Computer Support Forum

Security Policies doubts after Malware Removal Tools

Question: Security Policies doubts after Malware Removal Tools

Hey Guys,
 
I Follow the 

CryptoLocker Ransomware Information Guide and FAQ
http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#decrypt
and set the security policies to avoid CryptoLocker attack my computer which are these 
 
Block CryptoLocker executable in %AppData%

Path: %AppData%\*.exe Security Level: DisallowedDescription: Don't allow executables to run from %AppData%.

Block CryptoLocker executable in %LocalAppData%

Path if using Windows XP: %UserProfile%\Local Settings\*.exePath if using Windows Vista/7/8: %LocalAppData%\*.exeSecurity Level: DisallowedDescription: Don't allow executables to run from %AppData%.

Block Zbot executable in %AppData%

Path: %AppData%\*\*.exe Security Level: DisallowedDescription: Don't allow executables to run from immediate subfolders of %AppData%.

Block Zbot executable in %LocalAppData%

Path if using Windows XP: %UserProfile%\Local Settings\*\*.exePath if using Windows Vista/7/8: %LocalAppData%\*\*.exeSecurity Level: DisallowedDescription: Don't allow executables to run from immediate subfolders of %AppData%.

Block executables run from archive attachments opened with WinRAR:

Path if using Windows XP: %UserProfile%\Local Settings\Temp\Rar*\*.exePath if using Windows Vista/7/8: %LocalAppData%\Temp\Rar*\*.exe
Security Level: DisallowedDescription: Block executables run from archive attachments opened with WinRAR.

Block executables run from archive attachments opened with 7zip:

Path if using Windows XP: %UserProfile%\Local Settings\Temp\7z*\*.exePath if using Windows Vista/7/8: %LocalAppData%\Temp\7z*\*.exe
Security Level: DisallowedDescription: Block executables run from archive attachments opened with 7zip.

Block executables run from archive attachments opened with WinZip:

Path if using Windows XP: %UserProfile%\Local Settings\Temp\wz*\*.exePath if using Windows Vista/7/8: %LocalAppData%\Temp\wz*\*.exe
Security Level: DisallowedDescription: Block executables run from archive attachments opened with WinZip.

Block executables run from archive attachments opened using Windows built-in Zip support:

Path if using Windows XP: %UserProfile%\Local Settings\Temp\*.zip\*.exePath if using Windows Vista/7/8: %LocalAppData%\Temp\*.zip\*.exe
Security Level: DisallowedDescription: Block executables run from archive attachments opened using Windows built-in Zip support.

 
But now I can't run several .exes of my PC, that is known as stated in the thread but the procedures to fix that doesn't work which is this one 
 
How to allow specific applications to run when using Software Restriction Policies
If you use Software Restriction Policies, or CryptoPrevent, to block CryptoLocker you may find that some legitimate applications no longer run. This is because some companies mistakenly install their applications under a user's profile rather than in the Program Files folder where they belong. Due to this, the Software Restriction Policies will prevent those applications from running.
Thankfully, when Microsoft designed Software Restriction Policies they made it so a Path Rule that specifies a program is allowed to run overrides any path rules that may block it. Therefore, if a Software Restriction Policy is blocking a legitimate program, you will need to use the manual steps given above to add a Path Rule that allows the program to run. To do this you will need to create a Path Rule for a particular program's executable and set the Security Level to Unrestricted instead of Disallowed as shown in the image below.
 

 
Once you add these Unrestricted Path Rules, the specified applications will be allowed to run again.
 
Help please for example I put %Appdata%\utorrent.exe - Unrestricted and still I get the message when I try to open utorrent.exe "This program is blocked by group policy"
 
Thanks in advance
 
 

Relevance 100%
Preferred Solution: Security Policies doubts after Malware Removal Tools

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Security Policies doubts after Malware Removal Tools

Instead of playing with the Local Group Policy Editor manually to set these GPOs, you should just download and use the free version of CryptoPrevent that will do everything for you and also offers you various options when it comes to the "thightness" of the settings.https://www.foolishit.com/vb6-projects/cryptoprevent/This tool was created following Lawrence Abram's instructions you just followed, plus some custom made rules, so you'll be good if you use it.

1 more replies
Relevance 83.64%

i cant even get Hijack this to work as soon as i run it it disappears so i cant even post that here to show whats going on with my computer.. im using windows XP... i keep getting redirected when i try to search on yahoo or google... using mozilla firefox. ive also tried to run in safe mode but i keep getting a blue error screen and cant move past that.

Answer:advanced virus removal / security tools malware?

Let's see if we can get a scan to workIf this works, go ahead and repost in the HJT forum. If not, post back hereRun this application and then immediately run your scanPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer or you will have to run it again

8 more replies
Relevance 72.98%

Two new malware removal tools by PC Tools just appeared on Softpedia today.
PC Tools Threat Removal Tool 2012

Fight back against malware.
PC Tools Threat Removal Tool is a handy and reliable utility designed to scan your computer for threats and remove them.

This Threat Removal Tool is designed to fight malicious code that has been known to prevent PC Tools' antivirus software from being installed. It performs a quick system scan in order to identify and neutralize the most common malware families that block, prevent, or terminate PC Tools' security software installers.

To ensure that the malware is completely eliminated, PC Tools Threat Removal Tool deletes the infected files and the registry values added by malware.

Requirements:

Administrative rights
If you are running Windows Me/XP, turn off System Restore.

Download
PC Tools ISO Burner 2012 1.0

Get the ability to access and delete persistent malware.
Safely remove malware from your computer with PC Tools ISO Burner. This is an advanced bootable antivirus tool that provides users with the ability to access and delete persistent malware.

When malware infects a computer, it gains control of many components that are key to the system's operations, making it very difficult to remove. Malware can use some of these system components to hide itself and prevent other software from detecting and removing it.

If you can't install or run a security application in the first place, then how a... Read more

Answer:PC Tools Releases New Malware Removal Tools

Ok what files are in the zip when you download it?
All I get is pcttFixTool.dll, no exe???
 

7 more replies
Relevance 72.16%

Hi,
I apparently have some remnants of a previous infection.
I cannot modify my registry with regedit (haven't tried any other tool yet) and I wanted to add additional user access to my network and found out that I cannot modify that either.
As for the Registry, I tried to modify the permissions (I'm admin) for specific keys, but it wouldn't allow me doing that. I added an additional key to set DisableRegistryTools to 0, no effect. Actually the key is there but doesn't unblock the saving.
I did some sweeps with Superantispyware, Ad-Aware, Malware, all no results. So now where to go, anyone an idea?
I'm running WIN XP Pro SP2, avast, superantispyware

More replies
Relevance 69.7%

I have scanned with AVG with the latest updates. On top of that insidious google redirect I get random pop ups even when I don't already have IE or Firefox running. Also getting sounds in the background like I'm clicking on a link, surfing the net when I'm not. And SYSTEM in task manager is hogging a ton of memory.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:52:42 PM, on 8/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeC:\... Read more

Answer:persistent malware undetected by virus scans and malware removal tools

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

2 more replies
Relevance 69.29%

Since the ComboFix will not run on Vista or Windows 7 64-bit, I have to look for new malware/virus removal apps... It was good while it lasted. So what tools do people use for Vista these days when the computer says: "WARNING! YOURS COMPUTER IS AN INFECTED BY HARMFUL VIRUS!!!!"

Answer:64-Bit Virus Removal & Malware Removal Tools?

64-bit Anti-Virus:List of 64-bit Anti-Virus For VistaAnti-virus protection in 64-bit environmentsFree Anti-virus:avast! Free Antivirus Avira AntiVir Personal - Free AntivirusAVG Anti-Virus Free Edition 8.5Microsoft Security EssentialsPanda Cloud AntivirusKingsoft Free Antivirus (Cloud Scan)Paid for Anti-virus:NOD32 Anti-Virus PersonalMcAfee AntiVirus PlusTrend Micro AntiVirus plus AntiSpywareNorman Antivirus & AntispywareCA Anti-Virus Plus Anti-Spyware64-bit Anti-Malware tools:Malwarebytes Anti-MalwareSUPERAntiSpywareKaspersky Virus Removal Tool - How to install and use documentationSpyware TerminatorWindows Defender (64-bit)PrevxSpybot S&DAd-AwareNorman Malware CleanerSunbelt Counterspy (free Trial)Comodo BOClean Anti-MalwareSophos Anti-rootkitSanityCheck Advanced Rootkit and Malware DetectorESET Online Antiivirus ScannerESET SysInspectorAnVir Task Manager FreeWinPatrolStart with these:How to use Malwarebytes' Anti-Malware to scan and remove malware from your computerHow to use SUPERAntiSpyware to scan and remove malware from your computer

3 more replies
Relevance 68.88%

Hi, i got infected because i was triying to run malwarebytes and it skip the part of analising the files, it ended in arount 1 minute in a full scan, and i tried to download dr web cure it, and it dont allow me, the computer seems fine, but those things are very strange, and when i was running the scan i was in safe mode...
 
thanks for the help

Answer:Malware infected, malware removal tools useless

Greetings samidelcueva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

0 more replies
Relevance 68.88%

Hi. I am trying to diagnose a problematic laptop for a friend. I don't know the details of what happened to cause the problems. The main problem I can detect is that the laptop is EXTREMELY slow. It seems like anything I try has a delayed response (even a simple mouse click). I followed the Malware Removal Guide, but was only able to run two of the five suggested tools as follows:

1) SUPERAntiSpyware - I ran this after manually updating the definition files on the version already installed and the scan found nothing.

2) Malwarebytes Anti-Malware - I was not able to update the definition files for the current version installed. After several attempts to uninstall this (via the Control Panel), I was able to do it via CCleaner. However, I was not able to re-install a more recent version due to problems with the Windows Installer service. After uninstalling an outdated version of Java (Update 14) via the Control Panel, I have not been able to install/uninstall any more programs.

2) combofix.exe - not compatible with 64-bit OS

3) RootRepeal - did not run on 64-bit OS

4) MGtools - did run; kept getting errors, but continued to completion

Attached are the SUPERAntiSpyware and MGTools logs:
 

Answer:Possible Malware preventing me from running malware removal tools

I am not seeing any malware in those logs. I do not know why MalwareBytes would not run, are you able to run it in safe mode? How does the PC behave when you use safe mode?

More than likely I think I will be sending you off to the software forum.

We can do this:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:



O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsM... Read more

5 more replies
Relevance 68.06%

I'm writing for a friend who can no longer use his computer. He recently had the Security Tools virus. It was 'removed' by a computer person for him. This was done in Canada last week. He is now in Mexico and the comp still won't operate properly. We found things to check for and were able to determine that all items mentioned in a 'removal' post were removed from the registry. All worked OK for the rest of the day (yesterday). Reboot this morning and it is doing the same thing, which is after a normal boot the first attempt to open a program immediately shows the small round icon that is twirling indicating that something is trying to start. And that continues on and on. Only way to stop it is to hold the button for five seconds and then it shuts down.

We have missed something somewhere. Any suggestions or solutions will be appreciated. Using Vista.

Answer:Security Tools removal

Hi, I would normally recommend a secondary check for viruses using Antimalwarebytes... and this is no exception assuming he can boot up successfully in Safe Mode with Networking.

He can download it from Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com and hopefully get it up and running in safe mode with networking.

He should have it run and check for any residual virus files and have it remove them.

If this fixes the problem which it may well do then the next step isn't neccasairy but you may want to do it anyway.

Perform a repair install. This fixes any damaged or missing system files that a virus could have hurt.

A tutorial on how to do this is available at Repair Install For Vista.

I hope this helps, please post back with any results.

Oli

2 more replies
Relevance 67.65%

Hi. Thanks for this. I need to first tell you that I don't even know how to generate the logs everyone posts here for troubleshooting. I'm sorry. Maybe someone could tell me how, then I will.

