Computer Support Forum

What is a good product to buy to protect and remove virus, malware etc...

Question: What is a good product to buy to protect and remove virus, malware etc...

I've been using AVG, and have bought the full version, yet was confused with what I had to do.  Can anyone tell me which product is user friendly, yet a good system choice.  Thanks,
Would be appreciated. 
 

Relevance 100%
Preferred Solution: What is a good product to buy to protect and remove virus, malware etc...

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: What is a good product to buy to protect and remove virus, malware etc...

My personal choice is ESET NOD32 Anti-Virus if choosing a paid for program as it leaves a small footprint...meaning it is not intrusive and does not utilize a lot of system resources. Kaspersky Anti-Virus is also a good choice if looking for a paid for program. If you don't want to pay then I recommend avast! Free Antivirus.For more specific information to consider, please read:Choosing an Anti-Virus ProgramSANS Institute Choosing Your Anti-virus SoftwareImportant Fact: It has been proven time and again that the user is a more substantial factor in security than the architecture of the operating system or installed protection software. Therefore, security begins with personal responsibility and following Best Practices for Safe Computing.

6 more replies
Relevance 66.42%

My computer is infected with a malware program called "Spyware Protect 2009" how do I get rid of it? I followed instructions and have copied DDS and Attach files below. popup windows keep appearing saying my computer is infected with a virus and I need to install their software.
DDS (Ver_09-03-16.01) - NTFSx86
Run by John Schlatterer at 2:44:20.15 on Mon 03/16/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.96 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files&... Read more

Answer:remove malware, Spyware Protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any scri... Read more

2 more replies
Relevance 66.01%

I fell prey to virus protect pro and the little shield on the desktop that cycles between an X and a question mark is driving me crazy. and the repeated malware/adware/spyware system alerts. i managed to get rid of the browser hijack and alot of other malware etc. with adaware and spybot i'm at a loss as to what to do next.im posting my hjt logfile as follows.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:15:46 PM, on 7/21/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exeC:\WINDOWS\system32\crypserv.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exeC:\PROGRA~1\McAfee\MSC\mcmscsv... Read more

Answer:I Fell Prey To Good Ole Virus Protect Pro

Welcome to the BleepingComputer HijackThis Logs and Analysis forum stupidus3r My name is Richie and i'll be helping you to fix your problems.Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. -----------------------------------------------------Download SmitfraudFix (by S!Ri), to your desktop.Double click on Smitfraudfix.cmdSelect option 1 ? Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy and paste the content of that report into your next reply.*IMPORTANT* Do NOT run any other options until you are asked to do so!Also post a fresh Hijackthis log.

5 more replies
Relevance 64.37%

I'm following the instructions to remove virus protect pro from this page :http://www.bleepingcomputer.com/forums/top...219.html#manualBut i can't find these files in c:\windows\system32 ."Scroll through the list of files in this folder and look for nuqjici.dll. Right-click on nuqjici.dll and select rename. Rename the file to nuqjici.dll.bad.Look for the file zpeolvh.dll and rename the file to zpeolvh.dll.badLook for the file xnvaogd.dll and rename the file to xnvaogd.dll.badLook for the file lapmvzf.dll and rename the file to lapmvzf.dll.badLook for the file myqlejy.dll and rename the file to myqlejy.dll.badLook for the file wfcof.dll and rename the file to wfcof.dll.badLook for the file surzzh.dll and rename the file to surzzh.dll.badLook for the file onljweo.dll and rename the file to onljweo.dll.badLook for the file yhjbbzf.dll and rename the file to yhjbbzf.dll.badLook for the file cefrjsh.dll and rename the file to cefrjsh.dll.badLook for the file wpchz.dll and rename the file to wpchz.dll.badLook for the file vgibz.dll and rename the file to vgibz.dll.badLook for the file psndz.dll and rename the file to psndz.dll.badLook for the file cqsfk.dll and rename the file to cqsfk.dll.badLook for the file wzhtjqo.dll and rename the file to wzhtjqo.dll.badLook for the file lrnjnzf.dll and rename the file to lrnjnzf.dll.badLook for the file zpuwriz.dll and rename the file to zpuwriz.dll.badLook for the file tkrsw.dll and rename the file to tkrsw.dll.badLoo... Read more

Answer:Remove Virus Protect Pro !

Try This FirstPlease download Rogue Remover Free from Malwarebytes.Please save the file to your normal saved file location or the desktopdouble click on rr-free-setup to run the installation programaccept the license agreement.follow all the steps and click finish to run the programClick the check for updates linkclick the scan link to start scanningwhen done, follow the onscreen directions to remove anything that it found.If it does not work, please let us know.

1 more replies
Relevance 63.14%

Hello - First, let me say thank you for helping me rectify a really poor choicesof opening software I wasn't 100% certain was verifiable. As a result I have the Virust Protect Pro problem (at a miniumum) which seems to tie up my machine a lot and causes problems with my wireless network adapter. I have used Spybot and Adware to no avail. I've copied and pasted the Hijack This log below and won't make any changes until I hear from you.
With great thanks for your help!
K

Logfile of HijackThis v1.99.1
Scan saved at 3:52:29 PM, on 8/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program F... Read more

More replies
Relevance 61.91%

I finally found a fix to the malware the the Virus Protect Pro created and it cleaned out everything. The free software (to use and clean) is called Super AntiSpyware (that's quite some name) and you can download the free home version at http://www.superantispyware.com/superantispywarefreevspro.html
I'm going over there now to donate some money as it was my stupidity that had me lose about 6 hours trying to fix what I did. It's always nice to find a hero.

With blessings for a great day.
K
 

More replies
Relevance 61.5%

Guy at work hit me up today telling me that he bought a USB Stick that is an antivirus and it cost him $60 at Best Buy. Was wondering if anyone heard anything about these as to if they are good or junk?According to what he described it is not a proactive method of avoiding malware and viruses, but instead its used to remove and clean up infections after already infected.QuoteThe FixMeStick? is an external, hardware device that runs before your computer starts enabling it to remove viruses, spyware, trojans, rootkits, and malware that anti-virus programs often cannot, so that you can keep the computer you have. I just have doubts that a USB stick can be a solution for cleaning up a system with very little user interaction. Just like registry repair tools and the PC Doctor stuff etc, I am curious if this is junk or not. Marketing to sell a USB stick with bootable Linux that has a antivirus on it that scans and removes viruses and nothing more, no corrections for altered system files etc but a simple killing off of infected files etc, in which a system might work again but is swiss cheese full of scars from the malware/virus that was on it. https://www.fixmestick.com/

More replies
Relevance 61.5%

Guy at work hit me up today telling me that he bought a USB Stick that is an antivirus and it cost him $60 at Best Buy. Was wondering if anyone heard anything about these as to if they are good or junk?According to what he described it is not a proactive method of avoiding malware and viruses, but instead its used to remove and clean up infections after already infected.QuoteThe FixMeStick? is an external, hardware device that runs before your computer starts enabling it to remove viruses, spyware, trojans, rootkits, and malware that anti-virus programs often cannot, so that you can keep the computer you have. I just have doubts that a USB stick can be a solution for cleaning up a system with very little user interaction. Just like registry repair tools and the PC Doctor stuff etc, I am curious if this is junk or not. Marketing to sell a USB stick with bootable Linux that has a antivirus on it that scans and removes viruses and nothing more, no corrections for altered system files etc but a simple killing off of infected files etc, in which a system might work again but is swiss cheese full of scars from the malware/virus that was on it. https://www.fixmestick.com/

Answer:FixMeStick ... Is this junk or actually a good virus removal product?

FixMeStick has been advertised on TV for several years. It uses scanning engines from Sophos, Kaspersky, and VIPRE... it is primarily intended to get a computer to a more stable state so that you can use your existing anti-virus and other security tools to complete the disinfection process. I don't know if it is complete "junk", that is, I don't think it is a scam, but my first thought was "Why pay for something when you can do the same things for free?" and this PCMag review more or less says the same thing:QuoteProsBootable, USB-based antivirus uses scanning engines from Sophos, Kaspersky, and GFI/VIPRE. Extremely easy to use. Full undo in case of problems. Remote-control tech support available if needed.ConsCan't disinfect virus-infected files, can only quarantine them. Quarantine of system files rendered two test systems unbootable, requiring full undo. Can't handle malware traces in Registry. Alleged removal failed to prevent several detected rootkits from running.Collateral DamageFixMeStick can be a bit heavy-handed, wiping out files that it shouldn't. When its engines detect a valid file infested by malware, it can't disinfect the file back to its original status. All it can do is toss that file into quarantine. If this happens to an essential Windows file, you may be hosed.There are many free LiveCD/Rescue CD utilities which can do the same thing so I see no reason to purchase this product. " The review found... Read more

14 more replies
Relevance 59.04%

I am copy pasting from another post below as i am also experiencing exactly the same problem. But the solution adviced to him will not be applicable to me as mentioned in the solution itself.

I did a system restore and now i don't experience those troubles. I just wanted to know if a system restore is good enough to remove this malware.

"My computer has had several popups for the last few days directing me to sites which i'm pretty sure contains malware. Also, when i try to open Task Manager, a dialog box opens up which says "Task Manager has been disabled by your administrator", even though i am the admin for the computer.

The desktop background has also changed by itself with a link on it which directs me to a website. It has a head that says "Warning: Spyware has been detected on your compute"
 

Answer:Is system restore good enough to remove malware?

No. Don't rely on SR. It tries to restore your machine without losing any files, so the malware may be retained.
 

1 more replies
Relevance 59.04%

When i start up my laptop i log in using my password and then comes a blank screen with the fake windows product key. Ive recently tried every step in this link Remove fake "Windows Product Key" virus (Call Support Scam) but no luck on anything.

When i try to bring up the task manager nothing happens. But when i shut down the laptop i can see the task manager appear for 1 second before the laptop shutdowns. Ive tried the hitmanpro usb tactic and that did not work either.

