanners will since they are not design for this purpose.

You are going to need to have a very good webpage developer check the code for security issues and you need to verify that all software being used has been updated to include all security patches. In addition, you need to make sure that the server hosting the website also has been fully updated.
 

1 more replies
Relevance 78.72%

So yesterday I found out a new section in the My Computer folder called Network Location. Underneath there was a link called "my websites on msn" linking to msnusers.com. Is there another MS crappy update or is a malware? (I've scanned the website with Identify websites involved in malware incidents, fraudulent and spamming activities and it turned out in one of the 25 sources that the website might contain malware). If so, how can I remove it?

More replies
Relevance 78.31%

greetingz...

i had a problem...i fopund a virus in our office, possible malaware. it's spreading using usb pendrive. i already updated & tried different kind of antivirus, but still the infection is still there...here are the viruses...kosabuena.exe, texar32.exe, antivira32.exe & wwcodec.exe...if the unit is infected with these viruses, the web page is directing u to a porn site...i already solved the webpage issue but still the virus spreading...how to remove these viruses..tnx in advance
 

Answer:help how to remove malware without antivirus

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions.
**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using a differe... Read more

1 more replies
Relevance 78.31%

One of my systems recently was infected by the Internet Securtiy 2010 malware. I've used your uninstall guide from this site, but I cannot get onto the network. I tried deleting the network adapter and then re-entering the IP address. No luck. I can ping other computers on the LAN but nothing beyond. When I try to ping, the comuter beeps and there are symbols inserted into the command.

Answer:Internet Security 2010 malware has blocked network access

Log on as an administrator, go Start > Run and type: "cmd". In the window that appears type: "netsh winsock reset". When the program is finished, you will receive the message: "Successfully reset the Winsock Catalog. You must restart the machine in order to complete the reset." Close the command box and reboot your computer.Go Start > Run > type: "cmd" In the window that appears type: "ipconfig /flushdns". Close the command box.Go Start > Control Panel > Network Connections. Right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties. Double-click on the Internet Protocol (TCP/IP) item. Select the radio button that says "Obtain DNS servers automatically". Reboot.Warning: Some Internet Service Providers need specific DNS settings. You need to make sure that you know if such DNS settings are required before you make this change.Also make sure the use a proxy server is unchecked

2 more replies
Relevance 78.31%

The usually innocuous ads on my browser get replaced with very explicit ones. I downloaded several free malware search programs but I can't run them because they all fail to update when I first start them. If I try to paste the update url's into a webbrowser then I find that access is blocked.
Sounds like a very cunning piece of malware if it truly prevents me from downloading something to attack it with. I also noticed that when connecting to other sites I often see a 'resolving proxy' message before it eventually connects. Sounds like I have been hijacked. I have attached my dds file.

Thanks in advance for looking in to this.

Answer:webbrowser ads are hijacked and access blocked to malware repair sites

I was finally able to update Malwarebytes with the latest updates by connecting my laptop to my company's network whose firewall somehow foils `the virus blocking my access to update sites. Once I downloaded the updates and did a scan the virus was removed. See attached scan log

3 more replies
Relevance 77.9%

Hi,

I have a malware that I can't remove from my PC. Symptoms:

1) Two DLL's (cbXQhHbx.dll, mlJYrpQi.dll) were added to the system32 directory. (Can't be deleted)
2) These two DLL's appear in IE's plug-in list. Can't be stopped.
3) These two DLL's were automatically run when Windows starts up (under Registry's RUN section, "rundll32 cbXQhHbx.dll" and "rundll32 mlJYrpQi.dll"). I manually removed these entries, but that didn't solve the problem.
4) When using IE, I got popup windows that redirect to malicious/phishing websites.
5) Ad-aware and Norton Internet Security 2008 can't even detect this malware when running a full scan.

Could anyone help? I am attaching below the HijackThis log. Thank you very much.

Marvin K.

====================================

Logfile of HijackThis v1.99.1
Scan saved at &#19978;&#21320; 12:51:05, on 2008/10/7
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.e... Read more

Answer:Solved: Help: Malware (Website redirects, can't remove DLLs)

11 more replies
Relevance 77.9%

Hello,
My name is Wes and I am a Computer IT Administrator by trade. Recently, I came across a problem I could not figure out regarding my home PC. I was infected with Win32:JunkPoly [CRPT] and Win32:Vitro Worms last night while browsing the web. I was up all night removing the infections, and I am certain now that said infections do not reside on my computer any longer. However, I cannot seem to access microsoft.com. I have 8 other computers on my network and they are able to access the site fine, and it is NOT a router issue. I believe that the malware reconfigured something in my hosts file or something of this sort. Can anyone provide insight into this?

Thanks,
Wes Manerro
 

Answer:Cannot access website after malware infection

can you ping microsoft.com?, should time out but does it resolve?
can you view the site by ip address?
207.46.197.32
 

3 more replies
Relevance 77.49%

We just started having this problem today at one of our computers at work, we run on Windows XP. Every time I navigate to a new web page (even here), I get a pop up warning:

Internet Explorer Warning - visiting this web site may harm your computer!

Most likely causes:
The website contains exploits that can launch a malicious code on your computer
Suspicious network activity detected
There might be an active spyware running on your computer

What you can try:
Activate Antivirus 360 for secure Internet surfing (Recommended).
Check your computer for viruses and malware.
More information

Can you please help me get rid of this? I have tried to attach the 2 things that came up with the DDS

Answer:Internet Explorer Warning - visiting this website may harm your computer Antivirus 360 Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

2 more replies
Relevance 77.49%

Hello, Please help me! I have been trying to clean my computer of the
PC-Antivirus malware. It has pop-ups that come out of nowhere about every half hour. I have used just about every credible free spyware remover program there I could think of. None of them have deleted or detected this one. This thing is really hidden! Experts once again, please help me. It will be greatly appreciated. I have attached my Log.
 

Answer:I'm infected with PC-Antivirus Malware

Hi soleone,
Welcome to Major Geeks!

I can see you have some bad files and I expect there are more that can't be seen, because HijackThis isn't comprehensive. Please go through the instructions in the READ & RUN ME FIRST and attach the requested logs with your next posts.

Thanks.
abri
 

5 more replies
Relevance 77.49%

Hi I have an XP Pro machine that appears to be infected. I can get into Windows normally, but if I try to get into safe mode, I get a quick flash of blue screen and the computer reboots.

Once I get into Windows, I get icons but no taskbar. I can get into task manager and run some programs from there. I cannot run system restore, malware bytes, or antivirus without an error message. I can get into the explorer to view and access files. I tried to copy explorer.exe from the XP disk to the c:\windows directory but it will not let me paste.

If I double-click on the malwarebytes anti-malware program I get: run-time error '372' failed to load control 'vbalgrid' from vbalsgrid6.ocx. your version of vbalsgrid6.ocx may be out dated. make sure you are using the version of the control that was provided with your application.

If I try to run the system restore (by going to task manager --> run explorer --> navigate to c:\windows\system32\restore and double-click on rstrui.exe) I get "system restore is not able to protect your computer. Please restart your computer, then run system restore again."

I did try uninstalling/reinstalling malwarebytes. It allowed me to do both, but I continue to get the '372' run time error.
Any suggestions on where to start would be greatly appreciated!
Thanks,

Answer:XP infected, cannot run malware/antivirus

In order to get mbam to run you need to download thishttp://www.microsoft.com/downloads/details...;displaylang=enThen download and run this application before trying mbam againPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer or you will have to run it again===================Also try thisWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for... Read more

1 more replies
Relevance 77.49%

Began developing popups about a week ago, popups of the "your computer is infected!" variety. In addition to links to antivirus 2009, getting popups to search engines, travel sites, and other stuff. Strangely, I run Firefox but the popups are always on IE. I installed the new Microsoft patch to no avail, even tried to uninstall IE completely to cut it off but that failed to work. Bit Defender detects nothing and won't run a system scan. Other scanners detect and dispose of viruses but it keeps returning.