Because my laptop wouldn't even boot to the O/S last week, DELL's tech support helped me move files, reformat and reinstall the OS. I reinstalled McAfee. A security tool warning popped up. I knew it was rogue; I came here and got rid of using mbam and process explorer - very easy. Or I thought I did. On my daughter's desktop this morning, there were 3 porn shortcut links ON HER DESKTOP!!!! There was also a link to "Active Security" - trying to figure out wtf this was it turns out it was another rogue. Awesome. It at least had an uninstall on Add/Remove programs... but obviously it is not gone, if that is even the cause of all this... Thinking MBAM would be a logical quick fix, I figured I would try that. My Mbam won't load - I have reinstalled and it - it reinstalls and then when I try to quicksccan it says I don't have permissions and then I can't even open it again. I can reinstall, then it is hijacked when I try to scan. My McAfee won't scan either so both are being hijacked and I also am having the same browser redirects as others when clicking on sites from search results. McAfee can't even fix itself. In safemode, McAfee tells me the truth at least that it is not working (in regular mode it poses like everything is... Read more

Answer:Ugh - Malware Removal Tools Disbled by Malware

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Relevance 67.65%

Hi all, 
 
Recently on Chrome browsing on a site a received a web site popup saying "Your browser contains MALWARE. You have to install Chrome Malware Removal Tool". Confirming with OK opens an extension page:
 
https://chrome.google.com/webstore/detail/chrome-malware-removal-to/mbdoonnjlifcmakklcaembokjhjikank
 
I have a strong suspect this is a malware!!!
 
What I'm trying to understand if what kind of malware infected the web site I visited. Some technical specs could be useful . The web site is of a my friend and I'd like to help them to identify the malware infected their web site...
 
 

More replies
Relevance 67.65%

Hi Geeks,
I'm pretty sure I have a malware issue on my PC. I can't access any security websites, like malwarebytes.org and more. In fact, I am surprised I can access the Geeks website! I can download removal tools, but they won't run and I've tried quite a few.. I can't boot into safe mode -The dreaded Windows blue screen error message comes up-"Windows has detected a problem and needs to shut down". I followed your "Read me first" and did everything I could, including remove the old Java versions. When I tried to install Java again, it said the program is not digitally signed and shut down. This has happened a few times with other installs as well. My browsers shut down frequently on their own as well. Ihave a recent hijack this log, but not sure whether to attach it or not, as it was mentioned it may be filtered as spam. Anyway, hope you can suggest something. Thanks!
Bobby
 

Answer:malware won't let me run any removal tools and more

If you can't boot into safe mode and normal mode will not allow you to run any of the scans, there isn't much we can do to help you. Have you tried running all the requested scans? Have you tried renaming them as per the Read and Run First instructions? Will MGTools.exe not run?

You can try using a different computer to create this disc and then boot to it with the infected machine. ( You will need to first go into the bios and change the boot up order to make the cd drive the first boot device.)

Kaspersky Rescue Disk.
 

11 more replies
Relevance 67.65%

Hello all,

This is my second go-round through your instructions. The first in 04/2009 was successful. Presently, I cannot get any recommended tools to run --even if I rename an exe. I cannot locate the exe for Malwarebytes; I get an "exception unknown software exception (0xc0000409) occurred in application at location 0x77f7c60b" error message when attempting to open SuperAntiSpyWare. I attempted both in system mode and normal mode. (I have run them successfully in the past.) I see the Security Tool shortcut on my desktop and I bet its the culprit.

I am attaching two logs below. Your help is very appreciated.
Dawna G.
 

Answer:Malware removal tools won't run

Welcome to Major Geeks!

You MGlogs.zip file is not as useful as we need for two main reasons:

You don't have the current version. You are 7 months out of date.
You ran it in safe boot mode and normal boot mode is the preferred method.
Is all of the software you have that far out of date?

I will give you something to try below but the malware may have additional things hiding that we cannot see with this outdated version of MGtools.



Uninstall the below old versions of Java:
Java(TM) 6 Update 13

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Shared\_lib.dll
O4 - HKLM\..\Run: [tijidekel] Rundll32.exe "c:\windows\system32\jetebemi.dll",a
O4 - HKUS\S-1-5-19\..\Run: [wadahetuju] Rundll32.exe "C:\WINDOWS\system32\yikujode.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [wadahetuju] Rundll32.exe "C:\WINDOWS\system32\yikujode.dll",s (User 'NETWORK SERVICE')
O20 - AppInit_DLLs: c:\windows\system32\jisasiti.dll C:\WINDOWS\system32\gitoribo.dll c:\windows\system32\juduwuho.dll c:\windows\system32\jetebemi.dll,mapopabe.dll
O21 ... Read more

7 more replies
Relevance 67.65%

I ran through as much of the readme as I could, but only MGtools worked. Please look at the attached logs and advise me on what to do next. Thanks.
 

Answer:Can't run malware removal tools

Welcome to Major Geeks!

Your log shows that you were in safe boot mode. You should be in normal boot mode unless that is not possible and you did not say you could not boot in normal mode.

A few of your Windows system files (ndis.sys and beep.sys) are infected and will need to be replaced by clean copies. It will be much easier to do this once we can get ComboFix to work. So let's start with the below fix and see if we can get other tools to run afterwards.


Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F2 - REG:system.ini: UserInit=userinit.exe
O4 - Startup: zqosys32.exe
O23 - Service: Dhcp server (DhcpSrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe (file missing)

After clicking Fix, exit HJT.

Now copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.




REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"Click to expand...

Make sure that you tell me if you receive a success message abou... Read more

1 more replies
Relevance 67.65%

Hello All,
I have tried all possible tools
SpySweeper,Kaspersky,Spypot,Spyware Doctor,Adaware
SuperAntiSpyware,MalwareBytes,CCleaner,RogueRemover

I think its the virtumonde...The thing is I have a couple of registry entries pointing to Dlls that do not exist but even if i remove them they keep coming back.I have tried booting into safe mode and deleting them but it does not help.I am posting my HijackThis log.I have disabled system restore as well

I keep getting random Ad-Websites and messages that my computer has been affected.

I have highlighted the susicious registry entries.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:56:00 PM, on 03-Dec-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system3... Read more

More replies
Relevance 67.65%

I have aToshiba M105 laptop. I have CCleaner and Avast Home installed. I ran Avast - no issues, ran CC and Registry cleaner. I have something on this that when I do a google search will look like legitimate results but when I click on a link will send me somewhere else, usually redirect me to an ad or the info.com.I also can not access certain websites -MajorGeeks being one of them or any of the sites that contain the malware removal tools listed in the MJ procedures. Si I tried to access MJ from another computer and save the tools to a usb stick then transfer to the infected computer. Worked OK until I tried to run the various apps. SAS I get "encountered error needs to close" Spybot - "connection w/sever could not be established" Malwarebytes just wouldn't install. Don't know what to do now ---HELP!!!!!
 

Answer:Can not run MALware removal tools

For MBAM, just run it without updating.

Have you tried running the other scans in safe mode?

The Read and Run First instructions have links to manual updates for both SAS and MBAM.

Did you run the MGTools.exe? Were there any issues with that? Can you attach the C:\MGLogs.zip?
 

3 more replies
Relevance 67.65%

Hi Guys,

Thanks for a great website, and many good tools you have put together.

I have a problem getting rid of what I think is Spyware on my wife's laptop.

She is currently unable to do Google searches properly, and all results seem to end in being re-directed to a 'Coupon Mountain' website, we can browse to some websites manually, but all those of the major malware removal companies (including yours) just result in the standard IE website unavailable error message.

I have tried downloading all the tools in your READ AND RUN ME FIRST section to a CD, and then copying them to the laptop to run, unfortunately none of them install (even if I change the names.)

I'm getting to the point where I'm considering a repair install, but would like to know if there's anything else I can do to get things fixed without such drastic action.

TIA

Neil
 

Answer:Can't Run Malware Removal Tools.

Welcome to Major Geeks!


Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.
If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.

TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide


Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
To avoid addtional delay in gettin... Read more

1 more replies
Relevance 67.65%

I am trying to follow clean up procedures, http://forums.majorgeeks.com/showthread.php?t=35407 and have 2 questions;
1. when I run Microsoft Windows Malicious Software removal tool, does it clean/fix automatically or do I have to click on something? I tried to go to the help section and I get "page cannot be displayed".
2. when I run Spybot Search & Destroy, I click immunize but i don't see S&D helper.

ty
 

Answer:Using malware removal tools

1. Just run teh tool there is nothig else you have to do.

2. When you Immunize; Spybot is making changes to the Registry.
 

3 more replies
Relevance 67.24%

My daughter's laptop has the Security Tools virus on it and I would like some help to remove it? I have downloaded the exeHelper to the desktop and I ran it, but I cannot get the log file to open with any software. It seems this virus has disabled a lot of stuff. So I am copying the exehelperlog file contents onto a thumb drive and working back and forth between her computer and mine. I would log in to this site on her computer, but I wouldn't be able to open and copy results from her computer because text programs like word or notepad won't open.The details of her laptop are as follows:Windows 7 Home PremiumIntel Core i3 CPU M330 @ 2.13GHz4.0 GB64 bit operating systemI included these details, because I noticed when assembling this question, that your site tracked the OS and CPU/RAM info of my computer and not her laptop.Here are the contents of the exehelperlog file. FYI I ran it twice. Not sure if that ruined anything or not.exeHelper by RaktorBuild 20100414Run at exeHelper by RaktorBuild 20100414Run at 13:46:31Thank you for any help you can give.Cindy

Answer:Help with Security Tools virus removal....

Check out my post here: http://hitanykey.webs.com/removefak...

4 more replies
Relevance 66.83%

I am getting an error "unable to connect to the proxy server" while opening chrome, firefox or IE.
 
I have unchecked the proxy setting and it still reverts back when I try to open a browser.
 
I am pasting the results from the mini tool box. below -
 
I also ran  ADW Cleaner , TDSSkiller and malwarebytes.
 
 
 
 
 
MiniToolBox by Farbar  Version: 30-11-2014
Ran by jints1234 (administrator) on 02-02-2015 at 23:43:08
Running from "D:\adware"
Microsoft Windows 8  (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Qualcomm Atheros AR9485 Wireless Network Adapter = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
 
 
# -----... Read more

Answer:tried several malware removal tools and still cant connect

Sorry, not at home, report's too long to read -- what firewall, anti-virus, anti-malware are you using?  One thing I can recommend is you "sneaker-net" [via usb stsick or CD/DVD] Tweaking.com's Windows Repair (All in One), install & run it.  Accept defaults checkmarks, add #26 & 27 [if memory serves me], ones that indicate normalizing Windows operations.

2 more replies
Relevance 66.83%

Hello Geek Saviors

Am trying to run the Malware Removal Tools for my Acer 2012 Laptop, Windows 7, IE 11, AVG antivirus, Comodo Firewall. Have downloaded the Tools to desktop and followed the Win 7 malware removal directions. Have following problems despite lowering Internet security settings, trying with Comodo Firewall disabled (also Comodo in safe mode) with all tools software entered as safe applications, running in Windows Normal Ops:
1 - Defogger, after clicking DISABLE and YES get immediate red X message "Unable to Create Log"
2 - RogueKiller, right click "run as admin", depending on Comodo settings noted above variably got Alert Triangle "Software is Not Available" or once setup opened and started abruptly disappeared with message "Download Manager has stopped working. A problem caused the program to stop working correctly. Windows will Close and notify you if a solution is available". Tried renaming to "RK.exe" with same result.
3 - Malwarebytes - tried after RogueKiller failure, right click "run as admin", and got exact same response as for RogueKiller.

Did not try other tools. Any idea what I can do to get tools to run? Have not tried computer Safe Mode - would this help?
Thanks for any suggestions and guidance.
 