So now i am out of options and with out a laptop until i can figure out how to get rid of this virus. If anyone has experienced this or knows anything about this could you please help me. Thank You
 

More replies
Relevance 58.63%

Hi once i have read some of your arhive threads last 6-27-08 i began to follow all of the steps from cleaning, defrag and Removal. I found out my PC had been infected with Trojan.Vundo(it was detected by malware)... I think it started when i downloaded last 6-26-08 a file at Bitlord. The first virus that was detected was a backdoor.trojan the Norton Anti-virus detect it and remove it. So i thought it was ok when i noticed my PC is slowing I already think that there are still problems with my PC. So i run again the Anti-virus and when it reaches 24% (estimated) my PC reboot and my keyboard got stalled and in my monitor it is BAD BIOS. but when i manually reboot it, it just jump to windows and didn't do the normal process when booting... and everytime I scan my PC with my AV it always reboot so i try to search the net and find you guys... a bit STRICT but helps us more to know and learn how to fix things with our PC

1. From cleaning guide my pc was running better than it was before...
2. From the Malware Removal Guide i don't know if i got the right proceedure
but got some problems...
a. SAS - it doesn't goes blue screen,but my problem here is when it attemps to scan my files it becomes stalled. the first time i ran it i left it for almost 6 hours... (thinking it would still work) so reading from the procedure if it doesn't work proceed to the next
b. Spybot - I dom't have problem here works really great
c. MAM - no problem he... Read more

Answer:Trojan.Vundo,Malware.Trace and Problems on boot and Norton Anti-virus Protect

here are the second logs of HJT and Combofix.

BTW,when i right-click all my folders and files and choose properties it seems that it has security tab and when i click the security tab there's been so much users and administrators in it. Is my files been publicly displayed or does this HighJacka** i mean Hacker get and manage my files...

Thanks...
 

16 more replies
Relevance 57.4%

Computer has virus/worm on it that I am unable to remove. Scanned with # of malware scanners. Only Zemana identified launchpad.org. But after quarantine, it still remained. Then ran Adwcleaner, which identified a number of possible problems. Quarantined those and then ran Hijackthis, which found many other possible issues. I saved the log files from all three. I need help in getting these off my computer.

Answer:How to remove virus that malware scanners fail to remove

Forget HijackThis it is too outdated to be of any use and doesn't understand the locations for Windows 10. DO NOT remove anything it reports or you might wreck the system.Run the ADWCleaner Clean then run these two:Junkware Removal Tool (JRT)https://www.malwarebytes.org/junkwa...(blue Download button).Download and "Save" the file somewhere. Go to the saved file then double click it to run JRT. It might appear to have stopped at times or flash the screen but sit tight until it has finished.MalwareBytes:https://www.malwarebytes.org/(use the "Free Download" button rather than the "Buy Now" button).After the install go to "Settings > Protection". Under Scan Options move the "Scan for rootkits" slider over to On and Run the Threat Scan. Quarantine anything it finds. If anything is found please copy/paste the logs on here.Always pop back and let us know the outcome - thanksmessage edited by Derek

3 more replies
Relevance 56.17%

How do I Remove norton anti virus for good? I was using the trial for a bit; but I still don't like it and I want it removed entirely.
 

Answer:Remove norton anti virus for good.

11 more replies
Relevance 56.17%

I posted earlier about system administrator issues. I am using my computer in safe mode and in the system configuration i found saXsAQWSemKq.exe. I looked it up and it appears to be a virus. I was curious if I would need to download a program to safely remove it or if it would be just as effective to manually delete it. Also some recommendations for programs would be nice.
 

Answer:Found what I think is a virus. Need a good program to remove.

You should click on the Report button and ask to have this moved to the Malware forum to get the help you need, also post all the logs requested at the top of the Malware forum in the sticky marked, "Everyone must read this BEFORE posting for help".
 

2 more replies
Relevance 55.35%

A friend of mine suggested I use this anti virus/malware. Has anyone use it? Any good. Thoughts please.

emisoft Anti malware
 

More replies
Relevance 55.35%

what are some good anti virus and spy ware free hopefully

Answer:good anti virus malware

Gee, that's never been asked before. Oh wait - it has. Here and on every other support forum. Once a week. Please - do a search on the site.

8 more replies
Relevance 55.35%

Hi, I've been in here before but I don't think I completed the process satisfactorily. I'm having problems updating programs (i.e. iTunes, Java) and other programs as basic as my Windows photo editor won't save changes to edited pics. There's a whole bunch of crap that I think my computer is full of. I currently have no Anti-virus protection, think it's corrupted or infected, and don't want to install an Anti-virus program until I understand what's wrong with my computer.

Can someone help a non-savvy computer victim?
 

Answer:Not Good: Virus or Malware problem.

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide

and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.


After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual update Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using a different user account ... Read more

6 more replies
Relevance 54.94%

Here are the only two logs that I was able to get:

Here is the logfile from Win32kDiag.exe

Running from: C:\Documents and Settings\Eduardo Lugo\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Eduardo Lugo\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB902400\KB902400

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB913580\KB913580

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$&#... Read more

Answer:Virus will not let me run Malwarebytes or any other tool to remove virus/trojan/malware

Hello trumpetman,Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) "%userprofile%\desktop\win32kdiag.exe" -f -rinto the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

2 more replies
Relevance 54.12%

Thanks to the guys at major geeks for the info and the tools for malware removal. All's clear and running good
 

Answer:malware trogan virus removal . works Good

Welcome to Major Geeks!

You're welcome. If you have run our full cleaning procedure, then you should follow the below final steps if you are not having any other problems.

We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.

If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
"%userprofile%\Desktop\combofix" /u
Notes: The space between the combofix" and the /u, it must be there.
This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Delete the C:\combofix folder from combofix (if it exists)

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Go to add/remove programs and uninstall HijackThis.
You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
If you are running Vista, Windows XP or Windows ME, do the below:
Refer to the cleaning p... Read more

1 more replies
Relevance 54.12%

Hi Guys, I just got a new laptop and had a simple question. I am new to windows 8 and want to know if anyone has any good good Anti-Virus, Malware, & Spyware programs for windows 8 that are easy to use for novice/intermediate user (mostly novice on window 8)? Laptop came preloaded with Norton Internet Security but I was wondering if there was anything better for window 8?Edit: Moved topic from Windows 8 to the more appropriate forum. ~ Animal

Answer:Good Anti-Virus, Malware, & Spyware programs?

Malwarebytes
 
SuperAntiSpyware
 
There are a number of free antivirus programs, I like Avast, others like AVG, and there's Microsoft Security Essentials.
 
I would suggest staying away from registry cleaners and other enhancement programs, they are overrated for what they actually will do and can actually be damaging when used improperly.  The usual tools like Disk Defragmenter, Disk Cleanup used on a regular basis will help keep the system running smooth.

10 more replies
Relevance 54.12%

Please help me fix my computer. I would also like to be able to make sure its gone for good, and still have my keyboard working.
My brother had this same virus, he was able to get rid of it, but now his keyboard won't work. So please help!

P.S. You will most likely have to give me easy step by step instructions, because I have a reading comprehension disability.
If you can't I can ask my brother to help me, I guess.
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.21.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: BABYRUTH [administrator]

7/21/2012 10:05:50 AM
mbam-log-2012-07-21 (10-05-50).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 334275
Time elapsed: 4 hour(s), 13 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Users\Owner\AppData\Local\{365ff89e... Read more

Answer:Malware Bytes found virus want to make sure its gone for good!

Hello, the surest way to be sure that rootkit is gone is to post a DDS log.Please go here....Preparation Guide ,do steps 6-9.Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If GMER won't run (it may not on a 64 bit system) skip it and move on.Let me know if that went well.

5 more replies
Relevance 54.12%

Are there any good virus remover like Malwarebytes' Anti-Malware? My friend also use this and he got a virus that does not let him run Malwarebytes' Anti-Malware so he had to delete everything off his computer. I'm afraid something like this might happen to me so are there any alternatives to Malwarebytes' Anti-Malware?

Answer:Good virus remover like Malwarebytes' Anti-Malware?

Welcome
I use Microsoft Security Essentials
Malwarebytes
Win Patrol
The windows firewall
and the Eset online scanner, and am very comfortable.

If you want more this will make you safe
Sandboxie - Sandbox software for application isolation and secure Web browsing

8 more replies
Relevance 54.12%

I decided to get rid of real-time antivirus. And I'm now running my computer without any real-time anti-virus/anti-malware program installed. However, I'd like to know as to which are the good free on-demand anti-virus/anti-malware scanners available. I do not want to know about any real-time scanners, I want to know about on-demand scanners.I already have a firewall and all I'm gonna need now is this - a good one. I hope you guys will help.

Answer:A good on-demand anti virus/malware scanner

Ok, although they may miss some newer ones ,stopping them before they get on is the easyer way.

Look here at On line scanners

http://www.bleepingcomputer.com/forums/topic366982.html

19 more replies
Relevance 54.12%

I have an asus eee netbook and I need to purchase an anti virus program ... I'm not too familiar with very good programs.

My experiences is to always get free ad aware and spybot and just take it from there when I notice I am having a problem. Then identify a real virus and take the steps to just get rid of that specifc virus. But right now I have a new netbook and am deciding to just stop it before it even begins. I'm trying to do some research but obviously all of the websites just claim theirs is the best and have other websites giving them praise.

I am also curious, do these programs stop all the trackers and dumb stuff that I usually need ad aware and spybot to catch and remove on my comp?

I would also prefer the program to run and not take up too much computer usage considering the netbook only has a 1.6 cpu.

Thank you in advance for any input

Answer:Looking to purchase a good anti virus/malware program

I would never pay for an antivirus package as there are good free ones available.Check out this topic: http://www.bleepingcomputer.com/forums/topic3616.htmlJust remember that no protection software is 100% effective and a lot depends on how you use your computer.

13 more replies
Relevance 53.71%

I have some sort of virus thats screwing with my mouse. Tried updating the logitech software and tried another mouse with no luck. So i'm quite sure it's a virus. Many of the mouse buttons become intermittent sometimes for 10 or 20 seconds at a time, then they will work for as long as minutes or even an hour before it happens again. Sometimes especially after startup it may only work for seconds before it starts doing it again. Researching it i also got the impression it's a virus or some sort of _____ware. So if anyone has any ideas of a current bug that causes this or any thorough scanners that are free and work good i'd like to hear. My trial is up on malwarebytes and i used the microsoft removal tool but thats it so far and it didn't work.