DDS (Version 1.1.0) - NTFSx86
Run by joe at 9:20:06.90 on Sun 12/21/2008
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2327 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Servi... Read more

Answer:need to remove antivirus 2009 and other malware

Hello and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present.

Please DO NOT Attach logs to your posts unless you are advised to do so.

=========

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs :

Viewpoint Media Player<---Viewpoint is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

Additional Information Here
and Here

===========

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Place combofix.exe on your Desktop
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
[*]Double click on combofix.exe & follow the prompts.
[*]As part of it's process, ComboFix will check to see if the Microsoft Windows Re... Read more

11 more replies
Relevance 77.49%

hi,

I am using a compaq laptop with windows XP SP2.

The problem is i cant see my hidden files and am also not able to change the option from the folder option. I have even tried changing the registry value and even that does not work.
I have tried both AVG and Norton. Both show some viruses and remove them but those viruses keep coming back.
Mesaages regarding n.com and 83fgj.com keep flashing. When i click on repair or remove the antivirus shows the message access denied.

Here is my HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:22 AM, on 9/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiViru... Read more

More replies
Relevance 77.49%

HelloYesterday evening I found myself infected with Antivirus Soft. After searching Google for a while, I stumbled upon this website and a guide to remove it. After following the steps thoroughly and even downloading and using the suggested Malware program, Antivirus Soft is still active and is even acting more aggressive on my computer. I attempted to restart the process with the rkill program only to see that it no longer works. That's when I came here.Following the Preparation guide I have run into an issue as well. Many of the checkboxes shown are unselectable and grayed-out. I am running this all in Safe-Mode (with networking) and I'm not certain if that's the cause. I cannot use the program outside of Safe-Mode due to Antivirus Soft closing it.That being said, when I complete my GMER log it tells me,NO SYSTEM MODIFICATION HAS BEEN FOUNDI am very confused as to what my next step is.. and I hope that you all are able to assist me given that a GMER log is not possible to create..I do not know if this is relevant, but I picked up this Malware from the website mangafox.com.In advance, thank you very much for the assistance. This is turning out to be a very stressful event for me so I cannot express what it mean to find this website!Here is the requested DDS log to be postedDDS (Ver_09-12-01.01) - NTFSX64 NETWORK Run by Siamak Kuntz at 13:07:24.42 on Mon 02/15/2010Internet Explorer: 7.0.6001.18000Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3998.3294 [... Read more

Answer:I cannot remove Antivirus Soft Malware

Hello againI've read the rules on several times over and I'm aware that double posting drops my priority and that the Staff members here specifically look for 0 post threads, but I'm not doing this for a b.u.m.p. I'm writing because my issue with Antivirus Soft has been resolved. In combination with the guide posted by this website found a working solution when I added a manual removal written on another FAQ. ^^; Yes, I read to be patient and that the Moderators would get to me, but I just couldn't help myself. Please feel free to lock or delete this thread. Thank you for your time and the thoroughly written guides on bleepingcomputer.com

2 more replies
Relevance 77.49%

I have the AVG anti virus 2011 malware on my lap top (currently using my desktop). I have found the info on this site on how to get rid of it but my problem is that when following the instructions it asks me to turn windows on in safe mode (which i can do). BUT: When ive done this it does not let me use my wireless usb internet provider. Therefore i am unable to download the required program to help remove the malware.

When trying to use the laptop in normal mode the virus is stopping me from using the web (only letting me go onto sites that want me to put in credit cared info EG. bank sites, ebay etc). So i cant access the required downloads that way either.

I don't know much about computers but can fix a problem by following instructions so if anyone has some helpful info i would be really grateful for your help
If you are a bit unsure what i am talking about feel free to write back for clarification.
THANKYOU!!!

Answer:AVG antivirus 2011 malware. Cant remove

Hello are you booting to Safe Mode with Networking??OR Please click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.Now boot to Safe Mode with Networking,check if the internet is working again.

2 more replies
Relevance 77.49%

Hi y'all. A new rogue malware got into my computer. Eset NOD32 and superantispyware both detected it and supposedly removed it with a reboot. Still, I get a popup screen that sows it and a error message saying that windows detected my computer is infected.

Attached are the screen shots that show the popup, message and error screen.

I have tried to scan in safe mode but there is no change.

Please let me know how to clean it out entirely.

Thanks, Steve-x8086
 

Answer:New Antivirus Suite Malware Can't Remove

Well, some idiot out there blocked the screen shots that CLEARLY showed the problem and are important to understanding the problem.

In any case, here is the HJT log which DOES NOT show the popup that is directly related to the malware.

If anyone would like the 2 screen shots. please ask and I will happily E them to you.

Logfile of HijackThis v1.99.1
Scan saved at 3:31:43 AM, on 4/8/2010
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\WINNT\system32\l780qpgqqffbk.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Virus Software\HijackThis.exe

R1 - HKCU\Software\Microsoft\... Read more

1 more replies
Relevance 77.49%

I cant go into safe mode, computer crashes w hen I try to go into it.  I can only go into normal mode.I have downloaded and installed malware bytes anti malware (MBAM), but I cant get it to run, when I do I get a message 'windows cannot acess the specified device, path or file.  You may not have the appropriate permissions to access the item'.How do I get rid of that pesky 'PC antivirus 2010' for free

Answer:have the pc antivirus 2010 malware. how do I remove it

You'll have to go here....http://www.computerhope.com/forum/index.php/topic,46313.0.htmlIf you've lost your connection, download the programs to a USB stick on a good PC and transfer them to your PC.If you have difficulty, you may have to run them in safe mode, tap F8 at start, .If you have difficulty, you may have to rename the programs when you save them.If you get stuck on a step, proceed to the next .Post the logs for step 3,4 and 6.

4 more replies
Relevance 77.49%

I have gone through the malware removal instructions on this site step by step and ran into these problems:

-AVG would not allow me to delete quarantines (wasn't allowed to access virus vault)

-SUPERantispyware failed after all attempts (shuts off during scan)

-Malwarebytes failed (shuts off during scan)

-'Microsoft Windows recovery console' failed to install in Combofix

-Having general trouble installing recovery console

-Command prompt for MGtools did not show the GetLogs-final.jpg screen when finished scanning

Attached are logs for all programs that did not fail

Thanks in advance for the help!
 

Answer:Trying to remove Antivirus Pro 2010 malware

You have it in your add/remove list. Did you first try to uninstall Antivirus Pro 2010?

Please double-click the RootRepeal.exe previously downloaded.

* Select File then Scan
* On the Select Drives form select drive [ insert drive infected here ] by "ticking" the box for drive [insert drive here] and click OK
* When the scan is complete - highlight each of the following file(s) (one at a time if more then one is listed) by left clicking it. Then use right mouse click and select the Wipe File option only for each file.
o C:\WINDOWS\system32\drivers\UACd.sys
* After Wiping all files, immediately reboot your pc!

After reboot, download/install/update and run the scanning tools you couldn't run! Attach those that run.

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




O4 - HKLM\..\Run: [Antivirus Pro 2010] "C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe" /hideClick to expand...

After clicking Fix, exit HJT.

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "... Read more

1 more replies
Relevance 77.49%

Hello, My computer has the Antivirus Pro software malware. My sister downloaded the antivirus believing that it was a legitimate antivirus program. Little did she know that it was a hoax. Now, we can't seem to remove this program in our computer. It constantly pops up that there are certain viruses in the computer and prompts us to purchase the program. The computer literally cannot function without these popups appearing. I have tried following the steps in this website about how to remove it which involved the malware software, but it did not work. I restarted the computer and behold...it was still there. PLEASE HELP ME!!The computer that is contaminated is a Windows Vista. Thank you very much!