Answer:Malware Removal Tools not Opening

Yes, you can try safe mode, but be sure to first disable your AV software.
 

6 more replies
Relevance 66.83%

Running windows xp media edition on e machine. Will not run any spyware programs. Will not run HJT. Found BRAVIAX.EXE in sys 32. Ran killbox to delete. Could not delete braviax sys32.exe. Had killbox replace file with dummy file then marked read only to stop the red x
trying to sell me its programs. Tried to down load several other spyware removal programs. Get message Access Denied no matter what.
Browser has been taken over by redirect program. HELP! WARNING I am NOT computer literate.

Answer:Nasty Malware. Can't run any removal tools.

Hello fxstc1340 and to BleepingComputer.WARNING I am NOT computer literate.Not a problem. If you don't understand something, feel free to ask questions and I'll explain it better. The same holds true for any helper you work with here.Now. . . let's see what we're looking at here.Please install RootRepealNote: Vista users ,, right click on desktop icon and select "Run as Administrator."Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorDisconnect from the Internet or physically unplug your Internet cable connection.Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver. Temporarily disable your anti-virus and real-time anti-spyware protection.After starting the scan, do not use the computer until the scan has completed.When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.Extract RootRepeal.exe from the zip archive.Open on your desktop.Click the "Drivers" tab, and then click the button.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the... Read more

6 more replies
Relevance 66.83%

When I go to download ie:  RKILL or malwarebytes they do not download.  I am running firefox.  I have tried explorer.  I have an HP windows XP. 

Answer:cannot download any malware removal tools

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/518053 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 66.83%

can anyone tell me if there ar any bootable malware removal programs other than avg

thanks in advance

ray

Answer:bootable malware removal tools

Here are a couple:http://www.free-av.com/en/products/12/avir...cue_system.htmlhttp://www.freedrweb.com/livecd/

2 more replies
Relevance 66.83%

My Windows 7 x64 machine is presenting Antivirus 360 malware. I am looking for tools that will work with Windows 7. I tried combofix and some others but I am finding out they are not made for Windows 7. Please help. I am not even sure what to use to collect logs to submit here.

--M


Submitted DDS log in log submit forum but I would still like suggestions on Windows 7 compatible removal tools.

More replies
Relevance 66.83%

Help! My daughters laptop seems to be infected with browser hijacker I can't get rid of it. I can't download windows updates and all different browsers aren't working right, sending me to wrong sites and preventing download of AV and malware removal tools. Super anti spyware was installed and wouldnt work, have tried to install windows malicious software removal tool via USB but it won't install or run, have also tried to install spybot via USB but it wont install, error message when it try's to connect to download some of installation files I think. Any advice you guys can offer would be very gratefully recieved, many thanks
 

Answer:Can't install malware removal tools

Welcome to Major Geeks!





TomPo said:





and all different browsers aren't working right, sending me to wrong sites and preventing download of AV and malware removal tools.Click to expand...

Has a proxy server been inserted in the browser? See the below:

Proxy Server - Changing Settings



TomPo said:





Super anti spyware was installed and wouldnt work,Click to expand...

You need to be more specific. Exactly what happens.





TomPo said:





have tried to install windows malicious software removal tool via USB but it won't install or run,Click to expand...

Exactly what happens? Any error messages.

Have you tried to install and run tools in safe boot mode as suggested in our cleaning procedures?





TomPo said:





have also tried to install spybot via USBClick to expand...

Waste of time anyway as it is ineffective against most of todays malware.


Also try the below to see if you can get anywhere.


Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Administrator


You only need to get one of them to run, not all of them. You may get warnings from y... Read more

12 more replies
Relevance 66.83%

I can't download anything at all and I suspect it is a malware issue. And yes, I've tried removing firewalls, anti-virus, pop-up blocker, etc...
If i try to download something on firefox i get this message: "C:\Documents and Settings\HP_Administrator\Desktop\XXXXXXX could not be saved, because you cannot change the contents of that folder.
Change the folder properties and try again, or try saving in a different location."

If I try to download something on IE i get this: "The requested site is either unavailable or can not be found.Please try again later "

Some symptoms that might be unrelated, I tried running a disk check, but it stops at step 2/3, and an old malware that i deleted left autorun, but i got rid of that as well.

I would download malwarebytes or something to try and get rid of the problem, but i can't :\
 

Answer:Can't even download malware removal tools

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions.
**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using a differe... Read more

3 more replies
Relevance 66.42%

In the past whenever I've had a problem, I always been able to find a resolution by searching other threads dealing with similiar problems but I'm afraid this one has me completely stumped. Here are the details:

System:
Windows XP 2002 home edition, SP3
2.0G Celeron processor, 768 mb RAM
System restore has been turned off by the infection for at least 2 weeks now. No restore points exist and trying to turn system restore back on doesn't work.
Initial infection was approximately 3 weeks ago, obvious processes were L.exe and msa.exe
Beginning today, ctrl+alt+del does nothing, process exlorer refuses to open

Prior to this, McAfee was on a normal weekly scan schedule and I would also run Malwarebytes 2 to 3 times a month to catch anything McAfee missed. This system seemed to work very nicely until this last bit of virus got onto my system.

Now, McAfee, Malwarebytes, SuperAntispyware and Hijack this all refuse to run in either normal or safe mode. All exhibit the same symptoms, specifically the hourglass figure appears for several seconds, then disappears, but program doesn't launch. All programs mentioned have been removed and reinstalled both in regular and safe mode with no difference in behavior. In addition I have also tried using rkill immediately prior to attempting to run all of the above application, no difference in behavior. I've also tried fresh installs of Malwarebytes with the both the installer and exe file renamed to mb.exe, then mb.scr, all ... Read more

Answer:Infection disabling all removal/security tools

Try running this application first and then mbam right afterwardsPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer or you will have to run it again=================================We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may tak... Read more

3 more replies
Relevance 66.01%

Hi,
I have a problem where I cannot run any virus or malware removal tools. I have tried them in safe mode and I have tried renaming them. I am able to load them and update them and I can start them momentarily. Then they stop and I can not restart them. I get an error that they are not available or that I do not have permission. I have tried to run online scans and they also fail to load. I also have a problem with iexplorer and firefox being hijacked and loading various web sites I am not intending on going to. Not bad sites just not the ones I am trying to get to. Let me know what you want me to try. I work on computers daily and have not run into anything like this. Thanks in advance for you help.
 

Answer:Cannot load any virus or malware removal tools

I am able to run MGtools.exe and I have attached the log.
 

29 more replies
Relevance 66.01%

Hello

I've followed all instructions in "Read & Run Me First". I have the following results downloading and attempting to run the suggested tools for Windows XP operating system:

SUPERAntiSpyware: downloaded but unable to run. No log created. While attempting to run, received the following message: Windows cannot access the specified device, path or files. You many not have appropriate permission to access item. (note - I am setup as administrator).

Malwarebytes Anti-Malware: downloaded bu unable to run. No log created. While attempting to run, received the following message: Windows cannot access the specified device, path or files. You many not have appropriate permission to access item. (note - I am setup as administrator).

combofix.exe: downloaded and ran, but did not complete. No log created. When attempting to run, I got a far as the blue screen C:\ ComboFix is preparing to run. I sat in that condition for 2.5 hours. I finally closed out.

RootRepeal: downloaded and ran. It was basically a flash on the screen. Log generated but empty. See attached.

MGTools: downloaded and ran. Log attached.

My problem started 1 week ago when my Antivirus Program (F-Secure) stopped auto-updating the Antivirus and Malware components. I uninstalled and attempted to re-install (per F-secure's support) and was unable to install completely. I suspect the virus is preventing the install. I am currently do NOT have any Antiv... Read more

Answer:Virus Unable to Run Malware Removal Tools

Java(TM) 6 Update 26 <--- uninstall outdated Java.



Download and run Win32kDiag per the below instructions:

Download this Win32kDiag and save to C:\Win32kDiag.exe. You must save it here!!!!
Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please attach this log
C:\win32kdiag.exe -f -r




Now we need to scan the system with this special tool.

Please download Junction.zip and save it to your root folder (C:\Junction.zip)
Unzip it and put junction.exe in the root folder (C:\junction.exe)
Now click Start => Run... => Copy and paste the following command in the run box and click OK:
cmd /c junction -s c:\ >C:\log.txt

A command prompt window opens and also a license agreement from SysInternals will appear.
Accept the license agreement and the scan will begin.
Wait until a log file opens. Attach this C:\log.txt when it finishes (the command prompt window will close when it finishes). (How to attach items to your post)
NOTE: It scans your whole hard disk so if can take a long time. Be patient and don't do anything else while it is scanning.



Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.


Right-click OTM.exe And select " Run as administrator " to run it.
Paste the following code under the area. Do not include the word Code.

... Read more

8 more replies
Relevance 65.19%

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Hi and welcome to the Bleeping Computer malware removal forum. If you are reading this article, then you are most likely looking for a solution to a possible malware infection on your computer. Please follow these steps in order to provide information that we can use to analyze your computer's configuration. Please note that these steps may appear to be long and daunting. In reality, though, they are very simple and are only so many steps as we wanted to be as detailed as possible in the instructions.
Before you perform these steps, it is suggested that you first check to see if there is a self-help guide for infection here:
Virus, Spyware, and Malware Removal Self-Help Guides
If there is one, then you can attempt to use the self-help guide first and then continue with these steps if you feel that you are still infected.
- Backup your data!
Regardless of whether or not you have a malware infection, routinely backing up your data should be an important part of every computer users life. Whether it be a hard drive that has failed or malware that has caused your computer to become inoperable, not having your files, pictures, email, and music can be a disaster. We therefore suggest that before we move forward with this cleaning process, you first backup your data to a secure location. That secure location could be a burnable DVD, an external backup drive, or another... Read more

Answer:Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Bump to reset order.

1 more replies
Relevance 65.19%

My computer experienced Police Pro and/or Antivirus 2010 which disabled AVG 8.5 along with Malwarebytes, Norman Malware remover, spy doctor and Hijack This ... I have manually removed all registry items and files that I could locate and the computer does not show any sign of the virus while in safe mode, however it still will not run AVG scans or any other malware removal tools, so my assumption is that there is something still running that I am not seeing.

I tried to run RootRepeal, but it crashes if I request Files to be scanned. I then ran Win32kDiag and it appears to have run below is the log. Any help in getting AVG and a Malware removal tool running would be greatly appreciated!!!!!
Running from: C:\Documents and Settings\Owner\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Owner\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINNT'...

Found mount point : C:\WINNT\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\$hf_mig$\KB944533\KB944533

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\$hf_mig$\KB956390\KB956390

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\&... Read more

Answer:Anti-virus and malware removal tools disabled

Hello vjc,Please refrain from making any changes to your system (updating, installing, removing, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) "%userprofile%\desktop\win32kdiag.exe" -f -r into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

55 more replies
Relevance 65.19%

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Hi and welcome to the Bleeping Computer malware removal forum. If you are reading this article, then you are most likely looking for a solution to a possible malware infection on your computer. Please follow these steps in order to provide information that we can use to analyze your computer's configuration. Please note that these steps may appear to be long and daunting. In reality, though, they are very simple and are only so many steps as we wanted to be as detailed as possible in the instructions.
Before you perform these steps, it is suggested that you first check to see if there is a self-help guide for infection here:
Virus, Spyware, and Malware Removal Self-Help Guides
If there is one, then you can attempt to use the self-help guide first and then continue with these steps if you feel that you are still infected.
- Backup your data!
Regardless of whether or not you have a malware infection, routinely backing up your data should be an important part of every computer users life. Whether it be a hard drive that has failed or malware that has caused your computer to become inoperable, not having your files, pictures, email, and music can be a disaster. We therefore suggest that before we move forward with this cleaning process, you first backup your data to a secure location. That secure location could be a burnable DVD, an external backup drive, or another... Read more

Answer:Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Bump to reset order.