Answer:Good malware/adware/virus freeware? And Q about mouse issue

Well; first thing if you suspect a virus; i would download, run and install a virus scanner called avg. I use that one as its been one of the better rated ones out there that Ive seen. But I would also re-download the free version of malwarebytes, and superantispyware; install and run them and let them scan your system. I will post the links to all 3 of these below:

avg: http://www.avg.com/us-en/download-fi...mecmp?dwn=av14

malwarebytes: https://www.malwarebytes.org/mwb-download/

superantispyware: SUPERAntiSpyware - Downloading File

2 more replies
Relevance 52.89%

I have ran, superanti spyware,malwarebytes,hitmanpro,Norton, and this wont get remove from the computer. everytime I try to use the computer I get pop ups and also a message that I need to call some place. I am trying to fix my grams computer and I am trying to save all the pcitures that she currently has don't want to restore the whole thing. can someone please help me.
 
let me know what I can do. and what is needed.
 
currently funning in safe mode when I load on regular desktop it takes a long time extremely slow.
 
thank you
 
 
edit
 
its been a long time that I having posted in here. if I didn't do it right I apologize for it.
 
 
I keep on getting a message to download showed.js from ads.pubmatic.com
 
I close it and it keeps on coming back.
 
again any help would be great.
 
Thank you.

Answer:Cant remove the virus and malware

Hello cowboys. let's look at these logs.What is your browser?Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 use... Read more

8 more replies
Relevance 52.89%

Hello all,

I'm using Windows XP and have Avast and Spyware Terminator installed. A week or so ago, Avast warned of a rootkit. I chose the delete option and it never gave me any information on this again.

Since the last 2 days, I have a window that pops-up now and then on Firefox saying: "Your browser is under the threat of infection..." and asks to install some protection from Microsoft. In the bottom it gives two buttons - Allow and Deny. I am able to close the popup by clicking on the X on the top right.

I searched around and tried a few things as under:

1) Did an online scan at Trends Micro. It found and removed a few things.
2) Ran Malwarebytes (had to change the filename to run it). It found a few things which I removed. I can't update it as it gives an error: 732(0, 0).
3) Tried running RootRepal but it gives an error stating "could not read the boot sector. try adjusting the disk access level in the options dialogue"

I read somewhere about someone suggesting I run the online Eset scanner but I can't access the website.

Any help would be appreciated.

Thanks.

Answer:Can't seem to remove virus/malware

Please post the results of your MBAM scan for review.To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.Click the Logs Tab at the top.The log will be named by the date of scan in the following format: mbam-log-date(time).txt
-- If you have previously used MBAM, there may be several logs showing in the list.Click on the log name to highlight it.Go to the bottom and click on Open.The log should automatically open in notepad as a text file.Go to Edit and choose Select all.Go back to Edit and choose Copy or right-click on the highlighted text and choose copy from there.Come back to this thread, click Add Reply, then right-click and choose Paste.Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Logs are saved to the following locations:-- In XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs-- In Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\LogsIf you cannot update through the program's interface and have already manually downloaded the latest definitions (mbam-rules.exe) shown on this page, be aware that mbam-rules.exe is not updated daily. Another way to get the most current database definitions if you're having problems updating, is to install MBAM on a clean computer, launch the prog... Read more

1 more replies
Relevance 52.89%

Hi guys, I just recently got this virus or malware problem on my computer (i'm still not sure which) but it has caused my computer to slow down a lot and given me problems accessing certain websites as well.  The virus causes my computer to spam www.birungueta.blogspot.com in my processes when i check my task manager and the name of the culprit I believe is lg0.exe.  Here is the HijackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:23:18 PM, on 8/4/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18928)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\system32\DllHost.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R... Read more

Answer:Please help me remove this malware/virus!

please go to below and complete and post the other 2 logshttp://www.computerhope.com/forum/index.php/topic,46313.0.html

1 more replies
Relevance 52.89%

FIrst post, but i will try my best. When searching for the lyrics to a song i retrieved malware and viruses. I have spywarebot the newest addition but it couldnt get rid of the infection. I know that i have ultimate defender, and i get the yellow triangle with the exclamation i know many of you are familiar with. For a while i was not able to even start windows but through the advanced startup options i got the last known good configuration, this allowed me back on to windows. Now my problem is how to remove this malware/virus and if i try to install a program through mozilla it would not let me solve the problem.

Any help is highly appreciated. Thank You
 

Answer:Can't Remove malware/virus

Hi, Welcome to TSG!!
Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

1 more replies
Relevance 52.89%

Please help! Posted about two weeks ago with no response. Thought I would try again.
Google unusable. Google results are altered. Tried Malwarebytes' Anti-Malware, Lavasoft Ad-Aware and Spybot Search and Destroy but nothing fixeds the problem. Here's my original post:

Google search results return links to other websites. For example, if I search for my own company website by name on google, it will return the correct description but the link is to another unrelated site usually trying to sell me something. The same google search on another unaffected computer would list my company website with the correct link as the first search result. The same thing happens when I try other google searches on my computer where I know what the results should be. I get the correct description but the incorrect link. Also, when google does the search, it takes unusually long to display the results. It also takes unusually long when the google result link (which is the wrong link) is hit to take me to the incorrect website. I hope I have described the problem accurately enough. If not, please let me know any other information you require to describe the problem. I tend to use google every day and need it for both personal and work.

I have tried running several anti-virus software packages. I have Norton SystemWorks 2002 (with updated definitions) and ran a complete scan which took several hours and did not find anything. As instructed by one of the google support pages, I also installed ... Read more

Answer:malware and/or virus - cannot remove - help!

Hello joeanonymous,Welcome to Bleeping Computer (B.C.)! I'm DocSatan and I will be helping you with your computer problems. I will be researching your DDS Log and shall get back to you ASAP. In the meantime I have a couple of "rules" that I need to lay down before we get going:In order for me to be effective in helping you with your computer problem(s):Do not seek help at other Help Forums while we are working together. This will only confuse things.Do not make any changes to your system until we have finished. Changes include the following:Deleting Files/FoldersRunning tools such as Anti-Virus, Anti-Spyware, etc., that will delete Files/folders.Downloading and installing programs.Running Fixes from other Help ForumsIf you feel that you CAN follow these rules, then we can continue to work together to fix your computer problem(s).

17 more replies
Relevance 52.89%

I have a windows 7 pc infected with some virus or malware. Have Norton 360 installed but this has been disabled by virus. Can't access internet in normal mode. In Safe mode with networking, I can access the internet. Can't install of Avg, Avast or MS Malicious removal tool. Have run several online scanners but no resolution. Have run Hijackthis but can't see anything abnormal. Help !!!
 

Answer:Can't remove virus/malware

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and then attach the requested logs to your next reply when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected ... Read more

5 more replies
Relevance 52.89%

HI,
Please help in removing Malware...

I am using eScan and unable to delete following Malware/virus from System (MicroSoft Windows XP professional, version 2002 Service pack 2)...

In Virus log in formation I am getting following lines:

Replacing Registry Value: ******** (HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost/netsvcs) Previous Value: [napagent], New Value: [NULL]

Entry "HKCR\JavaPlugin.FamilyVersionSupport" refers to invalid object "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}". Action Taken: Entries Removed.

Replacing Registry Value: ******** (HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost/netsvcs) Previous Value: [napagent], New Value: [NULL]
Thanks a lot for your time and help...
 

More replies
Relevance 52.89%

Can someone PLEASE help me. I am assuming it's malware causing my problems and I can't do anything to scan and remove it. I had Malwarebytes installed but when I downloaded a file malware took over and it removed my Malwarebytes and when I try to reinstall it says the file is in use. I have downloaded several virus/malware programs but it tells me the same thing when trying to install them. It won't let me go into safe mode and it won't let me open my task manager. It did let me run Windows Defender and it found a couple of threats but after removing them whatever is causing the problem is still there! Symantec used to have a virus scan that was 100% online but now you have to download a file and it won't let me run it!! Someone please tell me how to fix it. I'm desperate as I use my computer for my work.

Answer:How to remove Malware/virus?

Download and burn to a DVD the ISO for Kaspersky Rescue disk..It's a linux based disk which will go online and update itself; after-which it will scan the system fully and deal with whatever it find...It's free, safe to use, and often recommended here.https://www.howtogeek.com/howto/364...Any logs generated - retain them for possible investigation by one or two of the pest/malware gurus who drop in here across the 24hrs from all over the globe.

5 more replies
Relevance 52.89%

hi iam dinesh , iam using compaq pressarrio pc with p4(3.06GHZ),1GB ram ,160GB harddisk.and whenever i open a new window (like my computer etc ) i am getting a message from my avg8.0 free editon resident shield like" Threat detected file name c:\WINDOWS\system 32...."and many more messages from my resident shield .i dont know how to remove this thingsand i am having avg and malwarebytes and itried to remove it ,but nothing seems to work for me.and my computer has been dramatically slowed down even at start ups. and i had posted the scan results of deckard system scanner and hijack this log file along with it at the bottom Deckard's System Scanner v20071014.68Run by mars on 2008-08-07 06:41:25Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --8: 2008-08-07 01:11:30 UTC - RP8 - Deckard's System Scanner Restore Point7: 2008-08-07 00:07:43 UTC - RP7 - System Checkpoint6: 2008-08-05 23:37:44 UTC - RP6 - System Checkpoint5: 2008-08-04 23:28:32 UTC - RP5 - Removed USBCV134: 2008-08-04 23:24:52 UTC - RP4 - Installed USBCV13-- First Restore Point -- 1: 2008-08-03 02:07:20 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as mars.exe) -----------------------------------------------... Read more

Answer:Help Me To Remove Malware/virus In My Pc

Hello. I am PropagandaPanda (Panda or PP for short) and I will be helping you with your log.I will need some time to look over your computer's log(s). I am still in training, so my responses to you must be checked by a coach.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here. Please take note of a few guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it may not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directl... Read more

more replies
Relevance 52.89%

Hi guys, I just recently got this virus or malware problem on my computer (i'm still not sure which) but it has caused my computer to slow down a lot and given me problems accessing certain websites as well. The virus causes my computer to spam www.birungueta.blogspot.com in my processes when i check my task manager and the name of the culprit I believe is lg0.exe. Here is the HijackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:23:18 PM, on 8/4/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18928)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\system32\DllHost.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.comR1 - HKLM\Software\Microsoft\Inter... Read more

Answer:Please help me remove this malware/virus!