More replies
Relevance 77.08%

About a week ago a computer that is on my network at work was infected horribly with spyware, we disconnected it from the network but I dont know if it was to late.

I connect with my laptop when I go to the office, and today was on twitter and viewing a image, and a box popped up that said your computer is infected, run a scan to find out how to clean, and the domain was something like smart-pc-scanner9.com - It kept saying infected, so I closed the x out and didnt do anything with it and am running all kinds of scans on my computer, but the problem is - I dont know if my computer is infected, the msgs that were coming up and the domain is the same as the one that was infected on our network, since my laptop is not old and i do a ton of work on it I need to make sure its okay. What can I do to make sure of this? Here is what Im doing so far:

Running full scan with Avast, nothing found so far

Running full scan with malwarebytes, no infections so far

Running windows defender, no infections.

I have a feeling something is there and my software isnt catching it - please advise what to do next. I found the domain on a malware url site that said its a infectious site that will infect your computer immediately.

Please help me!

I have windows vista
HP dv6-1245dx

Answer:Malware Website pop ups want to make sure computer isnt infected

I'm having the same problem, I feel there is still something hiding but all of my scans come up clean... can anyone help us out? Thanks!

2 more replies
Relevance 76.67%

Hello there, to whom it may concern,
I have a problem with a recently downloaded piece of malware that seems to be obstucting me from visiting certain wbesites and instead shows me this: "This website has been blocked for you! steps to gain access to this website again: 1)click the unblock button below 2)Pick survey to verify that you are human 3)complete survey 4)continue using this website." Then it says "This website has been blocked because of your recent activity. Your actions have been marked as a spam bot like, to visit this website again follow the instructions on the left. This is made for security reasons." It also seems to be listing my IP address, country of origin & national flag. Is there any way I can remove myself of this virus? Thank you for your help.
 
DDS LOG:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16736  BrowserJavaVersion: 10.45.2
Run by Jgall at 20:20:49 on 2013-11-29
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.34.3082.18.2006.742 [GMT -5:00]
.
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FE... Read more

Answer:Invisible nameless DNS Malware keeps me from access certain website

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/515835 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

68 more replies
Relevance 76.67%

i have looked up this issue and apparently this must be a new one since there is no solution what so ever, even the hidden admin account is defenseless, here is what's going on

1. the PC got infected on windows defenders watch, the infection proceeded to disabling it and what happened next is still unclear.
2. it disabled every anti-malware i tried, even KVRT which is specifically used on this situation. it says my admin has declared anti-virus softwares an enemy of the state. it either wont allow new installation or apparently uninstallation too...
3. just recently, it started blocking powershell, and 2 other apps i have never used before, skeptic to open and see., might be a consequence of not having anything to protect my PC, I am online for 60% of the day.
4. the overall performance has not been impacted, and that's what is worrying me.

things i tried so far

1. manually deleting the viruses carried by the malicious program. i canceled the set up once i found out it was fake but obviously, it didnt work.
2. running KVRT through elevated cmd found some malware but didnt have necessary privileges, it copies the malwares to quarantine and let them loose. that's actually how they protect themselves, they can not be deleted..period.
3. i finally found adwcleaner which destroyed the adwares which plagued my browsers, but after that there is a recurring key which seems to be immortal...screen shot attached.
4. i installed avast premier (the one antivirus which managed to finis... Read more

Answer:Every...i mean every anti malware blocked by unknown malware/virus

To save you all the agro.....a nice clean install......or have you done a back up?

3 more replies
Relevance 76.67%

Malware Bytes "Malicious Website Blocked" Message every few seconds! started 3 days ago posting this message: IP 88.214.193.54 outbound blocked. Steps already tried: MAB scan - several, JRT, ComboFix, Revo Uninstaller, IO Bit Uninstaller, Security Check, Rogue Killer, sfc /scannow The process is supposedly coming from windows\syswow64\svchost.exe which I have replaced with legitimate version I have also blocked this IP both inbound and outbound using built in Windows 7 Firewall. Also downloaded and ran Malware Bytes new beta rogue blocker, and Hitman Pro. AdwCleaner, TDS Killer, Ran MS Security Essentials in full mode. Every system comes up clean and PC works FINE! The only issue is this annoying popup every few seconds! Help!! Please!! so frustrating...
- Donna :-(

Scan from FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-10-2014
Ran by Steffani H (administrator) on STEFFANIHP on 26-10-2014 01:12:17
Running from C:\Users\Steffani H\Downloads
Loaded Profile: Steffani H (Available profiles: Steffani & DK Test Quicken & Steffani H)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be cl... Read more

Answer:Malware Bytes "Malicious Website Blocked" Message every few seconds!

Sorry - Op Sys is Windows 7 Home Premium, SP 1
 

3 more replies
Relevance 76.67%

This is my first post to the forum so first off, Hello. Secondly, thank you for taking time to look at this problem as I know your do this in your free time.

This is the computer my family uses so I am do not know just how long the symptoms started. It does consume much of the processing power of the computer and in addition to slowing it down, does lead to the occasional blue screen of death when it just gets overwhelmed.

I read through the posts of the November 20th thread and it sounded identical but am listening to your advice that is posted multiple times that each problem, while sounding similar, may be slightly different.

Thanks again
 

Answer:Malwarebytes Anti-Malware message - Malicious Website Blocked Message

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

1 more replies
Relevance 76.67%

I need help...
So i was first (or still am) infected with antivirus xp pro 2009 and did the whole malware bytes anti-malware described in the removal instructions but im still seeing symptoms of infection of some kind. now if my computer is idle for more then 30 minutes it restarts by itself constantly and my wireless connection gives out after about 15 minutes once restarted even though the wireless router and nic are absolutely fine. please help, thanks

here's my dds log and my attach is attached:
DDS (Ver_09-03-16.01) - NTFSx86
Run by MC at 17:50:26.04 on Sat 03/21/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1315 [GMT -7:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Digides... Read more

Answer:Infected w/ antivirus xp pro 2009 and other malware

Hello ASR-10 and welcome to Bleeping Computer,1. Please download GooredFix and save it to your Desktop.Select "2. Fix Goored" by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.2. Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.Double click the ComboFix icon to run it.If ComboFix askes you to install the Recovery Console, please do so..The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.Once the Recovery Console is installed, continue with the malware scan.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!If ComboFix does run it's full circle, the please try to install Avira ... Read more

6 more replies
Relevance 76.67%

Hi I am asking for help on behalf of my older friend who is totally computer illiterate. He was infected with the 2009 antivirus-Malware . I downloaded Malwarebytes,superantispyware, and ran them both to get rid of what I could I would appreciate if someone could look at my Hijackthis log and see if any other damage has been caused. Here is the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:07:54 PM, on 10/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\t... Read more

Answer:infected with 2009 antivirus malware

16 more replies
Relevance 76.67%

Well I came into this virus some time ago, but I talked to someone and they said it was nothing to worry about.But I feel it is this causing errors on my pc and could possibly be infected with other things.I got a C:\WINDOWS\system32\yehikufu.dll error.I was wondering if i could possibly get some help?As i honestly haven't a clue what to do.I cannot run any antispyware because this virus wont let me as it disabled all of my other ones.I have windows XP home edition.Also, I had a lsass.exe error with the status code 1073741819 and that error wouldn't allow my computer to even get logged on, so I used earlier settings which allowed me on, but do not know if it is fixed.Also, if anyone could give this a read and possibly help me.http://www.bleepingcomputer.com/forums/t/221088/formatting-and-reinstalling/