1 more replies
Relevance 65.19%

Hi, apologies If I have not done this correctly.... First post.

I am unable to run Combofix in Safe Mode or Unsafe, Spybot and Malwarebytes, I can click the .exe shortcuts but nothing happens. I realised I had a problem when my google started redirecting to other sites then just crashing or going to blank screens. See my scan below, and attached unfortunatley unable to run any other screeners etc as I cant get them to startup.

Not sure how complex this problem is but it would allowme to login or register to your site on the problem pc, when I clicked agree to terms it came up you didn't agree etc. Then when I registered on the other comp I still could'nt and can't login on the problem pc....

Thanks in advance for any support
Kevin
DDS (Ver_09-02-01.01) - NTFSx86
Run by kev at 16:52:41.02 on 22/02/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.5.0_12
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.536 [GMT 0:00]
AV: AVG 7.5.552 *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EX... Read more

Answer:Unable to Run any Malware removal tools Combofix Spybot etc

My Combofix log after running, I got this running after changing the name.

ComboFix 09-02-21.01 - kev 2009-02-23 22:15:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.701 [GMT 0:00]
Running from: c:\documents and settings\kev\Desktop\ComboFix1.exe
AV: AVG 7.5.552 *On-access scanning enabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_006126_.tmp.dll
c:\windows\system32\_006127_.tmp.dll
c:\windows\system32\_006128_.tmp.dll
c:\windows\system32\_006129_.tmp.dll
c:\windows\system32\_006135_.tmp.dll
c:\windows\system32\_006136_.tmp.dll
c:\windows\system32\_006137_.tmp.dll
c:\windows\system32\_006138_.tmp.dll
c:\windows\system32\_006139_.tmp.dll
c:\windows\system32\_006141_.tmp.dll
c:\windows\system32\_006142_.tmp.dll
c:\windows\system32\_006145_.tmp.dll
c:\windows\system32\_006146_.tmp.dll
c:\windows\system32\_006148_.tmp.dll
c:\windows\system32\_006149_.tmp.dll
c:\windows\system32\_006150_.tmp.dll
c:\windows\system32\_006152_.tmp.dll
c:\windows\system32\_006155_.tmp.dll
c:\windows\system32\_006156_.tmp.dll
c:\windows\system32\_006160_.tmp.dll
c:\windows\system32\_006161_.tmp.dll
c:\windows\system32\_006163_.tmp.dll
c:\windows\system32\_006166_.tmp.dll
c:\windows\system32\_006168_.tmp.dll
c:\windows\system32\_006169_.tmp.dll
c:\windows\system32\_006170_.tmp.dll
c:\windows\system32... Read more

3 more replies
Relevance 65.19%

Hey I am just really interested in PC security and repair and I was just wondering if you guys had any good resources for my own personal research. If you could tell what you would want to look for when examining these files created by the programs listed below and even what the purpose is for these programs that would be very helpful in helping me understand the process better. I got this from your malware removal procedure forum. Very insightful by the way

? BitDefender
? PandaActiveScan.
? GetRunKey
? ShowNew

Thanks
 

Answer:Examing logs created by malware removal tools

Your best resource is the thousands of posts in this forum.

BitDefender and Panda are rather self explanatory in most case however you still need to know the difference between valid detections and false detections and that comes with significant experience over a period of time.

We don't have time to really explain GetRunKey and ShowNew to you. In short GetRunKey shows lots of registry keys (not necessarily bad) and potentially bad files associated with certain infections. ShowNew dumps out important areas of the file system that may be used by malware. ShowNew also prints and uninstall program list so you can see if any malware is installed. You need to have a good understanding of ALL Windows OS's, the file systems, and the registry to understand what they are being used for. Also you need to again be able to distinguish between what is valid and what is not valid and that also comes with significant experience.

Reading the threads and reading the logs and seeing what is fixed and not fixed will teach you a lot.
 

1 more replies
Relevance 65.19%

I've followed the Prep Guide but have been unable to get DDS to run despite repeated attempts. I've also tried to run Root Repeal several times without success. I then downloaded RSIT. Here's the log file:
"Logfile of random's system information tool 1.06 (written by random/random)
Run by GREG GOODFELLOW at 2010-01-04 15:32:45
Microsoft Windows XP Professional Service Pack 3
System drive C: has 52 GB (34%) free of 153 GB
Total RAM: 1015 MB (28% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\OGADaily.job
C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\... Read more

Answer:Infection Preventing Malware Removal Tools from Running

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

15 more replies
Relevance 65.19%

Hi..

When i try to run the spyware removal tools, nothing comes .. I think my system is deeply affected by spywares. I renamed mbam.exe to mb.exe and ran. Still it didn't run. so please tell me to run these anti spywares. PLease help !!
I am attatching the Mlogs.zip which i got when i ran MGtools :cry


http://citycricketers.wordpress.com The IPL Team
 

Answer:Cannot run malware antibytes or super antispyware like removal tools

Welcome to MajorGeeks!

Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First. If TDSSserv is not found, just continue on with the READ & RUN ME.
TDSSserv Non-Plug & Play Driver Disable

READ & RUN ME FIRST. Malware Removal Guide

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip... Read more

1 more replies
Relevance 65.19%

So I had a virus that I thought I had gotten rid of a month ago, but it seems to have returned last night while I was asleep. It now freezes or shuts down anytime I start the computer normally, so I have to start it in Safe Mode to get anything running. It won't let me install Malwarebytes or SUPERspyware removal or anything like that. Ad-aware removed a few things but when I rebooted I couldnt start my computer normally. I have McAfree, but I can no longer start it. Most removal programs I try to install don't work. And when I start a firefox browser, even in safe mode, it tells me "The procedure entry point [email protected]@Z could not be located in the dynamic link library msvcrt.dll." So here is my HijackThis log from Safe Mode:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:21:53 PM, on 5/4/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wbem\unsecapp.exeC:\WINDOWS... Read more

Answer:Virus that prevents malware removal tools (malwarebytes, etc.)

Sorry, here is my dds file

3 more replies
Relevance 65.19%

Malicious Code has become increasingly complex and infections involve more system elements than ever before. Sometimes, when your antivirus software is not able to remove virus from your computer, you may need to download and use these free specialized tools which are released by well-known security companies like Symantec, Eset, Kaspersky, etc. Malware & Virus Removal Tools
Here is a list of some Malware & Virus Removal Tools: Security Response Removal Tools - Symantec Corp. Stand-alone malware removal tools - ESET Knowledgebase Virus-fighting utilities Free Virus Removal Tools - Bitdefender How To - Remove threats - Removal Tools | F-Secure Avira AntiVir Removal Tool - Download How to Use Stinger | McAfee Free Tools
If you know of any other links, please do share here.

Answer:Free Standalone Malware & Virus Removal Tools

Hi Andy ! Emsisoft Emergency Kit: http://www.emsisoft.com/en/software/eek/

1 more replies
Relevance 65.19%

all info stated above I think. Appreciate your help.
 

Answer:Removing Edeals (multiple malware removal tools used)

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 65.19%

I have attempted to run the following programs:MalwarebytesNorton Power EraserMcAfee StingerI am able to install them and get them up and running. They run for 30 seconds or so then the programs get killed. When I try to restart the programs, I get the following message: Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.This problem occurs whether I run Windows XP Home SP3 as a regular user, or as an administrator in Safe Mode.

Answer:Malware Removal and AV Tools get killed when attempting to scan

Hello,This infection changes settings on your computer so that when you launch an executable, a file ending with .exe, it will instead launch the infection rather than the desired program. To fix this we must first download a Registry file that will fix these changes. From a clean computer, please download the following file and save it to a removable media such as a CD/DVD, external Drive, or USB flash drive.FixNCR.reginsert the removable device into the infected computer and open the folder the drive letter associated with it. You should now see the FixNCR.reg file that you had downloaded onto it. Double-click on the FixNCR.reg file to fix the Registry on your infected computer.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes'... Read more

1 more replies
Relevance 65.19%

I have the security system 2009 virus (or is it system security?) and I can't run any of the anti-spyware fixes I've seen in various blogs and at various sites (Malware Bytes, Spyhunter, etc). I can do limited things in safe mode but nothing at all in regular mode. Firefox is almost useless even in safe mode, as anything I download using it generally won't run or install. I'd downloaded 3.5 right before getting the virus and was having some issues with the program right before and after the update. IE has seemingly random pop-ups in safe mode and sometimes will totally ignore commands and do its own thing. I did the hijack scan but upon reading the blog found that there is another process to follow. I'm hoping since the hijack program directed me to this blog that I may have enough information in the log because I have to leave for work so I can't at the moment. I also had some issues on the computer from prior viruses that I could never seem to get rid of completely so some of that may be in the log. I don't know what other information is needed but I hope I've given something of use. I've been up all night so I'm pretty discombobulated so I apologize for the scattered message. Thanks for any and all help and advice!

Answer:System Security 2009 Virus - unable to run removal tools

Hi My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.If you do not make a reply in 5 days, we will need to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we... Read more

8 more replies
Relevance 64.78%

(All info included that was suggest by the Preparation Guide except that I had to run everything in safe mode, as the malware wouldn't let me do anything.)
DDS (Ver_09-09-29.01) - NTFSx86 MINIMAL
Run by Faith at 13:33:11.21 on Mon 10/05/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2013.1720 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Feith.LEEANDRA\Application Data\U3\0876020A09527642\LaunchPad.exe
C:\Documents and Settings\Feith.LEEANDRA\Desktop\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
mURLSearchHooks: AVG Sec... Read more

Answer:Security Tools Malware

Hello,We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: log.txt info.txtThanks

2 more replies
Relevance 64.78%

My friend has been infected by Security tools malware & is unable to access safe mode via F8. On pressing F8 he goes into Boot Order screen rather than Safe mode. Has anyone any idea how to get into safe mode from startup? We have tried via msconfig without success as that appears to be infected as well.

Answer:Security tools malware

By the way, the operating system is Vista

6 more replies
Relevance 64.78%

Still having problems accessing files and folders on C drive; no access or access denied to open or view Docs and Settings folders, App Data, etc. Access is even denied to my user Documents\MyMusic, MyPictures, and MyVideo files.

Read and followed instructions in the Read & Run Me First removal guide. Downloaded SuperAntiSpyware, Malwarebytes, ComboFix, and MGTools.

Looked for log from SAS but couldn't find anything saved anywhere. If I right-click on the .exe saved to my desktop, properties show it as "SAS.exe.exe" Is that normal??

Also, I noticed after running Malwarebytes or Combofix (I don't remember which-sorry), a new folder was created - "C:\$RECYCLE.BIN" which, of course, is locked.

A little more history here: I knew I had this trojan a couple of months ago and, without reading up on anything, thought I could do a system recovery from a recovery disk I had. Unfortunately, that didn't work, and I ended up with a black screen that kept saying, "No operating system installed". A friend took my laptop and said he "wiped it down as deep as he could go", then installed Windows 7 (I previously ran Vista). Got the laptop back recently and found out the trojan is still here, living large in the background on my laptop.

So, I am assuming the logs will show a pretty bare bones system here, and that's why.

I've attachd the logs I can find.... HOWEVER, when I try to attach MGTools.zip fi... Read more

Answer:Ran all suggested malware removal tools and ZeroAccess trojan still installed.

ZeroAccess trojan still present after all removal tools used

I've had this trojan on my laptop for almost 4 months. Before doing any research, i tried to do a system recovery from a disc I had made last year, but ended up with a black screen telling me that "no operating system installed". Gave my laptop to a friend to "fix". He "wiped the hard drive down as deep as poosible", installed Windows 7 (I previously had Vista), and gave it back to me. I assumed he knew the extent of this trojan, but obviously he didn't. I have a 64-bit operating system, running Windows 7. Everything else was installed or re-installed by my friend after he "wiped the hard drive".