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

3 more replies
Relevance 52.89%

I tried programs and features and search, but came up empty. It constantly shows up in Firefox and Chrome
http://cache.icmwebserv.com/blank7.html#{%22namespace%22%3A%22LITE%22%2C%22revMode%22%3A16%2C%22marketingCampaignID%22%3A999999% 2C%22campaignID%22%3A%22000339%22%2C%22browser%22%3A%22ff%22%2C%22url%22%3A%22http%3A%2F%2Fonpoint.w bur.org%2Fways-to-listen%22%2C%22install%22%3A%221415626139%22%2C%22appID%22%3A63831%2C%22subID%22%3A%2230003392102300 0000%22%2C%22windowName%22%3A%22icm_inline_p%22%2C%22ad_width%22%3A1%2C%22ad_height%22%3A100%2C%22ad _type%22%3A%22focus%22%2C%22asw%22%3A%22na%22%2C%22pstn%22%3A%220%22%2C%22icmVersion%22%3A%221105%22 }

Answer:How do I remove this virus/malware url?

You have 'adware'. follow both step1. and step 2.
Please download AdwCleaner by Xplode and save to your Desktop.
Step 1.
Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Step 2.


This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder
******Post both .txt logs in your next reply

9 more replies
Relevance 52.89%

Acer Aspire desktop

Malwarebytes Installed
Superantispyware installed
AVG free antivirus installed
Spybot Search and Destroy Installed
Ad Aware Installed.
combofix

Did a scan with all programs and every [program picked up malware / Virus and completely reomved from system but when you restart the virus always comes back.

I have disabled system restore but somehow the virus is still there and every malwarebyets scan comes up with 2 new malware / virus every scan.

I have installed the new mbam_rules from a cd just in case my version of malware bytes was not up to date but the virus still lives.

Also the virus redirects you from bleeping computer, majorgeeks, housecall65.trendmicro, avast, avg, kapersky, etc websites but redirecting it to a either a dns error page or a local Jar: localhost etc.

I will download hijack if told to by someone here.

I need help and any would be appreciated.
Update:

Can I use a ubuntu / puppy linux etc live cd and do a scan that way? was just wondering if that would work?
 

Answer:Cannot remove Virus / Malware need help

Hiya

Are you still having this problem? If so, can you do the following:

Download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Also, can you post the latest Malwarebytes and Superantispyware log's.

Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

So, in your ... Read more

1 more replies
Relevance 52.89%

Hello,

For the last 3 days my PC has been infected. My search engines redirect, browser pages automatically open, and my virus removal programs are being prevented from running. I have tried Spybot, Symantec, Malwarebytes and Spyware blaster and have gotten several error codes have running for a few minutes. I am using a Dell with Windows XP. I've noticed when I search it goes to searchdoubleredriect.com first (per the status task bar at the bottom) then sends me to a bogue site. Can anyone please give me some advice as to how to remove?
Thanks.

Answer:Can't Remove Bad Malware Virus

Welcome to BCLet's see what we can doWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.----------------------------------Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to HighAlso try: right-click on rootrepeal.exe and rename it to tatertot.scr===========================Please download Win32kDiag.exe by AD and save it to your desktop.alternate download 1alternate download 2This tool will create a diagnostic report Double-click on Win32kDiag.exe to run and let it finish. When it states Finished! Press any key ... Read more

1 more replies
Relevance 52.89%

I have had problems with my Computer when I had Winxp well I had installed windows 7 and have been using my old harddrive as an external harddrive ( the one that was infected).I had used hijackthis. here is my log. Please help me, as i am constantly being heckled with iexplore opening with ads. I have figured out a temp fix, ( Denied permissions to the Temp folded, but then I cant install any new programs). Your help is greatly appreciated.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:46:40 AM, on 4/17/2010Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:E:\Windows\system32\taskhost.exeE:\Windows\system32\Dwm.exeE:\Windows\Explorer.EXEE:\Windows\System32\igfxtray.exeE:\Windows\System32\hkcmd.exeE:\Windows\System32\igfxpers.exeE:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exeE:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exeE:\Program Files\Workspace Macro Pro 6.5\WMPHotkeys.exeE:\Program Files\4t Tray Minimizer\4t-min.exeE:\Windows\system32\taskeng.exeE:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exeE:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exeE:\Windows\system32\taskeng.exeE:\Windows\system32\tas... Read more

Answer:Please help me remove malware/virus

Hi alexosma,Welcome to Bleeping Computer.My name is mpascal, and I will be helping you fix your problem.Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:Be sure to follow all my instructions carefully! If there is anything you don''t understand, don''t hesitate to ask.Please do not do anything or perform other steps unless I have asked you to do so.Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.If you are unsure of how to reply, or need help with anything regarding the website, please look here.STEP 1 - Preparation GuidePlease follow the instructions in the Preparation Guide until you have reached step 6. You may stop once you have finished step 6 and continue with the instructions here.STEP 2 - MBAMPlease download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default setting... Read more

2 more replies
Relevance 52.89%

After following Windows XP cleanup procedure on a friend's Dell Inspiron, an antivirus scan still showed:
NirCmd
FakeAV-I
Generic-A
FakeVirPk-A
AutiInf-A
Virtum-Gen

I was unable to remove these (insufficient rights) even though I was logged in as an administrator.

During the cleanup procedure I was unable to run ComboFix
(32788R22FWJFW\nircmd.com Windows cannot access the specified device, path or file. You may not have appropriate permissions)

I am attaching (2 of) the relevant logs from the cleanup procedure. 2 more to follow.

Please note I am on a Mac (OS X tiger), and am 40 minutes drive from my friend's computer so cannot implement suggestions immediately.
Thanks in advance.
 

Answer:Still can't remove all virus / malware

This post is just to allow me to attach the remaining logs.
 

7 more replies
Relevance 52.48%

I have contracted this virus hoax that is demanding i pay money.

I have tried to launch in safe modes but it does not work just freezes.

help me please.
 

Answer:Police Malware Virus - I cant remove

What is the Operating system you are using?
 

8 more replies
Relevance 52.48%

I have downloaded two anti virus and gone through malware tips step by step guide to removal of malware but still arabyonline.com keep poping up whenever I open any webpage.please help i am sick of it
 

Answer:How to remove arabyonline.com pop up/malware/virus

Follow this topic and attach requested reports

http://malwaretips.com/threads/malware-removal-assistance-how-to-get-help.20334/
 

11 more replies
Relevance 52.48%

I have Clamwin AV & log file of the same for your reference where you can found lot of viruses . also Trend MIcro Hijaackthis is also pasted . pl give me solution to remove the viruses & malwares,

Clamvin Log file
Scan Started Sun Mar 29 09:45:14 2009

-------------------------------------------------------------------------------

C:\WINDOWS\system32\config\SECURITY: Permission denied

C:\WINDOWS\system32\config\SAM: Permission denied

C:\WINDOWS\system32\config\SYSTEM: Permission denied

C:\WINDOWS\system32\config\SOFTWARE: Permission denied

C:\WINDOWS\system32\config\DEFAULT: Permission denied

C:\WINDOWS\system32\LServer\tmp.edb: Permission denied

C:\WINDOWS\system32\LServer\TLSLic.edb: Permission denied

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ft7a8xde.default\places.sqlite-journal: Permission denied

C:\PAGEFILE.SYS: Permission denied

C:\WINDOWS\system32\i: Trojan.Downloader.Bat.Ftp.gen-1 FOUND

C:\WINDOWS\svchost.exe: W32.Jeefo-3 FOUND

C:\Documents and Settings\Administrator\WINDOWS\svchost.exe: W32.Jeefo-3 FOUND

C:\Recycled\Dc41.exe: Adware.BHO-837 FOUND

D:\System Volume Information\_restoreB3389F81-1D1D-4A7C-8A10-702E4F336ABB\RP6\A0000100.dll: Trojan.Small-7430 FOUND

D:\System Volume Information\_restoreB3389F81-1D1D-4A7C-8A10-702E4F336ABB\RP6\A0000101.dll: Adware.BHO-597 FOUND

D:\System Volume Information\_restoreB3389F81-1D1D-4A7C-8A10-702E4F336ABB\RP6\A0000102.exe: Trojan.Zlob-4128 FOUND

D:\System Vo... Read more

More replies
Relevance 52.48%

im currently using a samsung intel core i5 win7. i was recently using avg security but do to new virus and malware and i also believe missing dll files my computer is running super slow. My areo effects wont work when i log in it takes a very long time to load. When opening task manager there is the file taskmgr.exe in the processes and a couple others that should't be there or come up *** virus on the web. I decided to download Kaspersky and run full scan of my computer and after this process there were many virus/malware/trogan/ and security problems. One virus i found was the sality virus. with this message im also sending report. Thanks
 

Answer:i cant remove malware and virus on my compuer

Do as requested from the stickie at the top of this forum, you should have read that information before posting...

http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html

kevinf80
 

1 more replies
Relevance 52.48%

DDS:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Jason at 16:43:23 on 2013-02-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1118 [GMT -5:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
F:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
F:\WINDOWS\Explorer.EXE
D:\SASCORE.EXE
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
D:\Program Files\TeamViewer\Version8\TeamViewer.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
F:\Program Files\Google\Google Talk\googletalk.exe
D:\SUPERAntiSpyware.exe
D:\Program Files\TeamViewer\Version8\tv_w32.exe
D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
F:\WINDOWS\System32\alg.exe
F:\Program Files\Google\Chrome\Application\chrome.exe
F:\Program Files\Google\Chrome\Application\chrome.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Google\Chrome\Application\chrome.exe
F:\Program Files\Google\Chrome\Application\chrome.exe
F:\Documents and Settings\Jason\Local Settings&#... Read more

Answer:Got hit with a virus/malware and not sure how to completely remove it

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
Do not install any other programs until this if fixed.[/b]
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass... Read more

3 more replies
Relevance 52.48%

Hello,
 
I recently downloaded a torrent from thepiratebay.se. I wound up downloading a bundled program as well called Privitze VPN.  Right away, I noticed something was wrong with my Google home page and went into my Control Panel (Win 7, 64 bit) to remove the program.  I removed it.  I also ran a scan through Norton 360 and no hits showed up for any malware or viruses.  I also ran Malwarebytes and this program too had no hits.  I've gone back into Google several times since then (6/10) and the "searchou.com" still shows up and then switches to google\webhp.  I've had little success searching for ways to restore the browsers (google and ie) to their original state.
 