Answer:Infected w/ antivirus xp pro 2009 and other malware

Try this to install MBAMTry renaming the setup file to install.comtry installing in safe modehere's a random renamer for the program if you can get it installedhttp://kixhelp.com/wr/files/mb/randmbam.exe http://www.gt500.org/malwarebytes/database.jspPlease download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".Please download Malwarebytes Anti-Malware (v1.36) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwareb... Read more

20 more replies
Relevance 76.67%

Hi,Infected with the antivirus soft malware program. Tried rkill + malwarebytes in safemode.It did removed some infected files but not all of them I guess, the malware is still there.DDS (Ver_09-12-01.01) - NTFSx86 NETWORK Run by Vanessa at 0:48:55,63 on 2010-02-18Internet Explorer: 8.0.7600.16385Microsoft Windows?7 ?dition Familiale Premium 6.1.7600.0.1252.2.1036.18.2038.1240 [GMT -5:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\ctfmon.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\explorer.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Vanessa\Downloads\dds.scrC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exe============== Pseudo ... Read more

Answer:Infected with antivirus soft malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

17 more replies
Relevance 76.67%

When the computer is turned on the Personal Antivirus software runs automatically. After it has been closed there are continual pop-ups informing me about a range of Trojan viruses. I have tried to delete via the control panel but it does not appear on the list of programs to ennable me to remove it. DDS (Ver_09-07-30.01) - NTFSx86 Run by Syeda Kamal at 16:40:09.23 on 29/08/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.361 [GMT 1:00]AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\vVX1000.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Fi... Read more

Answer:Infected with Personal Antivirus Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 76.67%

Hi,
So, I read the Preparation Guide and I know I'm supposed to accompany this post with a log, enable my firewall, and disable my cd emulation software, but I haven't been able to do all that because the rogue virus that has infected my computer doesn't let me launch anything. I can't open antivirus programs, system restore, task manager, or any application for that matter. I can't run in safe mode either. When I try to launch something it displays the message: "Application cannot be executed. The file <filename>.exe is infected. Do you want to activate your antivirus software now?" My internet browser will open, but it only goes to a site where I can purchase antivirus software, but I know enough to realize it's bogus, so I have not purchased it. A bunch of warnings will pop up saying that my computer is infected and encouraging me to activate antivirus software, all of which lead back to the website with the bogus software. Sometimes the browser will randomly open up and go to viagra or porn sites. I'm doing research and typing this from another computer.

I did some google searching and found out it's a rogue malware virus. Further searching lead me to howtogeek.com, which later lead me here to this site. I tried SUPERAntiSpyware as howtogeek.com advised. Downloaded it onto a usb drive from a different computer, then tried to launch it on the infected computer, but got the same "Application cannot be executed..."... Read more

Answer:Infected with rogue antivirus malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic and do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for postin... Read more

4 more replies
Relevance 76.67%

I did follow the Steps for the removal of the Antivirus Soft (Uninstall Guide) on the bleepingcomputer website. The program will not let me do anything, and Malwarebyte's Anti-Malware cannot get rid of it I would really appreciate some help.Here is the DDS text:DDS (Ver_09-12-01.01) - NTFSx86 NETWORK Run by DennisHeather Oosten at 19:55:34.04 on 25/02/2010Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.212 [GMT -8:00]AV: avast! antivirus 4.8.1368 [VPS 100223-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Cobian Backup 8\Cobian.exeC:\Documents and Settings\DennisHeather Oosten\Desktop\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://start.shaw.ca/start/encauDefault_Page_URL = hxxp://www.dell.ca/mywayuInternet Settings,ProxyServer = http=127.0.0.1:5555uInternet Settings,ProxyOverride = <local>uSearchURL,(Default) = hxxp://www.google.com/search?q=%sBHO: Shareaza Web Download Hook: {0eed... Read more

Answer:Infected with Malware - Antivirus Soft

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

8 more replies
Relevance 76.67%

I have a PC at work that is currently infected with the Antivirus Suite malware program. I rebooted the PC in Safe mode with Networking, opened IE7 and removed the "Use a proxy server for your LAN) and then ran rkill.exe. I then installed Malwarebytes and am performing a full system scan with it. Is this all I need to do to remove this program from this PC?

Feral Geek
 

Answer:PC infected with Antivirus Suite malware

Malwarebytes did the trick!! Thanks.
 

1 more replies
Relevance 76.67%

Need to remove the Antivirus System Pro malware from my netbook. its an Asus Eee 1005HA using Windows XP. Its a new computer so no real antivirus software installed on it. The only thing that came with it was XP support DVD. so we don't have a windows install disc or boot CD.

below is the DDS.txt and attached is the Ark and Attach in the zip file.
thanks.


DDS (Ver_09-10-26.01) - NTFSx86 NETWORK
Run by Melissa Maschek at 20:42:32.23 on Thu 11/12/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.761 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Melissa Maschek\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://m.www.yahoo.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsof... Read more

Answer:Need to Remove Antivirus System Pro Malware from NetBook

BUMP, please.

19 more replies
Relevance 76.67%

I recently accidentally downloaded a virus and I have gotten my computer to a working order but I need some help.

I posted a while ago but since then I have noticed a lot of things in other posts.
I have changed hijackthis.exe to TSG.exe
and I also have a smart fraud fix scan.

So I will repost with my new updated information

Please help I have no clue what to do.

Thanks a tonne!

Logfile of HijackThis v1.99.1
Scan saved at 3:26:44 PM, on 1/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Common Files\{74655C02-06A3-1033-0124-030403220001}\Update.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Hijackthis\TSG.exe

R0 - HKCU\Software\Microsoft\Interne... Read more

Answer:Help me remove malware like Windows Antivirus pro 2000

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

The report can also be found at ... Read more

3 more replies
Relevance 76.67%

I am getting the "your system might be infected" messages over in the right hand corner repeatedly (before using rkill). I have attempted to delete the malware using Anti-Malware Bytes, but whenever I remove it and restart the computer, the Antivirus System Pro messages keep popping up. I am also unable to access the internet on my computer. Any help is appreciated. Thank you.

DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Owner at 19:02:47.03 on Tue 12/01/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.473 [GMT -5:00]

AV: avast! antivirus 4.8.1367 [VPS 091127-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 6&... Read more

Answer:Unable to remove Antivirus System Pro Malware - Please Help

Hello mikebos1981, Please show hidden files and foldersPlease go to VirSCAN.org FREE on-line scan service Copy and paste the each of the following file paths into the "Suspicious files to scan"box on the top of the page: c:\documents and settings\hp_owner\local settings\application data\sfjvwb\wmyisysguard.exe

c:\windows\repair\acalau.ini2
Click on the Upload button Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard. Paste the contents of the Clipboard in your next reply. If Copy to Clipbard does not work, then just copy and paste the output in your next reply.If VirScan.org server is too busy, please submit the file to VirusTotal instead.Please follow the directions herefor removing Antivirus System Pro Post the Malwarebytes log.

2 more replies
Relevance 75.85%

I am not able to acess symantec.com, or mcafee.com. It seems like they are being blocked, possibly by malware. Any thoughts on how I fix this? I am running windows xp.
 