I read the Read & Run me guide, installed and ran all the tools, etc. Here's the issues:

I am denied access to common doc files, my start menu folder, my templates folder, etc. I have two program files, one of which has "(86x)" behind it; after running the removal tools, i found a new folder on my hard drive: "$RECYCLE.BIN" which of course, is locked. When I right-click on the SAS.exe file on my desktop, the properties show this: "SAS.exe.exe", same with "mb.exe.exe" (is this normal??).

There is nothing in the SAS folder on the C drive, but SAS didn't show anything anyway; I've attached the combofix log; inside the MGLogs.zip file is another folder called "Qoobox" along with the text ... Read more

4 more replies
Relevance 64.78%

Hello and Thanks in advance. I ran all tools to get a chance to ask someone how to repair the registry in my windows 7 64 bit system. It's new but has crashed multiple times. I was tired of restoring to factory settings.

It seems that someone with physical access during the 3 months I've owned it has changed settings so they can receive reports from this computer. Help!
 

Answer:Registry repair after running all suggested malware removal tools.

eMachines EL1352G-41w, AMD Anthon IIx2 220 Processor 2.8 GHz, 2.00 GB (1.75 usable), 64-bit operating system, Windows 7 Home Premium Service Pack 1, ZyXEL EQ-660R-F1 ADSL Router on single phone line 1.5 max (out in the sticks), No wireless connections, HP OfficeJet 5610v All-in-One (won't print), NVIDIA nForce 10/100/1000 Ethernet, worked fine till I left town. Have restored to factory 5 times. Some registry files are missing, and I don't have permission to change them. Files from Malware scans attached.

Hope this is all correct. Poke me in the eye if not! ~G
 

4 more replies
Relevance 64.78%

Hello. I was visiting a few websites and all of a sudden my computer blue screened and started doing a "file dump" it then reset itself.

I tried to go on and fix it, but it wouldn't let me access any antivirus/spyware/malware downloads. Norton, mcafee, spydoctor, malwarebytes anti malware.

I started getting popups stating "this site is unsafe download this.." it was a windows/microsoft grey box message. It seemed legit, but I did not actually download it. I cancelled. I got it every few websites I went to. Mostly from the antivirus sites.

I restored my computer to factory settings (didn't need anything on it).

I have since been able to run several virus scans and download several malware softwares. I have malwarebytes anti malware, norton, and spydoctor. They all have run and found nothing.

I just want to make sure I have gotten rid of everything.

I downloaded hijackthis and this is the log it just returned.

I don't know what to do with all this, but it has been suggested I find a help forum for some advice.. Anything anyone can tell me is much appreciated. Thanks in advance.

Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:26 PM, on 8/7/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.... Read more

More replies
Relevance 64.78%

I have 2 problems, the malware(Guard Online) and the google redirect problem so I look at the steps in "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help". I followed the steps until I got to step 8. I have a problem with thePart of Step 8 that says "Please double-click on the gmer.exe program. Once you double-click the icon a Windows security warning may appear asking if you are sure you would like to run the program. If this warning appears, please click on the Run button to allow GMER to start. If no warning appeared then you should just continue with the guide". When I click gmer.exe, an error pops up and says "Windows cannot access the specified device,path,or file. You may not have the appropiate permissions to access the item.". This error pops up when I try to use malwarebytes and SuperAntiSpyware as well. What do I do?

Answer:Problem with---> Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Hello,Forget about GMER for now and please post the DDS logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

6 more replies
Relevance 64.78%

Hi,

My son's Laptop has a nasty redirect virus that also prevents the execution of malware removal programs and also prevents the logging tool from working. The icons for both Malwarebytes and the dds tool have a colored "shield" that is imposed on top. Any help would be greatly appreciated. OS is Vista Home edition.
Appreciatively,

A

Answer:Malware with redirect prevents removal tools and logs from executing

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

2 more replies
Relevance 64.78%

My problem sounds similar to other threads,  mostly like this one:  http://www.computerhope.com/forum/index.php/topic,76406.0.html " But it seems as if nobody was sucessfull with removing this beast yet. My issue all started with WINLOGON asking my firewall for web access, which I let go through because Google adviced if the file is in the system32  folder it should be fine. Since then IE pops up sites by random;  forced reboots occured and  Windows keeps saying "Appl. cannot be executed, the file is infected, please activate your antivirus software". The virus pretends as if itself was a malware removal tool. It claimed that NetSky32 took over the system and wanted the user to donwload security tools (a fake regestry defender window poped open). SuperAntiSpy cannot see anything, Malwarebytes is far better, but still not succesfull . The virus kind of panics as I donwloaded MalWareBytes and after the first scan the virus deleted the Malwarebytes executable. At one point of time it seemed as if I would be fine (the regedit and taskmanager were usable again,  the Virus-warning desktop background was gone, but: I could never boot into a savemode to perform a full system scan and completely get rid of this. When trying to boot in save mode I still get a blue screen of death. Part of the virus is residing in C:\Windows\temp. The files seem to be rewritten at each boot time: gnserv.dat, spserv.dat, fla6.tmp,  Perflib_prefdata_44c.da... Read more

Answer:Malware in C-Windows-temp and maybe in the MBR. All common removal tools failed

Hello. Welcome to CH!  Are you able to boot to Windows?These two files: C:\WINDOWS\system32\serauth1.dll and C:\WINDOWS\system32\serauth2.dll -- will continually be restored while their backup is in place. These are not necessarily bad.If you are able to boot, please do the following:Please open Notepad and enter in the following:[email protected] offecho DMJ Find > findSUBawf.txtecho. >> findSUBawf.txtif exist "%SystemRoot%\System32\clauth1.dll" echo Found clauth1.dll >> findSUBawf.txtif exist "%SystemRoot%\System32\clauth2.dll" echo Found clauth2.dll >> findSUBawf.txtif exist "%SystemRoot%\System32\lsprst7.dll" echo Found lsprst7.dll >> findSUBawf.txtif exist "%SystemRoot%\System32\nsprs.dll" echo Found nsprs.dll >> findSUBawf.txtif exist "%SystemRoot%\System32\serauth1.dll" echo Found serauth1.dll >> findSUBawf.txtif exist "%SystemRoot%\System32\serauth2.dll" echo Found serauth2.dll >> findSUBawf.txtif exist "%SystemRoot%\System32\servdat.slm" echo Found servdat.slm >> findSUBawf.txtif exist "%SystemRoot%\System32\ssprs.dll" echo Found ssprs.dll >> findSUBawf.txtif exist "%SystemRoot%\System32\sysprs7.dll" echo Found sysprs7.dll >> findSUBawf.txtif exist "%system%\bak" echo AWF-POSSIBLE >> findSUBawf.txtecho. >> findSUBawf.txtecho EOF >> findSUBawf.txtStart findSUBawf.txtexitThen, click File > ... Read more

14 more replies
Relevance 64.37%

This scan Security Tools Malware hit my PC while I was at work.
Wife told me about it. I just told her to shut the PC down.

I am running Windows XP Media Center Edition OS.
My firewall and virus program is Zonealarm Security Suite - latest updates, etc.

What I first noticed was:

Wallpaper screen was replaced with dark blue screen.
All of my program icons - missing.
Security Tools window keeps popping up and locks out just about everything else.
3 folders appear in Documents and Settings\All Users\Application Data
Randomly numbered folder names with the Security Tools icon inside.

I have been battling with information from the Zonealarm Forum site:

I boot up in Safe Mode with Networking and perform a Deep Scan
That seems to find lots of problems and I can then delete the quarantined files.
That seems to allow my PC to operate apparently virus or malware free for perhaps a day and then the randomly numbered files start to appear again. One folder on day one, the second folder on day two, and the 3rd folder on day three. The Security Tool window doesn't seem to appear until all three folders are generated. It seems like a new folder appears each time I turn off computer and restart??
I'm not sure about that though.

Anyway, the deep scanning in Safe Mode with Zonealarm seems to just get me by, but isn't a fix, so the Zonealarm Forum said to come here. It's interesting that the scanning with Zonealarm seems to temporarily disable and fix my PC, but then it com... Read more

Answer:Security Tools Malware Problems

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Let's try a couple programs here and see if you can get them to run. If you run into the same issues, try disabling ZA for a short time while you download and run the programs.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to... Read more

24 more replies
Relevance 64.37%

HiHere are my hijack logs, I believe I have the "Security Tool" malware infectionCould you plz take alook at my logsLogfile of Trend Micro HijackThis v2.0.2Scan saved at 3:40:01 PM, on 3/13/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18882)Boot mode: NormalRunning processes:C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exeC:\Program Files\Camera Assistant Software for Toshiba\traybar.exeC:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exeC:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exeC:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exeC:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exeC:\Progra... Read more

Answer:Security Tools Malware--Hijack Log

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

5 more replies
Relevance 64.37%

Hi guys,This has been after me for a few days now. Security tools virus keeps installing and putting pop ups/blue screen on my desktop background. Can't get rid of it at all. Any help would be appreciated. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:41:31 AM, on 10/11/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Del... Read more

Answer:Security Tools Malware/Virus

hi mcintost,

Sorry for the delay, no shortage of posters. If you still need help, reply to my post and we will start.

1 more replies
Relevance 64.37%

Problem:Security Tools Malware1. Unable to fix according to instructions posted by Grinler on September 25, 2009, despite several attempts2. Run Vista on half the computer & Ubuntu 9.1 on the other half so after reading I got the bright idea of going into my computer from the Ubuntu side & "move to trash" the file identified as the Security Tools file. 3. After moving the security tools file to the trash I reopened Vista and: -could see my desktop -could open some programs (didn't try them all) -no longer saw any "Warning" messages pop up -saw only one short cut on my desktop for Security tools which I moved to trash4. I opened Opera & tried to: -back up my data--failed got error message: "The filename, directory name, or volume label synax is incorrect. (0x8007007B)" -re-follow Grinler's instructions--failed when trying to save GMER log--no message the whole computer just froze--no ctrl+alt+del, no clicking on anything so I killed the power to re-access the internet & you on my Ubuntu side5. Got instructions to follow Preparation Guide do steps 6 - 9, did that by accessing the necessary files from the Ubuntu side & here they are DDS logs attached--GMER failed to runSorry I goofed sending the log the first time & thanks for your speedy replies. Hope I got it right this time :-)DDS (Ver_10-03-17.01) - NTFSx86 Run by admin at 11:22:45.62 on Thu 03/25/2010Internet Explorer: 8.0.6001.1888... Read more

Answer:Infected with Security Tools Malware

Hi there!Sorry for any confusion, I'm new to these forums, hope I didn't cause any problems. This is a new topic that I was instructed to open with a log by boopme. I just kind of assumed boopme would continue to help me, if I'm wrong then I am giving you an update on what occured while I was trying to get the DDS & GMER logs to you--my computer totally froze I couldn't ctrl+alt+del, I couldn't click on anyting--in order to get back in touch with you I powered down & restarted the computer in Ubuntu 9.1. From Ubuntu I accessed my DDS log & posted them to this new topic. I then posted to the original topic asking what I should do about getting back into the Vista part of my computer boopme gave me this reply:Ok let's try this Safe mode scan with SAS.. Do you also have normal mode?Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the c... Read more

more replies
Relevance 63.96%

I want to run Combofix with expert help, but do not know how to Disable ESET Smart Security, malwarebytes,ccleaner,spybot S&D and Windows Installer Clean-up before running Combofix. I would rather not uninstall them all if possible, just disable. I didn't know Windows Install clean-up was on there until saw it listed in programs.

Thanks so much for any help.

Answer:How disable(not uninstall) antivirus/malware removal tools before running ComboFix?

I found out how to disable ESET, but not the others....Thanks in advance for help....