Can you offer any guidance?

Answer:searchou.com - Malware? Virus? Can't seem to remove this.

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Up... Read more

13 more replies
Relevance 52.48%

Hello, I seem to be having a peculiar problem. My computer has just caught a virus or a malware of some sort and I'm having a lot of trouble getting rid of it. I have tried several of the popular antimalware softwares including Malwarebytes, all to no avail. Also my anti-virus software has clamped up and is now totally useless.Here is a brief description of the problems I'm facing:1)I'm unable to access certain websites. Some of them are popular websites like CNet while some are ones I regularly frequent including random forums I'm a member in. Though I'm able to access them perfectly fine using a proxy.2) The real-time protection guard of any antivirus I install perpetually appears to be off and I can find no way to switch it back on. I was using Avira and when I discovered that I could no longer switch its guard on. I proceeded to uninstall it and install Avast, only to find the same situation repeat itself.3) A popular software I use Daemon Tools has also stopped working and throws an error now whenever I try to run it. The error goes something like "DT needs Win2k or higher. Or Kernel Debugger must be disabled".I'm convinced that this is all the work of a single entity and I've tried every solution I've come across through Google. But nothing seems to work. I'm deeply grateful if anyone can give me a hand in resolving this issue.Thanks in advance and any help is greatly appreciated. :)

Answer:Unable to remove this virus or malware

'you MUST reinstall windows before it get worse enough to harm your computer.'Bad advice...there are always progs that can fix any malware problem.Try these 2 free fully working trials....1- Trojan Removerhttp://www.simplysup.com/tremover/d...2- Hitman Prohttp://www.surfright.nl/en/downloads/Run them both till they run clean.If that doesn't remedy the situation then you can try combofix, that works when others fail...follow the guide and you should be fine:http://www.bleepingcomputer.com/com...Some HELP in posting on Computing.net plus free progs and instructions 7 Golds

32 more replies
Relevance 52.48%

Hello 
 
I have been trying to identify a problem I am having with my laptop for work. I had been running AVG Free 2014 successfully until about a week ago when I started having problems. I found this forum by searching for the issues I was having with AVG & group policy, inactive connection, system administrator error messages.
 
I have been able to remove the AVG program, but not been able to re-install it successfully. I have downloaded and run Malware bytes free program and the Kaspersky free system scan tool - to no avail. I have seen people post for assistance using the DDS.txt program to get the ball rolling; please see below for the DDS.txt results.
 
I have little knowledge with computer systems, but can follow detailed instructions well. I am hoping someone can help identify and eradicate the problem(s) at hand, maybe even identify how to avoid getting them in the future.
 
Regards,
 
AJ
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.55.2
Run by andjoh at 9:37:25 on 2014-07-02
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3690.956 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Win... Read more

Answer:Need help to identify & remove virus/malware

hello and welcome to Bleeping Computer,Please run the following:Refer to the ComboFix User's GuideDownload ComboFix from the following location:Link * IMPORTANT !!! Place ComboFix.exe on your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.You can get help on disabling your protection programs hereDouble click on ComboFix.exe & follow the prompts.Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.When finished, it shall produce a log for you. Post that log in your next replyNote:Do not mouseclick combofix's window whilst it's running. That may cause it to stall.---------------------------------------------------------------------------------------------Ensure your AntiVirus and AntiSpyware applications are re-enabled.---------------------------------------------------------------------------------------------NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

15 more replies
Relevance 52.48%

Hello I have a few problems with windows vista and Im using firefox but everytime I run firefox yahoo toolbar ask me to change my time and date to the sorrets date and time. When I do that. I lose my internet wireless settings and cant connect to the internet. I have to call the internet proviter to fix it back, So now I know its something wrong.I also tried to remeove yahoo tool bar but I dont see it in the uninstall section. I know there is more stuff wrong with this computer. can you please help me clean everything out so it can run better and normal. I keep getting security warning too. Please help

Logfile of HijackThis v1.99.1
Scan saved at 9:52:04 AM, on 6/21/2004
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\GamingSquared\Gaming2\G2.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD... Read more

More replies
Relevance 52.48%

Hi, my computer has been infected by a virus that keeps reappearing. Symptoms are - keeps dropping the broadband connection and asking to connect by dial-up. I use Firefox as my browser but it keeps putting IE7 offline and so MSN messenger won't work. Norton Antivirus keeps reporting various dlls and exes which it cannot repair or delete. Spybot continually reports smitfraud-c toolbar. Windows tells me that some files have been changed. I do not have the required windows XP SP2 disc. My system was reinstalled a few months ago by professionals. I only have the SP1 disc which came with the computer!

System info - Windows XP SP2, 2GB RAM. Norton SystemWorks 2003 with firewall and Antivirus. MS Windows Defender. All meticulously up to date.

Many thanks for any assistance
Graham

Hijack This log removed, not always helpful.
 

Answer:Malware/Virus infection. Need help to remove, please

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
Bitdefender
Panda Scan
HijackThis

.
 

33 more replies
Relevance 52.48%

Hey! somehow I got the windows tools malware installed on my computer (wtools, PIB.exe, Wsup.exe ... ect)

For some reason my computer will NOT boot in safe mode! This sucks because I cannot delete the files needed to remove this program. They are in the folder %program files%/common files/wintools/


-I have tried to disable these processes. Access denied.
-I have tried to remove the files. Access denied.
-I have loaded windows repair from the CD and tried to access the directory. Access denied. Using Administator account too!
-I have tried using knoppix. Access denied to these freakin files.

What can I do to remove these files without booting into safe mode?

Thanks a mil

Answer:Cant remove virus/malware files

Please run HijackThis and put your log file in the HJ forum. Don't fix anything unless you know for sure what you're fixing. There may be something there that is not allowing you to get rid of the wtools files.

Dave

2 more replies
Relevance 52.48%

I downloaded and scanned using GMER as instructed, but this crashed my system twice...I removed the virus (or so I thought) using McAfee, Malware Bytes anit malware and spybot search and destroy. Since then my less than one year old Toshiba Satellite is moving much slower and I still occasionally find new malware. Please help me. (I also have Hijack This)DDS (Ver_09-12-01.01) - NTFSx86 Run by Owner at 11:01:49.56 on Wed 02/24/2010Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_18Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2939.1792 [GMT -6:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe... Read more

Answer:had virus, removed malware, but still can't remove all

Greetings brianch and Welcome to the Forums,Please uninstall these:Java™ 6 Update 6LimeWire PRO 5.4.6When the uninstall's complete, reboot the computer.Please download combofix from This Webpage...and read through the instructions there for running the tool.***Important Note***Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED. If you have Windows Vista, you can skip the recovery console step...in Vista it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems. The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.Once installed, a blue screen prompt should appear that reads as follows:The Recovery Console was successfully installed.When you see that screen, please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a log file for you. Please post that log back her... Read more

28 more replies
Relevance 52.48%

Hi, I found some popups and applications that appeared on my computer a couple days ago. Application seems to be called Malware Defense and generates warnings asking me to activate it. Obviously I haven't done anything except try to close/delete/remove the app with no luck. Getting warnings of Trojan-Downloader.JS.Multi.ca, Virus.Chin09 and some other similar virus names. Didn't do anything different of note, so not sure how I got this virus.

Computer info:
Win XP SP2
Symantec Anit-Virus, version 8.1.1.314, Def. File Date 12/19/2009

Realtime file scan protection is continually disabled by the virus.

I can't execute the gmer.exe application, I assume the virus is blocking this somehow?

Below is the DDS.txt log and attached is the ATTACH.txt log from the dds.scr run.

Please let me know if you need any other information.

Thank you in advance for any assistance you can provide with this!


DDS (Ver_09-12-01.01) - NTFSx86
Run by Steve at 16:50:36.46 on 28/12/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1288 [GMT -5:00]

AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\... Read more

Answer:Malware/Virus attack - need help to remove

Let's try this version of gmer.


Download GMER Rootkit Scanner from here to your desktop. Double click the exe file.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

19 more replies
Relevance 52.48%

Hello.

I have had an issue since about Thursday night and have been trying to remove the malware program and have been unable to.

The program appeared on Thursday night and what it shows is a yellow triangle with an exclamation mark on it in my taskbar. It constantly tells me that there is malware but I don't click it because it begins to install some program.

I have checked my add/remove programs and have removed what has installed itself, but they just come back or are replaced by something new. Currently the one on there is called command. I tell it to remove and it spawns an explorer window to their website and asks me to download something else to remove it, which I don't do because I refuse to download something else from them when I never downloaded anything in the first place.

The virus/ malware constantly spawns advertisements in explorer windows for numerous websites and products. I have had this problem before on another computer and it was spysherrif and I ran smit fraud fix in safemode and it fixed the issue. But to my problem, Smitfraud fix does nothing.

I did everything in your read me and run me first guide and it did claim to remove numerous spyware but I couldn't tell you what.

I'm an MCP so I am not totally dumb with pc's but this virus is kicking my butt and I need help.

I am attaching my hijack this log along with the logs from counterspy, bitdefender,
 

Answer:Virus/Malware hard to remove

Here are the balance of the files you ask for. Hope you guys can help. I really don't want to reformat and start over.

Thanks

Franklin
 

4 more replies
Relevance 52.48%

So I have been having a problem with non-stop ads, malware/spyware. I cannot remove them no matter what I try. I need some guidance to the proper logs to post and what to do.
 
Thanks

Answer:Spyware/Malware/Virus Cannot remove....

hi Ax1266,
 
 
Your post is a few days old. If you still need help download FRST.exe and post its log.
Please download Farbar Recovery Scan Tool and save it to your Desktop:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    Right-click FRST then click "Run as admin"
    When the tool opens
    click Yes to disclaimer.
    Press the Scan button.
    When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
    Please copy and paste the log in your next reply.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

23 more replies
Relevance 52.48%

Dear People :),
Thank you for any help in advance!

I belive i have a virus that is proving too much for me to handel.
The first thing i noticed was that a warning notice appeared telling me that my fire wall had been turned off.