Answer:Malware blocking access to anti-virus website

follow advice here and post the logs those programs make
 

1 more replies
Relevance 75.85%

I got XP antivirus 08 on 7-2-08, I tryed removing it with add/remove programs and didn't work, after 5 min I got Malware protector 2008, So I scanned my computer with AVG anti virus, Ad aware 2007, Spyware terminator, spyware doctor and malwarebytes anti malware, I also did the cleaning process with Smitfraudfix, and heres is the good thing, there's no pop ups, nothing starts when I restart the pc, theres no bugs on the screen and is not bothering me at all right now, but i still see them, the folders are still in program files (malware protector = shcl67j0e3ul , xp antivirus = rhcn67j0e3ul ) and they are in add/remove programs still. I also followed some manual instructions on how to remove them ( http://www.xp-vista.com/spyware-removal/xp...-antivirus-2008 ) and it seems like the re-produce or something, because they came back. Also the uninstall option has a red "x" on the side, I guess that means it doesn't work. I don't know what else to do, I was thinking on restoring the computer to a day before I got these viruses, but I don't want to mess my computer up and I don't have the windows cd with me. If you guys could help me I would really appreciate it. Thanks! Deckard's System Scanner v20071014.68Run by Owner on 2008-07-07 18:46:12Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System... Read more

Answer:Infected With Malware Protector 2008 And Xp Antivirus 08

Hello Jota_leslie and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is compl... Read more

5 more replies
Relevance 75.85%

suddenly those programs appears at my pc!!! please help me... here is the hijackthis logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 15:33:59, on 10/7/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\TEMP\wyn3.tmpC:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Arquivos de programas\Bonjour\mDNSResponder.exeC:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exeC:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\syst... Read more

Answer:Infected With Malware Protector 2008 And Antivirus Xp

Hello Thiago Ol?vio and welcome to BC. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Close ALL Internet browsers (very important).Click the Empty Selected button.Click Exit on the Main menu to close the program.Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Add... Read more

5 more replies
Relevance 75.85%

Caught rogue malware and was brought down hard. at least, but not sure if limited to System Antivirus malware. first killed the processes, eventually got Malwarebytes and AVG (both free versions) installed after changing the .exe filenames and the foldernames, and have run both repeatedly. also cleaned out MSConfig start up, for what that's worth, and downloaded and installed Super Anti Spyware (listed as Geylin in log to get it to run), combo fix, but have not run yet.

still seeing 2 or 3 things every time I run malwarebytes, so wanted to reach out to the experts. thanks in advance.
DDS (Ver_09-06-26.01) - NTFSx86
Run by Edward L at 0:04:45.85 on Tue 07/14/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.494.80 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\... Read more

Answer:infected with rogue malware - System Antivirus

Hello and welcome to Bleeping Computer.My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I wouldbe grateful if you would note the following: Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
Copy and paste all logs requested in you reply, Do not attach them unless asked too.
If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
If I do not hear back from you within 5 days of my last post, then this topic will be closed.Please download Malwarebytes' Anti-Malware from HereNote: If you already have Malwarebytes' Anti-Malware, just update then run it.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be p... Read more

13 more replies
Relevance 75.85%

I believe I have been infected with XP Antivirus Protection virus/spyware/malware.

I have downloaded and ran HijackThis and here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:17 PM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Intel\Intel Applicat... Read more

Answer:Infected with XMP Antivirus Protection malware/spyware - Help please

11 more replies
Relevance 75.85%

Hello. Thank you in advance for helping me out with this. First i have a Windows Vista Home Basic, service pack1, and a 32 bit OS running on my laptop.. 2 days ago i was infected with a malware, ANTIVIRUS CENTER. I already run mbam-setup.exe. after running it was succesfully removed but still i cannot use my internet explorer. it always pops a msg that says my computer is infected. I also have this pop up window ANTIVIRUS CENTER FIREWALL ALERT that i cannot remove or close insisting that "YOUR COMPUTER IS BEING ATTACK FROM A REMOTE MACHINE!"

here is my DDS.txt

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by user at 21:13:27.19 on Thu 05/05/2011
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Basic 6.0.6001.1.1252.63.1033.18.1533.705 [GMT 8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\STacSV.exe
C:&#... Read more

Answer:Infected with ANTIVIRUS CENTER rogue malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

2 more replies
Relevance 75.85%

My computer is infected with spware/virus. Two unknown programs, namely "Antivirus XP 08" and "Malware Protector 08", have forcefully installed themselves unto on my computer. I get the following message with a blue screen background on my desktop:

"WARNING! Spyware Detected on your computer - Install an antivirus or spyware remover to clean computer"


I currently have Trend Micro Internet Security, as my primary/official antivirus/spyware cleaner.

Please see below for a Deckard Scan output (Main.txt). For some unexplained reason, the extra.txt was not generated or could not be uploaded. I'm unsure if it is releated to the infected computer.

Please help with the removal of these unwanted spyware programs on my computer. Thanks much.


Deckard's System Scanner v20071014.68
Run by admin2 on 2008-07-10 19:42:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as admin2.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:42:23 PM, on 7/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System3... Read more

Answer:Computer infected with Antivirus XP 08 and Malware Protector 08 -- HELP!!!

BUMP, please

10 more replies
Relevance 75.85%

Thanks for taking the time to read this.I got hit with some kind of virus/spyware. I've tried McAffee and SpyBot (after making sure they were upto day) but neither seem to be cleaning this off my machine. I think it may be a program that installed one or more spyware programs. I'm pretty sure one for sure is AntiVirus Labs 2009. The links on the sites and tools keep changing each time something pops up so it's hard to determine what is going on. I'm a fairly noobish on the whole HiJackThis thing. Thanks in advance to anyone who can lend a hand.My two ignorant cents are that the following are the issue, but I'm hessitant to "fix" these with HiJackThis without confirmation. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: AvirTrWarningBHO Class - {3A267370-076E-4af4-B986-77626B8E89DF} - C:\Program Files\AvirTrsoftware\AvirTrWarning.dll (file missing)Again thanks to anyone who can help me!!!!!! -----------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:52:00 PM, on 11/27/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOW... Read more

Answer:Infected by Spy/Malware (Antivirus Labs 2009)

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTDownload DDS and save it to your desktop.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS.txt will open. Click Yes at the next prompt for Optional Scan. Save both reports to y... Read more

2 more replies
Relevance 75.85%

Hello I got infected with the antivirus gold on my laptop 4 days ago and I have been trying to find out how to fix it to no avail. I am posting my HJT log for review. Can someone please help me? I am at my wits end with this!! thanks!!Eleasha-----------------Logfile of HijackThis v1.99.1Scan saved at 3:09:28 AM, on 7/18/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\skszj.dll/sp.html#37049R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\skszj.dll/sp.html#37049R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\skszj.dll/sp.html#37049R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\s... Read more

Answer:Antivirus Gold Malware infected my computer

Hi Eleasha.

I don't see antivirus gold in your log, but you do have an aboutblank hijacker.
This one tends to change file names and the bad service it installs currently shows the file missing. It may have been replaced by now.
Please scan with hijackthis and post a fresh log.
I will be notified of your reply and we can start the clean up.

1 more replies
Relevance 75.85%

My boyfriend went online and despite having McAfee virus online support running downloaded a malware, the malware sends constant popups stating my computer if infected and  then starts a page vista antivirus, my browser is unable to access the internet without 10 or more tries and my home page is hijacked when I do get on.  I have XP and need instruction to remove this problem, I am so frustrated I could cry, I am on my work computer to try to fis this problem...any help would be greatly appreciated

Answer:Computer Infected with Vista Antivirus Malware

Moved to Computer virus and spyware forum.Welcome to Computer Hope.Start here http://www.computerhope.com/forum/index.php/topic,46313.0.htmlPost the logs here when complete.