2 more replies
Relevance 63.55%

Hi,I have tried many ways to get rid of some Malware that has only recently infected my PV. I hope someone can help me as this is my work PC and I need to plug back into my office network in a few days, but think this would be a bad idea at the moment.The problem first showed itself by insisting I had many viruses etc, and I should install Internet Security 2010. I have installed Malware Bytes removal tool, and installed as instructed. It found the above, said it was removed, but still it appears to exist, although the name of the infection has changed a few times, and is currently redirecting my brower to a similar page to the above malware. A popup now shows that I should install Cyber Security to remove the infections. This is obviously another malicious antivirus/malware program.I have McAfee Enterprise installed (which I can't seem to disable)I have also run SuperAntiSpywarePlus, which did the trick removing a similar problem about a year ago on a different PC. However, although this program also finds problems, and supposedly removes t5hem, the problem is still there.Please help. I have shown Hijackthis log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:58:42 PM, on 29/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\... Read more

Answer:Cyber Security removal; Malware removal not working

Hi,I have tried everything I know of to remove this pesky piece of malware. It seems to keep changing names, starting out as Internet Security 2010, and redirecting me on a google search to a webpage trying to convince I was riddled with viruii and malware, and then trying to sell me thier software, which is really just a scam. I ended up here after a few days of tearing my hair out, almost beaten. I went through the tutorials, but unfortunately that was before I fired off a post in desperation. Please delete my previous post, as I have now followed the suggested path, and run the utilities to help diagnose my problems. The resulting files are attached.Please help. I hope the files uploaded can provide an insight into whats happening.Apologies for jumping right in and posting a Hijackthis log before I had read the tutorials.ntents belowDDS.txt contents pasted belowDDS (Ver_09-12-01.01) - NTFSx86 Run by Greg.Middleton at 15:30:23.26 on Tue 29/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.3063.2330 [GMT 9.5:30]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\windows\Syst... Read more

3 more replies
Relevance 63.14%

google search is often hijacked when clicking on links. Happens on firefox or msie. The page is redirected through several other domains before taking me to a final destination remotely related to the original search term. Some of the sites seen in the middle are cs10275.com and ffinddirect.com, but there is no viable info on those online.

Neither spybot, avg or malwarebytes have removed the problem, and i see nothing odd in my hosts file or running processes.

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:19:38 PM, on 1/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WIN... Read more

Answer:google search hijack, can't find the prob in hosts or with malware removal tools

16 more replies
Relevance 62.73%

hello i have been having problems with malware doctor and the like, it happened because i needed to download a pdf to doc converter to print and many of them are filled with spywares and such.do you want an hijackthis log? i followed some of the other thread, but i cant downlaod combofix for some reason because of the constant redirection, while doing hijackthis i removed the most obvious one but left the others there.here's the hijackthis logLogfile of Trend Micro HijackThis v2.0.4Scan saved at 10:37:05 PM, on 8/30/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Trillian\trillian.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\notepad.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\rundll32.exeC:\Progra... Read more

Answer:anti-malware doctor problem and security tools

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.

1 more replies
Relevance 62.32%

Hello everyone

Is there any Third party tool to reset local policies, services, registries, windows update service to default in Windows 7.Earlier for windows xp i used to subinacl it was great tool from Microsoft but its not supported in windows 7.

Answer:Tools to reset local policies registries to default in windows7

Hi risingflight,

I am unaware of such a tool, and I don't think you can default the registry, but please find
the following tutorials that cover resetting Policies/Windows Update/Services

http://www.sevenforums.com/tutorials/214461-local-group-policy-reset-default.html
Services - Restore Default Services in Windows 7
Windows Update - Reset

For registry issues, you can use CCleaner, it has a Registry defrag option
and also a Registry cleaner (use wisely)

Hope this helps.

Cheers

Dave

6 more replies
Relevance 61.5%

Hello --
 
I have Windows 7 Home Premium, Service Pack 1, and believe I have the same type of issue that has been described in these links in your forum:
 
http://www.bleepingcomputer.com/forums/t/504908/infected-with-zeroaccess-rootkit-google-redirects/
http://www.bleepingcomputer.com/forums/t/504418/cant-download-anything-or-start-windows-security-center/
 
 
I don't believe that any new software has been installed on this pc, but I have recently begun receiving that "Windows Security Center Service can't be started" error, and I am not able to download any tools that might be able to help here...
 
I've read through the above 2 threads, and think I have an idea as to where to start here, but I know that every situation could be unique, and so I'm hoping that someone might be able to give me some guidance here...
 
I have Malwarebytes installed, and I did run it a couple of times...it found 50+ instances each time, and I removed them, but I still have the same issue...I have the 2 log files attached, and I'll be happy to provide any additional info that is needed...
 
Thank you in advance for the help, and I look forward to hearing from someone in the near future...
 
 
    Rob
    [email protected]

Answer:Malware Issue - Help Needed: Security Center Can't Start & Can't Download Tools

Hello rogerp77 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same"... Read more

4 more replies
Relevance 59.04%

When I try to run the Sysinfo, the message is MacFile opener can't be opened.
I have a Mac mini, late 2009, OSX El Capitan, version 10.11.6
I had MacKeeper security software for years.
2 weeks ago I allowed them to remotely reconnect the MacKeeper and run a cleanup to regain memory space.
They called the service MacKeeper Remote Assistance.
Now my computer password does not work, I can't access I cloud and I can't open system preferences.
I believe my computer has been compromised.
MacKeeper is owned by Kromtech.
I have no transportation to take my computer to be checked out.
Does anyone have an idea what I can do to get rid of this.
I would appreciate any suggestion
 

More replies
Relevance 59.04%

I have a custom built computer about 6 years old. I have Windows XP Home. I use AVG Anti-Virus free version 7.5 and SpyBot.

I am a personal property appraiser and after not having used my computer for about five months because of open heart surgery I am getting back to work. Recently started working on an appraisal that visited several foreign (Japan, China, Germany) sites.

During the past week I noticed that when searching on google and get zillions of hits on a subject I would click on the hit and at the connection find that it had nothing to do with what I was looking for...often a listing of services, clicking back sometimes took me to the desired site but often instead of being misdirected nothing happened until I got the message "not responding" and "ending now" took me out of Google and I'd have to start the search all over.
I finally noticed that the blue title bar at the top of the page said "jump...." and then would quickly flash off so I started searching google for "jump redirected internet searches and hence found your site.

I have read your instructions and have downloaded the program that scans my computer and prints out a log. I have saved it and will paste it below.

AVG has not detected this virus. Spy Bot (after loading updates that were neglected when I was sick) discovered a trojan...can't remember the name right now...and it was deleted. It wasn't the problem because I'm still having the same pro... Read more

More replies
Relevance 58.63%

Hi,I need some help with the guide titled, "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help".http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/I'm up to step 8.I already downloaded GMER and when I double click it. It would automatically do a scan without prompting me (lasting less than 10 seconds) and then I continue with the instructions in the guide: I unchecked 'Sections', 'IAT/EAT', Drives/Partition other than Systemdrive, which is typically C:\, and 'Show All'.When I clicked "scan" the program just froze on me. I waited for about 5 minutes to see if it was just a lag but then I noticed the clock on the bottom of my computer screen also froze. I had to force the computer to shutdown by holding the power button. I tried GMER again about 2 more times and it froze both times the moment I clicked "scan". Then on the 3rd and 4th try, it scanned but I walked away for about half an hour and when I returned, it appeared to have self terminated. Then my final attempt. The scan finished and I clicked the "save..." button and the program froze on me and again, the clock on my desktop has froze again and I was not able to save the scan report.Is there an alternative program I can use rather than GMER?Thanks

Answer:I need help in the guide titled, "Preparation Guide For... Malware Removal Tools..."

If you cannot get GMER to just just post the other logs asked for and explain the problem you had trying to run GMER.

3 more replies
Relevance 58.22%

Malware has attacked my computer and gives that red shield in the bottom that says something like "You have a security alert!" and makes many pop ups and takes over internet. I deleted ~tmpa.exe and ~tmpd.exe. But it comes back when I reboot. Log below.You help is greatly appreciated. I am sure if I delete the correct things, I can lick this.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:25:06 PM, on 1/15/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\SYSTEM32\taskeng.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exeC:\Windows\system32\ctfmon.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exeC:\Program Files\Tr... Read more

Answer:Malware removal Help - Security alert!

Hi, allingtonj Welcome. Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**Please, never rename Combofix unless instructed.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.... Read more

2 more replies
Relevance 58.22%

The computer is infected with Win 7 Security 2011. I ran House Call last night, it found ten objects but wouldn't remove them. It chose ignore, and wouldn't allow me to quarantine them. I ran a quick scan, and found nothing. The complete scan took 4+ hours, and came up with the ten objects.

MalwareBytes will not load up, and HJT will not create a log file. When I ran the suggested program..., it came up with a "sample hosts file", and there were no lines mentioning HJT. The output is below:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

I ran TFC, OTL, DDS, and TSG SysInfo.

SysInfo output:
Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows 7 Home Premium , 64 bit
Processor: AMD Athlon(tm) II P320 Dual-Core Processor, AMD64 ... Read more

Answer:Win 7 Security 2011 malware removal help please

7 more replies
Relevance 58.22%

I needed to amend the instructions written by Grinler for removing total security which is a virus/malware in order to get it to work. The link to the instructions: http://www.bleepingcomputer.com/virus-remo...-total-securityTotal Security has gotten smarter and now won't allow most processes or applications to run. Nothing I tried at first would allow me to end the Total Security process. Total Security shut down anything I tried to run... like hijackthis, malwarebytes, spybot, adware etc....I surmized, that total security will not allow you to run any exe programs other than a few it knows about.My solution was to rename the ProcessExplorer file..... Procexp.exe to iexplore.exe. (Download process explorer from Microsoft on a different computer if you have to.).... renaming to other file names like explorer.exe may work too.After doing that I was able to end the process and proceed with process.I think Grinler has edited his instructions so everything is good.Thanks to Grinler for posting the instructions. Good LuckHarold

More replies
Relevance 58.22%

Help! To remove AV Security Suite Malware. I tried booting in the Safe Mode and unchecking proxy server, then running rkill.com, and then running Malwarebytes to remove AV Security Suite Malware. All efforts have been unsuccessful.DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Robert DeAngelis at 10:01:57.89 on Fri 10/01/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.673 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exesvchost.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\explorer.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Robert DeAngelis\My Documents\Downloads\dds.scr============== Pseudo HJT Report ===============uLocal Page = \blank.htmuWindow Title = Windows Internet ExploreruDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8mSearch Bar = hxxp://www.wtywsdclgucnkkrhwzcxvhf.com/4tJGAN... Read more

Answer:AV Security Suite Malware Removal

Hello BobDeaWelcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it. When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================Please download Rootkit Unhooker and save it to your desktop.Double-click RKUnhookerLE.exe to run it.Click the Report tab, then click ScanCheck Drivers, Stealth Code, Files, and Code HooksUncheck the rest, then click OKWhen prompted to Select Disks for Scan, make sure C:\ is checked and click OKWait till the scanner has finished then go File > Save ReportSave the report somewhere you can find it, typically your desktop. Click ... Read more

1 more replies
Relevance 58.22%

My sypmtoms began as "AntiVirus Studio 2010" fake spyware removal software and "Security Shield"

I thought using Malwarebytes Anti-Malware I had removed the problem. Unfortunately, there have still been issues.

The current issues are intermittent.

Blue Screen (iastor.sys)
Pop-Ups for Viagra, Porn Removal, Free giftcards, etc. (I have not had a pop-up since trying to pay more attention)
Often very slow (sometimes just before blue screen)

GMER text is attached.

Please note that the DDS did not run.

?   ?? ? @ ? ? ? ?!?L?!This program cannot be run in DOS mode. (This is followed with pages of characters)

Please help me with this malware and instruct me how to properly run the DDS software.