I was running AVG 8.5 and this reported that i had gotten an infection but it could not remove all of it.


I tried to remove the virus myself but failed. Part of this process involved my having to disable AVG 8.5.... I will never install that software again! It was swine to remove!

After some issues with not being able to even see my desktop (which fianly returned) i know i need help.

I found the Combo fix site and read on it whaty it was for and ran it. IT did not seem to help... It was only after that i read the information on THIS site about NOT running it with out guidence from the pros :(

AVG reported that i had the following:

Trojan horse SHeur2.VXC
Trojan Horse Generic13.GF
Trojan horse SHeur2.UJT
Trojan horse SHeur2.XPK

There may have been otheres too.

I have also carried out an online virus scan with Mcafee which reports that i have:

\All my Files\Karaoke\vkaraoke.exe W32/Virut.n.gen
C:\Converted\TortoiseCVS\src\putty\pageant.exe W32/Virut.n.gen
C:\Converted\TortoiseCVS\src\putty\puttygen.exe W32/Virut.n.gen
C:\Converted\...\SharedDlls\vcredist_x64.exe W32/Virut.n.gen
C:\Converted\...\SharedDlls\vcredist_x86.exe W32/Virut.n.gen
C:\Converted\TortoiseCV... Read more

Answer:Help needed to remove virus/malware

Hi there

I'd like to confirm what I feel will be bad news for you. If I am correct then it will mean a format of this machine

Please go to: VirusTotal

In the middle of the page you'll find a "Browse" button.



Click the "Browse" button and browse to this file in RED:

c:\documents and settings\deedees\reader_s.exe

Click "Open".
Then click the "Send File" button at the bottom of the VirusTotal page.
This will scan the file. Please be patient.
If you get a message saying File has already been analysed: click Reanalyse file now



Copy and then Paste the results in the next reply.

6 more replies
Relevance 52.48%

Hi

I have the same issue....If you could help that's would be great

Thanks
 

Answer:How to remove arabyonline.com pop up/malware/virus

Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Open FRST, and click Fix. Attach me that report after it is finished.

***** NEXT *****​
Is is fixed now?
 

1 more replies
Relevance 52.48%

I have been experiencing pop ups and various other problems and despite running avg virus scan, spybot search and destroy and other malware removal scans I cannot remove the cause from my system. I am still getting pop ups despite changing my virus protection to avast.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:19:12, on 10/06/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C... Read more

Answer:Unable to remove virus/malware.

16 more replies
Relevance 52.48%

After running a spybot scan it comes up with 2 infections but is unable to remove them, it shows they are in the registry, the ones it can't remove/ keep coming back are called:

SafeSaver.BHO
W3i.IQ5.fraud

Malware bites cannot detect them yet spybot is showing them as a severe threat can anyone help me remove them or link me to something that can

Answer:Unable to remove virus/malware

I'm not entirely sure, but I think Spybot S&D isn't what it once was. I'd suggest checking with an alternative. Try the ESET on-line scanner - it is highly regarded.

Free Virus Scan | Online Virus Scanner from ESET

9 more replies
Relevance 52.48%

So I have been having a problem with non-stop ads, malware/spyware. I cannot remove them no matter what I try. I need some guidance to the proper logs to post and what to do.
 
Thanks

Answer:Spyware/Malware/Virus Cannot remove....

Hello Ax1226 and welcome to BleepingComputer!     
 
My name is Sirawit and I'm here to help you.
 
Please note that I'm currently in training and my fixes need to be check for approval first, that may delay our fix a bit, but I will normally reply back in 24 hours.
 
If I don't reply after 2 days, feel free to PM me.     
==========================================================================Some points for you to keep in mind:
Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I wo... Read more

3 more replies
Relevance 52.48%

Your kind assistance is also required as I have the same problem... attached are the addition text and frst..
 

Answer:How to remove arabyonline.com pop up/malware/virus

Hi,

Before we begin, I want you to have this in mind:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like ever... Read more

1 more replies
Relevance 52.48%

hello guys i wish u can help me with this problem
 

Answer:Please help How to remove arabyonline.com malware/virus

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

8 more replies
Relevance 52.48%

is that what u want me to upload ?
 

Answer:How to remove arabyonline.com pop up/malware/virus

Hello,

What is your problem?
 

1 more replies
Relevance 52.48%

I posted twice before but no one responded. If I am in the wrong forum or I am doing something wrong can someone please enlighten me.

I'm still in need of help to clean my system of malware/adware or virus. I strongly suspect that something is affecting my pc performance. I also have weird sounds from mouse/windows events and I do not have any sound schemes enabled. I post my HJT log below.

I appreciate any help that I could get to detect/remove any infections.

Thanks

Imr1226
Logfile of HijackThis v1.99.1
Scan saved at 10:34:42 PM, on 3/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\c... Read more

Answer:Need help to remove possible malware/spyware/virus.

Hi, The HJT log looks fine- just to make sure no malware is on the system, scan online at one of these sites, or both if you wish....and, post the results as it says in the directions:

Hijackthis this does not show all malware- this is why I am asking that you scan.

HERE to run Panda's ActiveScan
Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Or this one: Kaspersky

Please go HERE and click Kaspersky Online Scanner
Read and Accept the Agreement
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
If you see a Windows dialog asking if you want to install this software, click the Install button.
The program will launch and then begin downloading the latest definition files,
When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
Click on ... Read more

1 more replies
Relevance 52.48%

Please help me to get rid off whatever it is infecting my laptop. Thank YOU.

1. I did norton 360 scan, found 55 infection and removed it. However everytime I do a scan,
the exact same threat warning message shows up again.
2. Then I did pctools scan and found following threats:
1. Adware.Huntbar
2. Spyware.Known_Bad_Sites
3. Application.TrackingCookies
4. HeurEngine.ZeroDayThreat
5. Application.WhiteSmoke
3. So, I ran Hijack this and here is log. Please Help me!!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:18 PM, on 1/22/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\SysWOW64\Dll... Read more

Answer:Spyware, Malware, Virus ---Help me to remove it, please

16 more replies
Relevance 52.48%

Hi, would appreciate some help in removing a particularly pesky virus that just won't die.

Here is the HijackThis log.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:24:08 PM, on 12/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
F:\Program Files\Spyware Doctor\svcntaux.exe
F:\Program Files\Spyware Doctor\swdsvc.exe
F:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Spyware Doctor\swdoctor.exe
F:\Program Files\Internet Download Manager\IEMonitor.exe
F:\Program Fil... Read more

Answer:Posting for Help to Remove Malware / Virus

Hi and welcome to TSG,

Download the LSP Fix:

http://cexx.org/lspfix.htm

Launch the application, and click the I know what I'm doing
checkbox.

Check all instances of spjvshim.dll (and nothing else), and move them to the "Remove" pane.

Then click Finish.

Now delete this folder:

The C:\spjavashim
Download and install AVG Anti-Spyware v7.5. Note to AVG Free anti-virus program users only: This is not the same program as the one you already have, this is an anti-spyware program so please proceed with the instructions.

After download, double click on the file to launch the install process.
Choose a language, click "OK" and then click "Next".
Read the "License Agreement" and click "I Agree".
Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. As AVG Anti-Spyware may interfere with some of our other fixes, we are temporarily disabling its active protection features until your system is clean, then you can re-enable them.
Then right click on AVG Anti-Spyware in the system tray and uncheck "Start... Read more

1 more replies
Relevance 52.48%

Over the weekend, I installed bittorrent (against my better judgment), installed Daemon Tools from a crack site, and downloaded a 4gb torrent (game). At some point in the process, my system became infected.

I use Avast, Zone Alarm, SpyBot, and Firefox.

Yesterday, I heard spontaneous audio commercials when no browser was open. Zone alarm also blocked attempts of a file msb.exe to connect to the internet. ZA also blocked an attempt of Word to access the internet when I didn't have Word open. Occasionally, IE will open with a page that says connection could not be established. Avast has found a few suspicious files and deleted them. Spy bot found several suspicious files, but could only "fix" about half of them.

Please help...I'm at a loss.

Here is my DDS log and the others are attached.

More replies
Relevance 52.48%

Ok this is weird. I run Ntl netguard, and Spyware Doctor. A few days ago, SpyDoc refused to auto update. Nothing strange thought I, site must be down.

Well its been four days now. Then I noticed I couldn't connect to Microsoft to do updates either. On further investigation, I found I can't connect to ANY legit malware sites. I have run Spybot, Ntl netguard, Malware Byte's anti malware, and Norton AV, none found anything wrong.

However, I tried setting up a proxy within Firefox, and CAN connect to the sites I couldn't otherwise. (albeit incredibly slowly).

As things stand, I can't update any malware software, and assume my poor PC must have caught something new and nasty.

Please help

Hi jack this follows:-

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:08, on 19/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterSer... Read more

Answer:Help Pls! Can't update Malware Protect or Visit Any Malware Sites

sorry, bump
 

2 more replies
Relevance 52.48%

G'day, I just posted this thread to let you guys know about my security programs.

I need recommendations from you guys so that I can improve my PC security level.

Here are some programs that I use to protect and speed up my PC.

* Avast! Internet Security 6.
* SUPER Anti Spyware.
* Hitman Pro 3.5
* MalwareBytes Anti-Malware.
* Advanced System Care 4.
* Auslogics BootSpeed.
* CCleaner.
* Shadow Defender.

So, that's it! Hope you guys give me more suggestions and software.

I highly need recommendations from MalwareTips users. Are these softwares good enough? Do I need to add more programs to protect my PC?

Regards,
- CycloneT.
 

Answer:Are these programs good enough to protect my PC?

Locked. No multiple accounts allowed. Please decide on the account you want to use and reply to my private message.
edit: OK, issues regarding multiple accounts are now sorted out. Thanks for understanding.

It might be better to start a thread in Security Configuration Forum and provide the information requested in the form. In the end it might not be about what security software you use but about how you use it.
 