14 more replies
Relevance 75.85%

I'm posting this from my laptop, because I can't stay on your site or anyother site with the pc that is infected. It keeps changing stating that "Internet Explorer Warning-visiting this web site may harm your computer" ETC. I been looking in the area for removing tilitymalware guides and have tried to download the Malwarebytes Anti-Malware to remove this thing that has hyjacked my pc. It won't let me down laod so I put it on a fash card and got it installed on the pc, but now it won't run on the pc. I've tried Spy-bot and others but nothing will open and run. I'm real close to doing a complete re-install of XP, but I really don't to. I looked in the System Configuration Utility and found " Id08.exe and Sysguard.exe " in the start up tab and removed the checks and rebooted. I'm some what computer smart, but obviously stupid. Could use some help with this. Also in my searching for help I've read that the Id08.exe is really nasty and could have compromised my banking and credit card sites. I disable my internet conection as soon as the hyjacking started and have not tried to get on any sensitive websites since. Oh my ZONE Alarm failed me once again as it was up and running when this started. I can't get a HJT log because it won't run either. Anything that can help me would be appreciated. I got the DDS Log to work.
DDS (Ver_09-05-14.01) - NTFSx86
Run by jbandt at 13:05:09.34 on Sun 06/21/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Editio... Read more

Answer:Infected with nasty Malware "Antivirus System Pro"

Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document.********* If MBAM will not install, please rename the installer mbam-setup.exe. Example: newtool.exeProceed installing the renamed installer of MBAM. If MBAM will not run, go to the program directory of MBAM (e.g. C:\Program FIles\Malwarebytes Antimalware\) then rename mbam.exe to newtool.exe, double click newtool.exe to proceed in running a quick scan. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Full Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply Extra Note:If MBAM enc... Read more

48 more replies
Relevance 75.85%

This is a quick removal and cleaning guide for some of the most annoying malware out there right now, symptons being alerts claiming you are infected with a virus and instructing you to download antivirus software, popup windows from similar sites, appearances of programs masquerading as the windows security center, or a Microsoft Antivirus/Antispyware product... I'm a malware removal specialist on the job, and have fixed over 100 infected PCs with such infections in the last quarter alone, so I figured I'd share my proven methods. I will probably touch this guide up later and add a few automated batch scripts I've made for this, add pictures, etc... once I find the time.

THIS GUIDE IS MEANT FOR ADVANCED USERS ONLY!
I offer no guarantee or warranty of any kind; perform any and all of these steps AT YOUR OWN RISK. Things may go wrong at any time if you don't know what you're doing, or even if you do, and I accept no responsibility for any damages to your system or loss of data. Back everything up beforehand if possible, and be prepared for the worst. If you do not consider yourself an advanced user, or are afraid of breaking something, do not follow this guide; only follow directed advice from a professional.

This guide is not endorsed by Tech-Forums.net.

This guide is only meant for serious infections, and Internet Explorer settings WILL BE LOST during the process.

I do not recommend following this guide if you are running Vista, but you may opt to use any of the... Read more

Answer:Remove Fraudulant/Rogue Antivirus and all associated Malware in under an hour.

looks like a great guide, recently i came across this... Anti-Malware Toolkit 1.03.125

its a neat program to assist in malware cleanup's. also, maybe with some "forum love" it'll be updated a bit faster.

6 more replies
Relevance 75.85%

I am infected with Antivirus 2010 Malware. I have attempted to follow the instructions posted here: http://www.bleepingcomputer.com/virus-remo...-antivirus-2010However I have had no success. Even after running the cacls command, Malwarebytes' Anti-Malware program terminates after about 4 seconds. I had a similar problem trying to run gmer. I can run the computer in safe mode and access the internet, but as soon as I start in regular mode. I get a warning that "your computer is making unauthorized copies of your system and internet files..." blah blahI can see in regedit that I have the registry entries for Antivirus 2010. But the post at the link above does not give full instructions for manual removal and I am hesitant to just delete the registry entries. Those instructions are over 2 years old. Is there more going on now? Any help would be greatly appreciated.

Answer:Cannot Remove Antivirus 2010 Malware using instructions on this site

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

3 more replies
Relevance 75.44%

Hi Everyone -

So I'm turning to the forums to see if I cant fix the issues I'm currently having with my machine. I'm running WIN XP Pro Version 2002 Srv Pack 3.

My Machine is an AMD Athlon 64 Processor 4000+
2.41 GHz, 3.00 GB of RAM

I've been getting hit lately with the "fake" Microsoft Antivirus crap, and while doing some searching on the internet for help on how to remove it has led me to this site. Well just tonight I spent my second night in about a week trying to clean it up. So obviously it's not "completely" gone and just lingering around to piss me off.

I have currently been running the rkill application and then the Malwarebytes' Anti-Malware scan both times this has happened. Seems to work for a little bit but then....well, here I am again.

What has happened after tonight's episode is now when I'm trying to run an application from my desktop I'm getting a "Run As" window that's asking me "Which user account do you want to use to run this program". Some of my icons have also disappeared.

Could someone please give me some guidance on what I need to be doing. Rather annoying, (as I'm sure you haven't heard that before)

Many Thanks in advance!
Cheers

Answer:Having troubles with the "fake" Microsoft Antivirus Spyware/Malware

Hello and welcome.We need a deeper look. Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9 and not here,thanks.If Gmer won't run,skip it and move on.Let me know if that went well.

8 more replies
Relevance 75.44%

i having a problem with my laptop that my laptop sometimes will receive a msn offline message with a website link from anyone who in my friendlist. I also facing my laptop sometimes will having schedule error when i start the program. The date will set at 1st of Jan 1988. I also realized there are many copies of same files name appear in my windows file. i suspect it is the action of malwares to copy its files repeatly into windows file.

Answer:infected by malware or spyware, msn send offline message with a website link

DDS (Version 1.0.1) - NTFSx86
Run by jkkt87 at 11:21:04.90 on 12/13/2008 Sat
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.1022.551 [GMT 8:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\eManager\anbmServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Ringz Studio\Storm Codec\stormliv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\jkkt87\Desktop\dds.com
C:\WINDOWS\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.uusee.net/
uSearch Page = hxxp://www.goog... Read more

2 more replies
Relevance 75.44%

Following recommendations y boopme, I am posting here the DDS logs related to the problem I first explained here: 
 
http://www.bleepingcomputer.com/forums/t/524509/cannot-conect-to-the-real-googlecom-website/#entry3295418
 
After reformatting the computer by deleting all present partitions and reinstalling the OS, I still get the SSL error message "cannot connect to the real google.com website". It seems as though the malware is redirecting me through some hidden service, as pages take longer to load. Also, the time and date have been reset and I can't modfiy them.
 
I really need help identifying and applying a solution to this problem, as the malware seems to be stubborn and sophisticated.
 
Many thanks in advance.
 
I will now paste the DDS.txt log, you fill find attached the Attach.txt log:
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 7.0.6000.16640
Run by Administrador at 20:58:01 on 1980-01-10
Microsoft Windows XP Professional  5.1.2600.3.1252.34.3082.18.1015.578 [GMT 1:00]
.
.
============== Running Processes ================
.
C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Datos de programa\InternetUpdater\InternetUpdaterService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe... Read more

Answer:Cannot access real google.com website Malware still present after reformatting

Hi, Run by Administrador at 20:58:01 on 1980-01-10These SSL errors in Chrome might be caused by your system date that is many years in the past. Set the correct date and time: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/windows_date_change_time.mspx?mfr=true

8 more replies
Relevance 75.03%

I keep getting pop ups asking me to download malware alarm and also others asking me to download other anti spyware programs as well as some privacy protection software. Everytime it starts with a window popping out saying:'NOTICE:if your compuetr is infected,you could suffer data loss, erratic PC behaviour, PC freezes and crashes. Detect and remove viruses before they activate themselves on your PC to prevent all these problems.Do you want to install AntiSpywareMaster to scan your PC for malware now?(Recommended)'If I click OK or Cancel or try to close it, it will all bring me to some anti spyware site and then a window would pop up saying 'Your computer has been running slower than normal, it may be infected with viruses, Adware or Spyware.AntiSpywareMaster will perform a quick and completely FREE scan of your system for malicious programs.Download AntiSpywareMaster for FREE now.'When I try to close it,it immediately starts scanning so I try to close the website it brought me to. From there it will repeat the same notice like the first one.When I try to close this one another window pops up and says' AntiSpywareMaster will scan your sistem for viruses now.Please select 'RUN' or 'OPEN' when prompted to start the installation.This file has been digitally signed and independantly certified as 100% free of viruses, Adware or Spyware.'Only when I close this one will it stop. Please help me,I'm not sure of what to do.I tried your Manual Remoal Instructions For Malware Alarm but a... Read more

Answer:Please Help. Infected By Malware. Don't Know How To Remove I.