OK, since I already attempted removal before finding this forum, here are copies of MalwareBytes Anti-Malware logs.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/22/2010 8:14:25 AM
mbam-log-2010-12-22 (08-14-25).txt

Scan type: Quick scan
Objects scanned: 159223
Time elapsed: 10 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys ... Read more

Answer:Malware Removal - Security Shield?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting... Read more

2 more replies
Relevance 58.22%

I read many of the other posts regarding how to remove the Security.Hijack malware. I ran Malwarebytes anti-malware and got 2 warnings about the Security.Hijack i asked Malwarebytes to remove them and i restarted the system but didnt actually remove anything so now i'm here asking for some help to how i can remove the 2 warnings in my system.

I followed another ''guide'' that was made within this forum but i kind off got lost in the rain
 

Answer:Removal of Security.Hijack Malware

It looks like you started to do the following, but didn't finish. So finish these instructions and attach the requested logs.

READ & RUN ME FIRST. Malware Removal Guide
 

3 more replies
Relevance 58.22%

this seems to be just like AVP 2009 mess that I removed a while back (pop ups bogus warnings, etc) with the exception of this one actually hides the desktop icons also....

DDS LOG:
DDS (Ver_09-09-29.01) - NTFSx86
Run by Sharon my Love at 20:56:23.85 on Thu 10/01/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.358 [GMT -4:00]

AV: Verizon Internet Security Suite Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Verizon Internet Security Suite Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon\Verizon Internet Security Suite\rps.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsy... Read more

Answer:security tool malware removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

2 more replies
Relevance 58.22%

I have noticed that I've been having popup ads lately, which is very strange since I've had popup blockers for a very long time. I keep my antivirus programs (mostly) up to date, and I rarely go on 'bad' sites. However, today when I restarted my computer, I had the "Security Tool" program pop up and give me a list of fake viruses that it wanted me to delete. I didn't delete them; instead, I opened my Killbox program and deleted two of the Security Tool files, but it would not let me delete the main folder for them. I opted to do the "delete on restart" method, which took out the main folder.

However, I've been trying to run the suggested "Malwarebytes Anti-Malware" scan to make sure the Security Tools is gone for good, but I absolutely cannot seem to run it. Every time I try to install/run the program, I get an error message or the program will start and stop itself. Eventually, it will be unable to find the mbam.exe file that is needed to run the program. I've tried to do all the suggested methods to make the program work that were listed on different forums from google.

I am still getting popup ads. I am unsure if this was the only problem my computer is having. To be safe, I have run a Hijack This, DDS, and RootRepeal scan on my computer. I do have Killbox, so I can manually delete anything that isn't safe (if it lets me delete it). Any help would be greatly appreciated!

If I read the "How To Post" thread correctly, I'll post... Read more

Answer:"Security Tool" Malware Removal

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

2 more replies
Relevance 57.81%

i'm having increasing problems with my computer and am now sure i have some form of malware or viruses. i've had a constant popup where MSWord tries to install itself repeatedly, and i have to manually cancel multiple times when i start the computer. i was worried this was a virus, but when i searched about it i found this was related to windows installer. if i disable windows installer, it goes away.

however, for the past week i've started getting repeated popups saying that google update has encountered a problem and needs to close. i read on some forums that this was related to a google chrome installation. i don't remember if i've even installed google chrome-- but i can't find it on my computer to uninstall it. in the past few days i've started to be redirected to various ad sites when i search for things on google in firefox. i have avira antivirus, windows defender, have used windows malicious software removal tool, lavasoft adaware, and windows defender. all were coming up with no malicious software when scanned, but the problem persists. windows malicious software removal tool just finished a full scan and removed one infection, for an ad program it said would cause random popups, which i haven't had a problem with. i have tried repeatedly to install MBAM and hijack this, along with other tools. even after renaming, i had a lot of problems. MBAM would not open at first, then would partially install, then finally said it completed its installation, started to update... Read more

Answer:google update problem, google search redirect, can't install malware removal tools, stopzilla(?) reported infected by UACd,...

i might've misunderstood the DDS instructions on the tutorial on how to post about these things. i looked at a couple of other posts where people have posted their hijackthis logs. here's mine:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:57:42 PM, on 4/1/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SiteAdvisor\6261\SiteAdv.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.... Read more

5 more replies
Relevance 57.4%

sir, Two computers(winXP-pro-sp3) in my office have infected with virus/malwares but of different nature. In First machine, Avira free was installed. Same machine had to be reformatted(only C-drive out of three partitions, C, D & E) a week ago after a virus removal exercise with Mcafee AV, which resulted vanishing of Desktop & start menu. Probably fresh virus infection occured due to non-formatting of other two partitions containing lot of data( mainly .doc, .pdf, .jpg, .htm & .txt). This time I tried to clean the machine with a updated Nod32(installation folder copied from another machine) kept in a flash drive. cleaning was done in safe mode when some 2000+ virus was removed by Nod32 including some conficker,autoit viruses. Before reaching safe mode, I tried TaskMgr, Msconfig, regedit & windows search, all of which were disabled. However, it was possible to view hidden files & file extentions, inluding system files. But after reboot, viruses not removed, took control of machine & reaching safe mode was blocked. One thing i noted is infection of svchost.exe & explorer.exe. First one was operated from a folder(2537452) within system32, second one was associated with a file "regsvr.exe"I read your article for removal of security tool & accordingly downloaded rkill.com, kept in desktop & wanted to run but every time virus terminated the application before starting. I could install a current version of malwarebytes' Antim... Read more

More replies
Relevance 57.4%

Hi! I'm running windows 7 and I have the same problem as this guy has:

http://forums.techguy.org/virus-other-malware-removal/983966-wpn-exe-file-posing-vista.html

It's malware masquerading as some kind of anti virus software that jumps up and starts doing a false scan and then tries to make me buy it. It pops up whenever I open an IE/Chrome window and attempts to hijack my browsing. I think it's also somehow hijack spybot search and destroy because I can't get that to scan at the moment. Nor can I get hijack this to produce a log (it just produces a blank notepad file and then 'vista home security' pops up and starts scanning again).

I can only use IE/Chrome when I terminate the process in the task manager (bal.exe - description is 'steam'.)

Being that it has pretty much crippled every possible form of defence my computer has I really would appreciate some help getting rid of this awful thing!

Thank you!
 

Answer:Vista Home Security malware removal

9 more replies
Relevance 57.4%

Hi,

Thanks in advance for any help. I will do my best to provide all the necessary info. Last week, I got the Outerinfo and Internet Speed Monitor infections. I used online tutorials to remove these items using ComboFix and AVG Anti-Spyware, etc. Yesterday I got Security Toolbar 7.1 infection that causes pop-ups (with the little yellow triangle) and slows the system down, and I cannot seem to remove it. I ran the ATF cleaner and created a system restore point. I ran an updated version of AVG Anti-Spyware (but I cannot find the log). I tried to run Super Anti-Spyware but got an install error. I ran Panda Active Scan. I have updated the security patch for XP. I still have this infection.

Here are the logs I can provide:

First is Panda scan log:'
Incident Status Location

Adware:adware/searchaid Not disinfected c:\windows\winshow.exe
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d37f2pwb.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d37f2pwb.default\cookies.txt[hc2.humanclick.com/hc/51325817]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\James\Cookies\[email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\James\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\James\Co... Read more

Answer:Solved: Malware Security Toolbar 7.1 Removal

10 more replies
Relevance 57.4%

Hi,

My computer got infected with the koobface several weeks ago. I posted in the 'Am I infected? What do I do?' section and the Hijackthis logs section and we have used malwarebytes to remove the infected files, restored windows to the last known good configuration and used the XP system restore feature and updated security.

Unfortunately none of this has worked. After using the internet (through both IE and Firefox) for around 5 mins the window freezes so I have to close it down. My computer then blue screens and I receive the ***STOP: 0x0000000A message. After logging back on I receive the following message 'loading model error. load default model?'. If I log off before internet freezes I get this message 'the instruction at 0x000f2fc0 referenced memory at 0x000f2f0. The memory could not be written. Click ok to terminate the program. Click cancel to debug the program'.

The last time my computer blue screened I received an error report after logging back on. I thought the info could be of help. Please find all of the details below:

Error Report Contents
The following files will be included in the report
C:\DOCUME~1\JAIME-~1\LOCALS~1\Temp\WERc30b.dir00\Mini100409-01.dmp
C:\DOCUME~1\JAIME-~1\LOCALS~1\Temp\WERc30b.dir00\sysdata.xm

Error signature
BCCode : 1000000a BCP1 : 0000BA33 BCP2 : 00000002 BCP3 : 00000001
BCP4 : 806E4A8E OSVer : 5_1_2600 SP : 2_0 Product : 256_1 l

I've had the problem for a couple of months now and I'm keen to get it fixed asap. Pl... Read more

Answer:Still getting BSOD after malware removal [moved from security]

'C:\DOCUME~1\JAIME-~1\LOCALS~1\Temp\WERc30b.dir00\Mini100409-01.dmp'

It made a minidump, so look for them and zip up the latest 4 and attach them.

7 more replies
Relevance 57.4%

Hello,I'm Jon, and I have an infected PC, yadda yadda yadda. Please forgive me, but I am not as spyware savvy as many of you are, I'm sure. My computer just started getting a small white X in a circle in the tray, and a pop up window down there saying: Warning! Security Report. Your Computer is infected! It is recommended to start spyware cleaner tool. When I right click on it, it sends me to an antivirus page, and then does tab afetr tab of crap. I also am getting warnings on my normal browser pages as well, now. I am not clicking on any of them, of course, because it appears to be malware? I run a Windows XP OS. I am not sure if it is NT or not. I am in an office with six different computers on our network. It is wireless internet, with a server running cables to all of our computers. I use Internet Explorer, maybe version 7? I am not the most tech savvy out there, so forgive me if I am being too vague. I have Ad-Aware, Spy-Bot, and I believe we are running Symantec Antivirus, but I think I only have Endpoint protection. Perhaps it is installed on our server, then distributed in our small network? I also noticed that my task manager will not work, and my background photo has been disable on my desktop? Can anyone help me remove this nasty thing?Thanks for any help-Jon(Moderator edit and note: thread moved to more appropriate forum. jgw)

Answer:warning security report! malware removal??

G'day, Jon,Can you please Post into this Area and be Patient, we are having a very busy time just now?http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/Someone will come there to Help you out.

4 more replies
Relevance 57.4%

Hello,I'm out of tricks to get rid of this nasty rookit infection I have. It started this past saturday 12/17 with the XP security 2012 malware. I followed instructions online and removed it (various reg edits and running MBAM etc). It had corrupted my rundll32.exe file, which I restored from my XP disk (you will see a reference to the "old" copy I made be overwriting in the DDS log). After that my applications all worked again and my computer seemed fully functional but then I realized the virus also has a rootkit attached to it that causes google redirects in Firefox. I ran TDSSkiller and it found something and cleaned it the first time. Since then it has re-surfaced many times. MBAM found something once or twice upon resurfacing, but hasn't found anything the past few scans. TDSSKiller doesn't find aynthing anymore. SuperAntiSpyware doesn't find anything. I decided to run Mcaffee anti virus, and it said it found 3 files with Downloader-BMN.gen.g(Trojan) .. This was exciting, I hoped that would be it. But alas firefox googles still redirect. I haven't done any more scans and thought its time to call in the pros. Also forgot to mention I've run defogger and disabled my CD emulators, and ran CC Cleaner multiple times and deleted all my history and temp files etc. I have NOT run comboFix yet .. Here is the DDS log:.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30Run by Bill at 21:11:18 on 2011-1... Read more

Answer:rookit won't go away after XP security 2012 malware removal

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

18 more replies
Relevance 57.4%

hello fellow tech heads

i've had a day from hell trying to remove the above trojan. none of the things found on the net worked for me like booting into safe mode as the virus was still active and stopping things. blocking task manager so i took things into my own hands and downloaded rkill which was the only thing that i could acctually load in safemode, killed it ran malwarebytes got rid of it well i taught i did but then when i booted into windows my programs are still missing from the start menu, malwarebytes i just installed was not there so reinstalled it and still was not lising in my programs

win update thinks its turned off when its on

accidentally turned hidden files on and found some of my movies and files which are marked as hidden OMG what the.........

so i can use my computer as per normal now and for internet i have to go through windows explorer but i am still infected and not sure how to fix it now as i cannot remove avg as its saying that its missing some reg file and therefore cannot run combofix

help pls :)

Answer:xp security 2011/ malware removal tool

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Who instructed you to run ComboFix?