7 more replies
Relevance 52.07%

My assistant somehow got ThinkPoint installed on her computer (the Norton AV software was expired) through a pop-up window while on Ask.com. Now i can't get it off. I can't install any of the removal tools - a window pops up which reads "***.exe is not a valid win32 application" whenever I try to install them. With MBAM, I even tried saving the program under a different name and file extension, but to no avail. Any help would be appreciated. I'm running rootrepeal right now, and will post the log when it's done. In the mean time, i've attached the requested scan logs and the following is the DDS.txt log:

DDS (Ver_10-10-21.02) - NTFSx86
Run by Arlene at 11:38:43.25 on Thu 10/28/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.323 [GMT -6:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Fi... Read more

Answer:ThinkPoint virus-can't remove with malware tools

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open wit... Read more

2 more replies
Relevance 52.07%

After downloading some pdf files, laptop is now infected wit this virus called A1 PC Cleaner. It is not available on the uninstall program list. I did a google search and couldn't find anything. Does anyone know how do I safely remove this virus/spamware/malware? The laptop is running windows 7.

 

Answer:How to remove A1 PC Cleaner virus/spamware/malware?

8 more replies
Relevance 52.07%

Hello.I recently took my usb drive to get a few printouts done from a PC shop. When I connected my usb at home later, it shows the space occupied by the files, but all the files are gone, and there is just a shortcut with the drive name inside. When I click on it, i get an error message that says -"There was a problem starting /gIug.eGsKwO0cEqS4WyQsUm4W8kCoQCeGsUmEqIkMyaiKS6iKwYAmOqS4Y0cE0cOgUThe specified module could not be specified."Can i somehow get rid of this malware/virus and retrieve my files at the same time? Please help me out.Thanks a lot

Answer:USB virus/malware - how to remove it and save my files ?

Can anybody help ?? 

4 more replies
Relevance 52.07%

Hello.I recently took my usb drive to get a few printouts done from a PC shop. When I connected my usb at home later, it shows the space occupied by the files, but all the files are gone, and there is just a shortcut with the drive name inside. When I click on it, i get an error message that says -"There was a problem starting /gIug.eGsKwO0cEqS4WyQsUm4W8kCoQCeGsUmEqIkMyaiKS6iKwYAmOqS4Y0cE0cOgUThe specified module could not be specified."Can i somehow get rid of this malware/virus and retrieve my files at the same time? Please help me out.Thanks a lot

Answer:USB virus/malware - how to remove it and save my files ?

Can anybody help ?? 

4 more replies
Relevance 52.07%

As the title states, will system restore remove a virus/malware?

I'm on Vista 32bit home. The problem I'm having is that IE opens a new tab, usually celldorado.com, and another pop-up comes up saying I'm infected and to do a scan now, it was spyware-secure.

Well, I'm new to computers and I downloaded the spyware-secure thing which on further research seems to be a virus or malware program and not anti-spyware. I have now uninstalled it via the control panel and it seems to be gone...

I've read articles on other forums with people having the same problem with IE opening a new page (cellorado) and the fix seems a long process...I will do this process if neccessay will system restore clean up my pc???

Thanks
 

Answer:Will sysytem restore remove a virus/malware?

Is ths not a simple yes or no answer? I've searched the forum to see whether this question has been answered before but can't find it...

Also there are several restore points titled "Application kill"...I searched for this and some people seem to say it's a problem while others seem to say it's not aproblem...any advice on this?
 

1 more replies
Relevance 52.07%

Hello, like most I am fighting some popup malware/spyware/virus and have tried many things but they seem to keep killing the spawned files and not the source that is creating them.Files like these keep getting spawned in my windows directory:sys011334692596-.exeSometimes they start with a 'ms' or a 'win32' , then a bunch of randome numbers. I am guessing these are the files being spawned by a trojan or whatever, but nothing I have tried can get teh actual source, so they keep comign back. Ewido anti-spyware is saying they have a Downloader.VB.akq in them, however its not finding what is spawning them.I also get the Duce6.exe respawning all the time too, even after manually deleting it and having spyware removal software try to delete it (again, not getting to the source).Any ideas for me?Here is my HJT Log:Logfile of HijackThis v1.99.1Scan saved at 12:14:50 PM, on 8/21/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\system32\drivers\C... Read more

Answer:Trying To Remove Some Popup Malware/spyware/virus

Hey there delahuerta.I'm pretty sure that you have been infected with the latest link-optimizer rootkit.These files are hidden from normal view, and it's imperative we remove these files as soon as possible.1) It is a good idea to print off these instructions:This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above. A print out of the instructions would be a good reference to make sure you don't yet lost.Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!If you have any queries about the process or just general questions, just ask.2) Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:R3 - Default URLSearchHook is missingO2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)O2 - BHO: Class - {7F930064-260E-B0C2-9EFB-0727EBD828C3} - C:\WINDOWS\mukdx1.dll (file missing)O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exeO4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exeO4 - HKLM\..\Run: [sys011334692596-] C:\WINDOWS\sys011334692596-.exeO16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.n... Read more

25 more replies
Relevance 52.07%

Hello.

Here is the information on my machine:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD Phenom(tm) II X4 840T Processor, AMD64 Family 16 Model 10 Stepping 0
Processor Count: 4
RAM: 5887 Mb
Graphics Card: ATI Radeon HD 4200, 256 Mb
Hard Drives: C: Total - 940553 MB, Free - 810575 MB; D: Total - 13212 MB, Free - 1623 MB; H: Total - 58621 MB, Free - 13424 MB;
Motherboard: FOXCONN, 2AB1
Antivirus: Kaspersky Anti-Virus, Updated and Enabled

The symptoms: the machine was running quite slowly so I went into "add/remove programs" to see if anything new had been installed. There were several programs that were installed that I had not authorized. I removed them. The system is now much quicker, but boxes keep popping up from Kaspersky saying that web sites have been blocked and that there are malicious programs on my computer. Kaspersky blocks them o.k., but doesn't offer me a clue as to how to remove them.

Can anyone help?
 

Answer:Virus Program Blocks Malware But Cannot Remove It

10 more replies
Relevance 52.07%

For the past several days my computer was infected with something called MS-039 or something. I google'd how to get rid of it and found a website that told me to download the patch update from the windows website, however there was a patch for every version of windows except for Vista, which is what i'm currently running. So i followed the other steps it had told me to download which were things like Malwarebytes and other malware/adware removal tools. After i did that i feel like it was removed, however the traces or the havoc the virus or trojan left is still messing with my computer. I can tell my computer is noticeably slower in terms of the processing speed when i'm gaming, trying to connect to the internet, opening things like office, and more. What's been also really really weird is that my screen goes from the updated 2010-11 window of nice 3 dimensional toolbars and borders to the old school 2003 windows boxy and a old white tool bar. Occasionally when i select my mozilla firefox(my main browser), while a page opens up i also am redirected with another open page to a random usually ad-like website. My brother had helped me make an account here because he said that you guys are amazing at helping people fix their computers. He downloaded the program that runs the DDS or whatever and so here it is.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22
Run by Aaron at 22:15:47 on 2011-08-27
Microsoft? Wind... Read more

Answer:I need some advice on how to remove this virus/trojan/malware i'm not sure what it is.

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/416452 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 52.07%

Hi and thanks in advance for anyone who might read this and offer help. I have been infected with malware/virus that just won't go away. I believe it's some form of the Trojan Vundo virus. The main symptom is that I have continuous popups as well as "invitations" to install programs to clean up my infected computer. More recently my computer has gotten sluggish and at times barely moves. I also get a message on occasion about Buffer Overrun Windows/explorer.exe (or something close). I have tried various fixes including Vundo Fix, several virus scans such as Norton, TrendMicro Housecall, Panda, etc. Most remove some files but there is always something left over. Currently the file that won't go away is ddcyayy.dll I am at a loss on what exactly to do next, but from reading other posts on this website I believe others have had similar problems and have been helped. Thanks again for any help you might be able to give me.

Answer:Virus/malware Problem Can't Remove Ddcyayy.dll

Hello SuzyQT1968ddcyayy.dll is vundo related. Some variants of vundo may not be detected by Vundofix so the "Add more files" or "Drag & Drop" options are other ways of ridding this malware. These files need to be identified and posting a hijackthis log will enable an expert to advise you which files to add if you continue to have problems. If the infection remains after using VundoFix, then you should post a hijackthis log. Please read and follow all instructions in the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install HJT in the proper location.)Important: Some variants of vundo malware will hide certain entries in a hijackthis log to prevent detection so you need to rename HijackThis before using it.After installing HijackThis, open My Computer or Windows Explorer and navigate to the HijackThis Folder.Inside the folder, right-click on the HijackThis.exe file and rename it Scanner.exe.Double-click on Scanner.exe (which is still HijackThis) run a scan, save the logfile and copy/paste it into a new topic in the HijackThis Logs and Analysis Forum, NOT here, for assistance by the HJT Team Experts.Give your topic, a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on y... Read more

1 more replies
Relevance 52.07%

I have tried multiple programs to try and fix this problem. I have ran Ad-Aware and AVG 7.5. Although it says it has "fixed/deleted" the "virus" or spyware, it doesn't seem to be working? I have been on one of these sites before to "manually" remove the virus/spyware on my computer and it was successful.

Please help me kill this thing!!!

Thank you.

P.S. Sorry for any late responses. My computer is VERY slow and sometimes it's too slow to the point where I cannot get online. Please bare with me. Thanks!!

Answer:HELP!! Can't seem to fix/remove Trojan/Spyware/Malware (virus)

Hi and welcome to TSF.
Follow these steps carefully and post a Deckard's System Scan log in the HiJackThis Log Help forum. If you can't follow any of the steps for any reason, please make a note of this in your reply. Please be patient as our analysts are very busy.

1 more replies
Relevance 52.07%

Hi,My computer is infected or maybe hacked. It acts wierd, on running scans many tracking cookies were detected. Also my friends are complaining that they are recieving email invitations from me, when I haven't sent any. I do remember clicking on a similar email from my friend, and when I was asked to register I closed the window..it seems like my one click has led to my email hacking or atleast my contact list copied. Well, the email is not the only problem, i have detected tracking cookies in scans, and my computer is also acting wierd.I followed the steps required for posting here:DDS report:DDS (Ver_10-03-17.01) - FAT32x86 Run by abc at 18:36:50.68 on Mon 09/13/2010Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.247.24 [GMT 5.5:30]AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchSVCHOST.EXEC:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\WINDOWS\system32\svchost.exe -k netsvcsSVCHOST.EXESVCHOST.EXEC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\COMODO\COMODO Internet Security\cfp.exeC:\PROGRA~1\ALWILS~1\Avast5&... Read more

Answer:Help remove:virus, malware and tracking cookies and more

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

82 more replies
Relevance 52.07%

I've named it the 2chkdsk as it's the word i get most info when searching google.

it's pretty easy to spot.. but rather difficult to remove. It has busted my brains for a while.