HiPlease run a Kaspersky Online Scan Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner Click AcceptYou will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make sure that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard)
Scan Options: Scan Archives Scan Mail BasesClick OK Now under select a target to scan: Select My ComputerThe program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button:Once finished, save the log to your Desktop as filename KAV.txtTHEN ...Please Download Malwarebytes' Anti-Malware from Here :-http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlor here :-http://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Quick Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When... Read more

2 more replies
Relevance 75.03%

I just got an infected computer with some malware virus and I need help! I have read to use HiJackThis but don't know what to do. I downloaded the file and ran it. I pasted the logfile below. Can anyone please help me?

Jason
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:07:16 AM, on 8/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video ActiveX Access\iesmn.exe
C:\Program Files\Video ActiveX Access\imsmain.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Video ActiveX Access\iesmin.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Video ActiveX Access\imsmn.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jr... Read more

Answer:Malware infected computer...Antivirus popup adds in IE

9 more replies
Relevance 75.03%

Here is a link to my previous posts (pre DSS) so you can get an idea of what's happening to my system:http://www.bleepingcomputer.com/forums/t/156344/i-have-the-same-hijacked-system-problems-as-neo147-need-help-w-combofix-logsplease/also noticed that the infection seems to have taken control of my desktop settings. when you right click on the desktop to get the settings window (with the image menu, screen saver menu, etc) it's different from prior to the infection. i no longer have tabs for some things to click on in this menu now. this has to be related somehow to the background screen image going back to the "Your computer is infected with..." at reboot. very weird.anyhow, here is the "main" DSS logfile, followed by the "extra" one:"main"Deckard's System Scanner v20071014.68Run by Jeff on 2008-07-08 17:58:14Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --7: 2008-07-08 21:58:26 UTC - RP8 - Deckard's System Scanner Restore Point6: 2008-07-08 02:10:27 UTC - RP7 - Software Distribution Service 3.05: 2008-07-08 02:02:54 UTC - RP6 - Software Distribution Service 3.04: 2008-07-08 02:01:47 UTC - RP5 - before spack33: 2008-07-08 01:59:22 UTC - RP4 - Software Distribution Service 3.0-- First Restore Point -- 1: 2008-07-07 15:50:39 UTC - RP2 - System Chec... Read more

Answer:Infected By Antivirus Xp/malware Xp 2008 - Trojans Keep Getting Found...

Hello stiahhh,

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.
White Warrior

20 more replies
Relevance 75.03%

I have been having issues with this computer. Initially I posted my concert over on "Am I infected? What do I do?" and Broni recommended I follow some steps from a 'guide' which I completed to the best of this computers ability. Basically, both Firefox and Internet Explorer will not launch when I click on them from the desktop. The icon dims out to indicate I pressed it, but nothing happens. In order to launch Firefox I have to right-click it and from the menu choose "open." Internet Explorer on the other hand does not open at all. Malwarebytes seems to be corrupted because when I try to update the definitions to run it I get this error towards the end "CoCreateInstancefailed; code 0X80040154. Class not registered."

I will include the DDS; I was unable to complete the 'gmer' log because without fail everytime i run it, the computer reboots. I quit after the third time.

Answer:Computer infected -programs/antivirus/malware corrupted

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/465730 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

28 more replies
Relevance 75.03%

Hello,

I ran a scan a couple of weeks ago under Malwarebytes' Anti-Malware and now i have 81 different things in "Quarantine". I also have AVG 8.0 i also had virus in my virus valut by i deleted them because i was trying to remove them by reading how to get rid of them from my computer but i dont think i did it right was that a mistake? So any help please i would gladly appreciate Thanks so much!

I installed combo fix because i was reading other threads similar to my questions i did everything it said to do. How do i know if they are gone (virsus's)? I'm looking at my anti-malware and it still has 81 things in quarantine is that still a problem? here is my log.


ComboFix 08-11-26.05 - HP_Administrator 2008-11-26 19:02:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.145 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\documents and settings\CHRIS\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\Zumie
c:\windows\IE4 Error Log.txt
c:\windows\system32\sjjydjni.ini
c:\windows\wiaserviv.log
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-10-27 to 2008-11-27 )))))))))))))))))))))... Read more

Answer:Trojan/Adaware/Rogue Antivirus/and malware infected on my cpu

Hello Birch1107,

I can understand you wanting to do as much as you can on your end before posting for assistance, but there are reasons we advise not to run tools unless/until requested to. As noted in our sticky topic New Instructions - Read This Before Posting for Malware Removal Help...

Quote:




* DO NOT FIX ANY ENTRIES OR DELETE ANY FILES YOURSELF. DO NOT RUN ANY SPECIALIZED TOOLS THAT YOU SEE BEING USED IN OTHER THREADS WITHOUT DIRECT SUPERVISION FROM ONE OF OUR TRAINED ANALYSTS.




--especially ComboFix. See this post in our sticky topic at the top of this forum.

That said, please navigate to the following folder and tell me what is inside it:

c:\program files\temp01

2 more replies
Relevance 75.03%

Hi, unfortunately my laptop was infected by this malware named " Disk Antivirus Professional ". Whenever window is on the desktop page, this malware will auto run a scan and telling me my computer was infected. No program and software can be executed. Appreciated if someone can help me out on this. Thank you.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:59:48 AM, on 15/3/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16912)
Boot mode: Safe mode with network support

Running processes:
C:\Users\Public\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local ... Read more

Answer:Laptop infected by Disk Antivirus Professional malware.

16 more replies
Relevance 75.03%

My computer started acting up recently and when I went to run Spybot and Malware bytes, they would not run. Google updater failed messages pop up every so often and google searches either redirect the browser when a link is clicked OR if it is an antispyware/antivirus website, Microsoft.com, I get an error message that the connection has been interrupted. Tried IE7 and got DNS error. Tried Mozilla, blocked too.
I have Spybot resident on my machine along with Trend Micro Internet Security Suite. Trend was last updated on 12/9/08 and when I hit the update button, a notification came up that said the computer could not connect to the host. I loaded Spybot onto a thumb drive and renamed it and got it to work. Then I was able to run Malware bytes and it picked up a bunch of crud and cleaned up the performance somewhat. So I figured it would be a good idea to run the trend Update and see if that was working. No luck, still blocked. Now Firefox is really starting to bog down and I am at a loss as what to do next. It seems like whenever I reboot the problems come back. Thanks!
 

More replies
Relevance 74.62%

Hail, friendly ones!

I've recently been infected with some kind of Zlob, i think, after having just reformatted my harddrive, and it's got me somewhat paranoid and fearful of the internet. Why?

SYMTOMS
It's restricted access to antivirus websites, blocked microsofts webpages so i can't download important updates, switches of Automatic Updates every time i power up my computer, rendered programs such as McAffe Security Scan malfuctioning (they won't initiate when i start the program), and probably more.

Also i think it's actually disabled the ESC key on both of the keyboards I've plugged into my can, or maybe I'm just being paranoid about that.

Attempts at downloading the software nesseccary to get rid of this thing has been tricky since it can also block the download links too. But I've managed to download Combofix and run it. I've posted the report from that further down.

What I CAN DO
I can still access blocked URLs tho, using google's function to translate the pages, but alas i cannot do much more than that. I can still perform tasks that have nothing to do with security, like gaming or surfing my "censured" browser (firefox) but naturally feeling insecure to say the least when signing in to my mail or somthing like that.