As you should have read here in Step 2 of our NEW INSTRUCTIONS thread:

Why we don't ask you to run ComboFix from the onset

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

------------------------------------------------------

We first need to verify if there are any rootkits present and how they could affect our tools.

DDS & GMER are preliminary scans. We use their logs to map our strategy for attack.

With these logs we can determine the infections present and decide whether to deploy ComboFix.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. Please follow our pre-posting process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one ... Read more

19 more replies
Relevance 57.4%

I have followed the suggested guide to removal the malware 'Security Tool' (Remove Security Tool and SecurityTool (Uninstall Guide)). However when I try to run the rkill file the virus shuts it down before it has a chance to act.I have tried not clicking on the pop up boxes however this does not work.I have been able to download the malwarebytes set-up however the malware is blocking me from running the program.Is there any other way I can either run the rkill program or allow the malwarebytes to open and install?(I am using a new samsung r519 laptop running windows 7. It is a week old so has no unusual software or hardware)Any help would be really appreciatedEdit: Moved topic from AntiVirus, Firewall and Privacy Products and Protection Methods to the more appropriate forum. ~ AnimalAllen

Answer:Failed Removal of 'Security Tool' Malware

Thanks Animal..Run FixExe.regFixExe.reg ....click Run when the box opensIf you get an alert that Rkill is "infected", ignore it. The alert is just a fake warning given by the rogue software which tries to terminate programs that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine. Or try running SAS first after Rkill.Download and scan with SUPERAntiSpyware Free for Home UsersDouble-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the Scanning Control tab.Under Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the... Read more

1 more replies
Relevance 57.4%

Hi

I'm trying to remove this malware from my laptop computer but all instructions that I've read indicate to download removal spyware...but my browser won't start up! I tried burning the indicated software to a CD and then loading to the infected computer but still no luck...

Any ideas?!

Thanks!

More replies
Relevance 57.4%

Hello all,

I have the malware Security Protection on my desktop. A quick search on google can show you what it is. Anyway, I have run MBam numerous times, each of which has removed, it seems, a portion of Security protection. However, a link of security protection still winds up residing on my decktop as well as a reloaded version of SP later on. I cant seem to fully get rid of it. any ideas?

SW
 

Answer:security protection malware complete removal

Hiya and welcome to Tech Support Guy

Can you run the tools in this thread:

http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html

And then post the following:

1. Copy and paste the HijackThis log.
2. Copy and paste the contents of the DDS.txt file.
3. Upload as an attachment the Attach.txt file. There is no need to zip it as suggested in the DDS instructions
4. Copy and paste the contents of the ark.txt file.

Regards

eddie
 

1 more replies
Relevance 56.99%

I hope I am finally in the right forum. Please, please help.Mod Edit: Topic in XP forum, http://www.bleepingcomputer.com/forums/topic433359.html/page__gopid__2516139 .Following pinned instructions for 2012..Security..XP, I was able to remove a number of Trojans with Malwarebytes, restored the firewall, reran Avast, and thought all was OK. And it seemed to be for a couple days.... Then Avast informed me it couldn't protect for firewall/email. Removed a few more trojans with malwarebytes, but could not get the firewall back up. Another forum has directed me here, explaining that I probably have resident malware.At this time, my computer is hung on the "windows is shutting down" window (I was trying to restart.) Before that, I had physically unplugged from the internet. A lot of services were running huge I/O and Other while I had nothing up but the CPU usage screen. InCDsvc and lsass were the most active. Oddly, I got a message the last couple reboots, that InCD could not be started.The scary thing for me (other than that the screen hangs there) is that all these processes were running very actively, but none were identified with a user - usually, it specifies network, local, Irena - like a ghost in the machine. It got quiet when I stopped the InCD, and very quiet after I pulled the Internet plug.The message was: Windows cannot start the Firewall/Internet Connection Sharing (ICS) service. I didn't go online after that. Now it's just a hung "shutting ... Read more

More replies
Relevance 56.99%

Sirs,
My desktop was recently infected with a malware security shield.After doing some google search I used first stopzilla avm 2113 .But since It wanted a registraion for repair scanning threats that I could not afford,I uninstalled it and then of my own I ran combo-fix.After that there seems to be no problem with my system that is windows7/32bit.however I donot understand the contents of its log report and need help from a suitable helper.the log report is enclosed.
moreover I want to know how should I protect my computer from subsequent threats as I cannot afford a fully paid anti virus.
thanks
vkwd7

More replies
Relevance 56.99%

HI
could you please help me in solving my system problem.

when i start the computer it says the following message

The path'c:\WINDOWS\o4251227.exe' does not exist or is not a directory.

Windows cannot find "'C:\WINDOWS\o4251227.exe'".Make sure you typed the name correctly, and then try again. To search for a file, click the start button, and then click search

then when i click on the browsers it open very late.

Next is if i goto for google search and when i click the result it will open the websites like

'http://goldenmango.com/fine.cfm?pt=2&rpt=1&kt=1'
http://216.133.243.28/2.php?sid=677...LaW5nZG9tCUdC&objTimStr=0.22215900+1203094488
http://www.uncoverthenet.com/search/?q=fine'

unrelated links..

After going thru these website i have installed the Hijack This and the report is

Logfile of HijackThis v1.99.1
Scan saved at 10:08:41 PM, on 2/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\C... Read more

Answer:Solved: System is in a big trouble. security and malware removal

13 more replies
Relevance 56.99%

The malwarebytes antivirus did not remove the winweb pop up security alert. When I run the scan it does not detect any malicious items. The only malware quarantined was from the vendor Adware.Zango. The item is very long. I would cut and paste it here but can't seem to do that. It starts with HKEY_CURRENT_USER. This was the only one found in the registry of malware antivirus. There are many other items in the winweb security alert like trojans and others. should I write these down in the postings? The pop up Lsas.keylogger keeps coming up too.I did switch to firefox. Before winweb was on my screen I used Internet explorer. I'm not sure if the browser matters. I've used firefox eversince winweb has been popping up. Also, I could not run kapernsky's free scan for some reason. I did download the new runtime JAva but I still couldn't get a scan.I will cut and paste the reports from RSITLogfile of random's system information tool 1.04 (written by random/random)Run by sam pratt at 2008-12-03 10:43:54Microsoft Windows XP Home Edition Service Pack 3System drive C: has 258 MB (3%) free of 8 GBTotal RAM: 254 MB (27% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:44:46 AM, on 12/3/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS&... Read more

Answer:Malware removal request( winweb security alert)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable ... Read more

3 more replies
Relevance 56.99%

Hello,

I seem to have the same issue as the poster below - except that I'm runnin Windows Vista. I can't seem to be able to download any program - even in safe mode - as the malware starts popping up it's own security windows. I would greatly appreciate any help.

http://forums.techguy.org/virus-oth...5697-vista-home-security-malware-removal.html

Thanks
 

Answer:Vista Home Security 2011 Malware removal

I was really hoping that someone can help on this. It's been 2 days since my original post; so I thought I would bump it up. Any help would be greatly appreciated. Thank you.
 

1 more replies
Relevance 56.99%

I followed the Malware removal guide top to bottom, and it successfully removed the problem I had - which was that Google searches were returning false results

Thank you!

After completing the procedure I now get error alerts on my existing Security software:

1. Norton Internet Security 2009 -
a Risks in compressed file "dc1.exe"
b Risks in compressed file "Combofix.exe"

2. Spyware Doctor -
Application.NirCmd (22 infections)

Do you know if these are false alarms related to the Malware removal process?

Should I ignore these alarms, or let the software apply a fix?

Can I now safely toggle System Restore?
 

Answer:Security threats reported after completing Malware removal

I can't see log files for Malwarebites AntiMalware or for SuperAntiSpyware

I did run the scans but I don't think they found any infections
 

5 more replies
Relevance 56.99%

On internet i have seen several times the advice to change the name by which a particular malware removal program is known since some malware recognizes the files
or the ---.exe and then prevents its installation onto an infected computer or its execution, even if the program was installed on the computer before the infection took place.
This was advised for TDSSKiller (tdss.exe should be renamed to e.g. whatever.com)
Malwarebytes AntiMalware should be renamed before using it on an infected computer.
See e.g.
How To Easily Remove Google Redirect Virus
http://www.usenetmessages.com/view.p...&id=476887&p=C

Can anyone say anything about this? And should this also be done routinely with other malware removal programs? If that would really be necessary/advisable then why wouldn't the providers give you the choice of renaming by asking if you want to, or simply give you no choice but rename their product? Probably not many people would ever think of doing it themselves.

Answer:Should malware removal programs be renamed for security reasons?

I'm perhaps being rather cynical, but I'm very suspicious of articles that have a link to a 'registry cleaner' or any other so-called utility that claims to clean or speed up your computer.

I'm of the opinion that some of these can easily corrupt your registry or your system.

Microsoft Security Essentials along with Malwarebytes and ignoring suspicious web pages or links has kept my computer free of viruses so far.

As for renaming Malwarebytes, I certainly wouldn't do it. If the door is already open, the undesirable alien is already in and only its removal will suffice.

The door needs to be locked, not just have its name changed.

6 more replies
Relevance 56.99%

Hi All
I don't know where to put this request, it kind of crosses over different topics.
I had that Antivirus security pro virus which has now been removed following the method from this site (many thanks for that, it has been a huge relief), however I still get the .exe file errors and deletion when I try and download something and I cannot remove or reinstall Microsoft security essentials.  I have re run the malware program several times now and says everything is clean??
I have window 7 64bit if that helps
Cheers
DAvid

Answer:Cannot remove Microsoft Security Essentials after malware removal

G'day David, fellow aussie here.....
 
I would just about bet money that your PC is still infected mate . In fact i would probably bet the farm on it !
 
Ok...(on a more serious note)....Post a new Topic here :: http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
 
Describe what led you to know that you were infected....and what steps you have taken since.
 
Kind Regards,
 
Brian

1 more replies
Relevance 56.99%

I have a malware infection I can't figure out how to fix. It started with a fake Windows Security Center scan warning, which I did not allow to run and then I notice several instances of ooj.exe running in my task manager. It has blocked me from opening almost any program/.exe. Windows just asks me to select a program to open the file. I can't run mbam or Super AntiSpyware. I have tried running FixExe.reg from a USB drive, it seemed to help initially, but no longer does.

I followed your general instructions. I could not run the defogger or gmer.exe (it just hung when trying to run). I did run the DDS (log pasted below and attach log is attached).

Any help would be greatly appreciated. Thanks!

.
DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Run by Administrator at 15:42:08 on 2011-07-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.969 [GMT -6:00]
.
AV: AVG Internet Security *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TEMP\hki183.exe
C:\Documents and Settings\All Users\Application Data\gj8Be6Sx.exe
C:\WI... Read more

Answer:Help wiht Malware Removal - ooj.exe, Wndws Security Cntr

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on http://www.bleepingcomputer.com/logreply/412109 and follow the instructions there. If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following inf... Read more

34 more replies