I'll try to describe the steps as easy as possible and I believe not everyone will follow. It's a rather 'primitive' way of doing so.

The virus itself replicates through dll files that attach to explorer.exe or iexplore.exe... so making it difficult to delete (as file is locked). i do have a copy inf unlocker assistant which allows you to 'unlock' files and kill processess (useful for deleting jammed files).

to find out dll files, run msconfig and recognise the rundll which will tell you the dll to delete. you will be able to delete this one.,, but on every restart.. a new one will appear.

to find the root dll files... i did run hijackthis and did discover which ones. also discovered it 'leeches' onto winlogon.

to delete the source files, remove all cookies and temp folders (manually). locate from %systemroot%\system32\ the dll's. they are hidden.. so will be easy to locate and have a generic name which stand out from other dll's.

mine were: ljjkigh.dll, ddcyw.dll, gebywwx.dll. these were all hidden dll's.

if oyu boot from safe mode.. you will still not be able to delete these as they are 'leeched' onto winlogon, explorer and maybe another app.. so... this is the killer:

remove the hhd and connec... Read more

Answer:remove the 2chkdsk virus/spyware/malware

Welcome to Majorgeeks!

What you are describing is Virtumonde also called Vundo and we have tools and procedures to remove this. You do not need to remove the hard disk from your system to fix this. Our fixes are rather easy.

Based on what you described you may still have some other hidden files related to it on your PC. You should run our standard cleaning procedure ( the READ & RUN ME sticky thread) which will show us whether you still have files from the infection on your PC.
 

1 more replies
Relevance 52.07%

Even tho I know the best thing to do to about these is to use Linux and I have used it for long myself, but when it comes to servicing customers, I can not ask everyone to use Linux.

If someone calls me and says they thing they have a virus and I am unable to see any such virus activity, how do I find out if there's a virus without taking a long time to install and scan with different AV scanners?

Also there may be malware when I am just scanning for virus. The best way for malway I have seen is to reformat C Drive ( since I use drive image to backup C drive's image to another partition for all our clients)

How do you find this out in minimum time and what is the best tool for removal? I mean the BEST tool. I have used almost all good ones and still they miss on something or other which others can scan and remove.

Regards,
RS

More replies
Relevance 52.07%

Trend Micro OfficeScan detected two objects, BKDR_TDSS.V and BKDR_TDSS.T, which it says it is unable to delete. They are supposedly located at C:\WINDOWS\system32\TDSSaewii.dll and C:\WINDOWS\system32\TDSSurta.dll, respectively, but I can't find any such files in the system32 folder.

Any tips on how to locate and remove these things? I'm pretty much clueless when it comes to computers, so if there's a specific process I have to do, I'd appreciate a step-by-step explanation if it's not too much trouble.
 

More replies
Relevance 52.07%

Como puedo hacer para eliminar el virus o malware somoto o cualquiera de sus molestas variantes de mi computadora dede ya muchas gracias

Answer:remove virus malware somoto of computer

Automated translation:How I can do to eliminate the virus or malware somoto or any annoying variation of my computer dede of already thank you======================================================Start by installing and running this free malware checker:http://www.filehippo.com/download_m...

3 more replies
Relevance 52.07%

Hi, I've been getting repeated alerts from my anti-virus software that I have a virus/maleware/trojan that it is unable to remove. It lists this as 'services.exe'. I dont have any issues so far but I want to take care of this before it becomes a big problem. So far the only problem I think caused by this was my audio driver was corrupted which cause no sound without headphones. I resolved this by installing a new driver with the help of the manufacturer tech support. My sound works fine, for now.

My computer information is

HP Pavilion Dv7
Windows 7 64 bit
Below are the logs that you requested:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:06:23 PM, on 11/18/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C... Read more

Answer:Unable to remove services.exe malware/virus.

11 more replies
Relevance 52.07%

I have run ADwCleaner three times and it indicates that AVG Secure Search has been deleted. But it keeps coming back. Google search led me to an AVG site which showed how to remove it. AVG said it was malware or a virus. I couldnt figure how to interpret their answer..
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD Athlon(tm) II X2 250 Processor, AMD64 Family 16 Model 6 Stepping 2
Processor Count: 2
RAM: 3839 Mb
Graphics Card: NVIDIA GeForce 6150SE nForce 430, 256 Mb
Hard Drives: C: Total - 599194 MB, Free - 520306 MB; D: Total - 11182 MB, Free - 1617 MB;
Motherboard: PEGATRON CORPORATION, Narra6
Antivirus: PC Cleaner Pro, Updated: Yes, On-Demand Scanner: Disabled
AdwCleaner v2.303 - Logfile created 06/24/2013 at 21:14:37
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jack Schwartz - JACKSCHWARTZ-PC
# Boot Mode : Normal
# Running from : C:\Users\Jack Schwartz\Desktop\MONTHLY SECURITY CHECKS\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search

***** [Registry] *****
***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

File : C:\Users\Jack Schwartz\AppData\Roaming\Mozilla\Firefox\Profiles\lsxpajl7.default\prefs.js

[OK] File is c... Read more

More replies
Relevance 52.07%

Hello.
 
I am not sure if this is the right place to post this. so please pardon me if it isnt.
 
I recently took my usb drive to get a few printouts done from a PC shop. When I connected my usb at home later, it shows the space occupied by the files, but all the files are gone, and there is just a shortcut with the drive name inside. When I click on it, i get an error message that says -
"There was a problem starting /gIug.eGsKwO0cEqS4WyQsUm4W8kCoQCeGsUmEqIkMyaiKS6iKwYAmOqS4Y0cE0cOgU
The specified module could not be specified."
Can i somehow get rid of this malware/virus and retrieve my files at the same time? Please help me out.
Thanks a lot

Answer:USB virus/malware - how to remove it and save my files ?

Hello saberrider, welcome to Bleeping Computer's Malware Removal forum!
 
My name is Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. 
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.
Ensure you read through my instructions thoroughly, and carry out each step in the order specified.
Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in providing the best set of instructions for you. 
If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
I will notify you when I believe your computer is free of malware. Please bear in mind, absence of symptoms does not necessarily correlate to absence of malware, so please wait until the "All Clean". 
Ensure you are following this topic. Click  at the top of the page. 
======================================================
 
What Operating System is your co... Read more

2 more replies
Relevance 52.07%

Hy I need help I downloaded this stupid antivirus call slimsclenerplus and it ended up giving me a virus and more now my laptop is acting up how can I delete everything on my computer so that the virus can disappear gone forever pretty please help me someoNE how can I start new I don't care if I have to delete everything
 

More replies
Relevance 52.07%

Windows Malware Firewall is a rogue security software which will report that malware has been detected on your computer in an attempt to scare you into buying this malicious software.
In reality, none of the reported issues are real, and are only used to scare you into buying Windows Malware Firewall and stealing your personal financial information.

As part of its self-defense mechanism,Windows Malware Firewall has installed a rootkit on your computer,which will disable the Windows Task Manager and will block you from running any program that could lead to its removal.

Windows Malware Firewall is a scam and you should ignore any alerts that this malicious software might generate.
Under no circumstance should you buy this rogue security software as this could lead to identity theft,and if you have, you should contact your credit card company and dispute the charge stating that the program is a scam and a computer virus.
Removal instructions for Windows Malware Firewall virus​This is a self-help guide, use at your own risk.
If you experience problems completing this guide, or the problem persists after following the instructions below or would like to have one of our staff members guide you through the process, please start a new thread in our Malware Removal Assistance forum.
STEP 1 : Start your computer in Safe Mode with Networking

Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.

Press and hold the F8 key as your computer re... Read more

More replies
Relevance 52.07%

Greetings,

I was directed here by Broni, after very kind attempts to rid my computer of the aftermath of the Windows Antivirus 2012 malware. Here is the link to that topic and the steps taken:

http://www.bleepingcomputer.com/forums/topic434179.html/page__p__2521639__fromsearch__1#entry2521639

My two existing problems are:

1. Google redirects

2. No Windows Firewall. When I attempt to check Firewall status, I get the "Update Your Firewall Settings" window and the message "Windows Firewall is not using the recommended settings to protect your computer." If I click on "Turn Windows Firewall on or off," or "Use recommended settings," I get "Windows Firewall can't change some of your settings" and error code 0x80070424c. Also, under dvcmgmt, the Windows Firewall Authorization Driver still displays a yellow exclamation mark.

I was guided to the Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help and advised to begin with Step 6. I have only the DeFogger log to post. I was unable to download DDS (the download link button simply wouldn't work, even on another, clean computer), and as I am running the x64 version of Windows 7, there was no need to run GMER. Please advise. I am very appreciative of all the help here at Bleepingcomputer.com.

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:03 on 24/12/2011 (Yort)

Checking for autostart values...
HKCU\~\Run values retri... Read more

Answer:Trying to remove stubborn redirect malware/virus

Thanks to Broni, I was able to download and run DDS. The DDS log follows; the Attach log has been zipped and attached. Many thanks in advance for your assistance.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Yort at 11:21:01 on 2011-12-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1518 [GMT -5:00]
.
AV: F-PROT Antivirus for Windows *Enabled/Updated* {31B7FFC6-2716-5A4E-528D-32786E690ED2}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe... Read more

4 more replies
Relevance 51.66%

I have been thinking a lot about some files I have on my computer. These are personal files and are not intended to be viewed by anyone else. I wonder if there are any secure ways of zipping or raring the files up and then put a password on the archive. How secure would that be?
 

Answer:Is there a good way to password protect files?

http://www.pgp.com/products/index.html

ZIP and RAR passwords are weak I think. Winzip has a proprietary encryption mode which is strong, but I would suggest something like PGP if you're serious about keeping it private.

Bear in mind that the encryption is only as strong as the password used to protect it and the care you exercise in keeping unencrypted copies of the data _off_ your hard disk. Remember, data can be recovered even if it's overwritten several times with zeros.
 

3 more replies