The reason i don't just reformat my harddrive yet again is because it's hellishly frustrating when you don't have the drivers on discs. But I've done it be... Read more

Answer:Malware blocks the use of antivirus, microsoft updates and more. Hero/es Needed!

Welcome to Major Geeks!

Zlob is an insignificant issue in the malware world these days. And your ComboFix log shows no signs of Zlob. It does show that you have been running with a Conficker infection for quite some time though.

Also note that ComboFix should never be the 1st thing you run!!! Also note, please do not post any inline logs like you did with ComboFix. Logs must be attachments (See: HOW TO: Attach Items To Your Post )



Now we need to use ComboFix

Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.

Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
Open Notepad and copy/paste the text in the below quote box into it:




ClearJavaCache::
KILLALL::
Driver::
fsqfeagz
NetSvc::
fsqfeagz
File::
c:\windows\system32\gnbpbgl.dll

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fsqfeagz]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1662:TCP"=-Click to expand...


Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
At this point, you MUST EXIT ALL BROWSERS NOW before continuing... Read more

3 more replies
Relevance 74.62%

A couple hours ago this is where I was at:

No program can be accessed that would allow me to normally work on this issue. I have renamed files and exes to no avail. When renaming them, they start to load for about 5-10 secs, then just close with no message, then when trying to click on them I get the dreaded "Windows cannot access the specified file or path. You may not have the appropriate permissions to access this file".

My browser won't allow me to access many sites that have to do with any sort of virus or trojan removal programs. IE: I cannot access hijackthis my browser gives me a page cannot be displayed msg.

I have avast ( I get a rpc error and action cannot be completed when I click it, it also has a Stop sign icon on it now) I also have malwarebytes, superantispyware and spybot... all of which give me the , "Windows cannot access the file... " error.

I have tried using hijackthis - combofix, gmer -numerous programs to get a log. I have tried safe mode, and safe mode with networking,

NOW this last time when I booted back up I now have a MS warning that says:

Licensing Error

An unauthorized change was made to your license.
To keep your system stable you must go online and validate your software is genuine.

Click here to validate
or close

I have nothing but a black window and that little box, I cannot validate as MS along with any sites that have to do with protection/removal give me the cannot display the page error. At least it a... Read more

Answer:Cannot access any antivirus, malware, exe , system restore etc

I should also add, right as I got this a few hours ago, (I knew exactly when), I was able to get superantispyware to run for a few minutes before it was shut down and inaccesible. I saw wmdtc.exe, win32agent, mundo of some sort, and a handful of others that all showed at once just as it closed down, I didnt have time to even read them all before it closed.

I also know I have the "a.exe" trojan, as when I was still able to access my desktop and win manager it was there.
 

2 more replies
Relevance 74.62%

Hello.

An unwanted accident on Christmast eve while preparing for Christmas songs for tomorrow feast.
So I was given a thumbdrive to copy songs. The thumbdrive looks strange, the contents are all shortcut & so say I double-click a shortcut named "Music", it asked/prompted access for this "winlogon". Unluckily, I allowed its access. After allowing, I can open the "music" directory in the thumbdrive.

I didn't realise until I saw I couldn't access my taskmanager nor my antivirus nor msconfig nor malwarebytes.
Scary thing is when I type in "virus" or "winlogon remove" or "malwarebytes" in search browser, it will automatically shut down the browser.

Alas, I cannot run HijackThis, same as any other .exe with this error message "The parameter is incorrect"

Got this pop up just before DDS finished scanning. "Windows Script Host access is disabled on this machine."

Contents of dds.txt

Code:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16490 BrowserJavaVersion: 10.40.2
Run by test at 3:05:55 on 2013-12-25
#Option Extended Search is enabled.
.
============== Running Processes ================
.
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:... Read more

Answer:Winlogon Malware | Cannot Access TaskManager or Antivirus

16 more replies
Relevance 74.21%

I have a HP mini 110-1150NR with 2gig ram and 1.60mhz processor. The OS is Xp home edition 32bit. It started when I have always had the virus protection AVG and a few weeks ago a friend told me to try Norton 360 cause it has always been good for his computers. Well I download a trial version and erased my AVG and what a mistake that was!! After my trial was over instead of it still protecting my computer it just made my computer very vulnerable and when I went to download a new virus protection (which was AVAST) I had to restart my computer for changes to be made and when I did that I was infected with a hellasious virus and I am stressed out and frustrated cause I have been trying to get help for 3 days now and have not received any help!! I have spent over 30hrs on researching the problem and I am to afraid to do anything without the professional help of someone that knows what they are doing. I cant run any malware scans, virus scans, system restores, and some of my documents. When my computer starts up I get a .dll error and when I run my system restore it says "system restore will not protect you computer and to restart and try again". I have done that in safe mode and regular and nothing happens and I get the same error message. I cant install microsoft security essentials and anyother security softwares. When I pull up my task manager all of my processes have an .exe behind them and some things are on there I have never really noticed. There are schost.exe an... Read more

Answer:Infected!!!! Help Remove Malware and viruses!! Please!!

Hello and welcome to TSF.


As stated in our sticky topic:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum


Quote:




NOTE: We are aware that users sometimes seek help from several Forums at the same time. Unfortunately, this can cause confusion and actually wastes time and resources - yours, ours and other Volunteers across the community. If you have already posted at another Forum, please advise us, or them, and choose just one.




Since you've posted for help at another forum, and are receiving help already, this thread is closed so a helper will not spend time researching unnecessarily.

1 more replies
Relevance 74.21%

hi my avast and mbam have been picking up a trojan.clicker.fms aswell as win32:malwaregen on avast 
i've located the hidden folder where it is coming from as well any ideas?
i also have logs from the 2 programs for scans.
 
http://i.gyazo.com/41d74805b9a9ec6cb7040ce8ff690cfe.png link to what it shows

Answer:my pc is infected with some form of malware but i'm not sure how to remove

Hello anthm8 and Welcome.
 
The IP that you suspect as being a problem, is actually a Weather Wiget on your desktop.
 
If you are concerned about it, please follow these directions..........
 
First -Please download MiniToolBox  to desktop to run it.
 Checkmark the following boxes:
List content of Hosts
Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 Click Go and Copy and Paste the result. (result.txt)
 
 
Next -
Download Screen317 Security Check  and save it to your Desktop.
 * Double-click SecurityCheck.exe
 * Follow the onscreen instructions inside of the black box.
 * A Notepad document should open automatically called checkup.txt
 * Please post the contents of that document. Note 1:: If any security program requests permission to access the Internet, allow it to do (it is 100% safe)NOTE 2. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! (or similar) message, restart computer and Security Check should run
 
Next :
Download AdwCleaner by Xplode and save to your Desktop.
Double-click on AdwCleaner.exe to run the tool.
 * Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button (only once)
AdwCleaner will begin...be patient as t... Read more

6 more replies
Relevance 74.21%

Ok so one of my comps got infected with this Malware defender 2009 and i am having no luck getting rid of it. I first tried to download the malwarebytes program but my searches were misdirected and/or dead links it seemed. I could download the program on another computer in my network and share it but the infected computer would not install malwarebytes. I found this site and read and tried to follow the instructions in the uninstall list but again I could not download the program malwarebytes. After some searching I found refrences to renaming the program and was able to get the install to start, but it would get to a full status bar during the install and freeze up. I have tried in and out of safe mode and have had no luck in getting the program to install.here is the DDS file reportDDS (Ver_09-12-01.01) - NTFSx86 Run by sa001 at 9:28:55.89 on 2010-01-15Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.10 [GMT -5:00]AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Awa... Read more

Answer:infected with malware defender and can not remove it

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

16 more replies