Computer Support Forum

Cannot run antivirus scan even in safe mode

Question: Cannot run antivirus scan even in safe mode

Hi,
I have an infected windows XP SP2 pc.
I do not have any active antivirus software on this pc ( ESET NOD32 is expired).
1. I tried downloading a few free antivirus softwares like avira/avg/avast/MSE but was unsuccessful as -
a) either they do not support sp2 or
b) on clicking download the page does not load
2. I have tried running online antivirus softwares like bitdefender (cannot load) and ESET (after running the activeX control tried downloading the .cab file but nothing happened)

Following is the info from SysInfo -

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 2, 32 bit
Processor: Intel(R) Pentium(R) D CPU 2.66GHz, x86 Family 15 Model 4 Stepping 7
Processor Count: 2
RAM: 501 Mb
Graphics Card: Intel(R) G33/G31 Express Chipset Family, 256 Mb
Hard Drives: C: Total - 39997 MB, Free - 24258 MB; D: Total - 39997 MB, Free - 218 MB; E: Total - 39997 MB, Free - 222 MB; F: Total - 32624 MB, Free - 398 MB;
Motherboard: Gigabyte Technology Co., Ltd., G31M-S2L
Antivirus: ESET NOD32 Antivirus 4.0, Updated: No, On-Demand Scanner: Enabled

Relevance 100%
Preferred Solution: Cannot run antivirus scan even in safe mode

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Cannot run antivirus scan even in safe mode

-----------------------------------------------------------
Be sure to read the information in these threads about Windows XP risks and options:
Derek's post here is a view of the risks : End of Support For Windows XP
You have already taken this risk with an SP2 machine, and lost the bet.
My post concentrates on software options for saving the machine: Windows XP - The Elephant In The Room
Read it very carefully.
Your machine will support the simplest of Linux systems, but really will not be satisfactory with ANY of the newer Windows.
I don't think trying to Fix this will produce a good result.
Almost all of our Fixing tools actually require XP Service Pack 3 to work, and installing Service pack 3 on an infected machine will usually fail or produce an unstable system.
This may be why the programs you are trying to use don't work.
Windows SP3 came out in 2008, and Support for SP2 ended in 2010.

2 more replies
Relevance 87.33%

If i restart in safe mode and run an antivirus scan with the AV installed on my PC, is that as good a scan compared to scanning in normal mode. (Do scans in safe mode miss anything that a scan in normal mode would pick up?)

Answer:AntiVirus scan in safe mode

you need to scan in normal mode not everything is running in safe mode

6 more replies
Relevance 73.39%

ok i have a huge problem, i no virus scan capabilities in safe mode and in safe mode with networking, now i have tried to go back to reg. booting, and see if it is installed corectly, and from the looks of it, it is all icons and file folders are there and working.....now when im in either one of the two safe modes wither im on the amnstdr or mine the software will not open and it won't open, here is what comes up when i try to open it from program files:

"Faild to start the Symantec Management Client service. Error code returned:
0x8007043c
i am getting frustrated badly with this, i am running XP home ed. on an ACER aspier one, (say what you want but its practical) and as you can tell i am running live update/Symantec Endpoint Protection
and yes everything is up to date, i have waxxed the backdoor troj. with no prob. but i am needing help tring to fig. out how to solve this prob so i can make shure i completly killed the attack...thanx

Answer:No virus scan in safe mode or safe mode with netwrkg

Hi and Welcome to BleepingComputer,

Not all anitvirus programs work in safe mode, I don't know about Symantec but I do know my ZoneAlarm does not. I do not see the reason to run it in safe mode. If you are really wanting to run stuff in safe mode, run SuperAntiSpyware in it and just run your antivirus program in regular windows.

Btw, it sounds like you had something on there that has backdoor capabilities and if that is the case, then unless you reformat the computer, it will never be truly safe again.

11 more replies
Relevance 70.11%

Just a general question:1. When doing a routine scan for viruses and malware, etc. (and just generally speaking), is it better to scan in safe mode or regular mode? 2. If you scan in safe mode, is there anything that wouldn't show up (that you could potentially miss) that *would* show up in regular mode? 3. Or is safe mode just better all around, and everything is covered (plus more) that you'd find with scanning in regular mode?(I'm referring to scanning with AVG A/V, AVG Anti-Spyware, SpyBot (old version), and Ad-Aware SE.)Thanks!

Answer:Better To Scan In Safe Mode Or Regular Mode For Virus/malware?

Safe Mode is a troubleshooting mode designed to start Windows with minimal drivers and running processes to diagnose problems with your computer. This means some of the programs that normally run when Windows starts will not run.The Windows operating system protects files when they are being accessed by an application or a program. Malware writers create programs that can insert itself and hide in these protected areas when the files are being used. Using "Safe Mode" reduces the number of modules requesting files to only the essentials to make your computer functional. This in turn reduces the number of hiding places for malware, making it easier to find and delete the offending files. Using your anti-virus and anti-malware tools, in "Safe Mode" also speeds up the scanning process. Read "Beginners Guides: Windows XP Safe Mode Explained" and "What is 'Safe Mode' used for and why?"

4 more replies
Relevance 69.29%

Hi.

I can't update my antivirus : BitDefender Free Edition v10.

I also can't enter windows xp in safe mode. An error msg will come out (like computer crash, in blue screen).

I also can't enter or scan online from any antivirus website.

Could this be virus?

Answer:Can't update antivirus, can't access any antivirus website, can't enter safe mode.

Hello it most likely is..I am moving this topic to the Am I Infected forum. Can you do these?You will need to Download and Run DDS which will create a Pseudo HJT Report as part of its log..If for some reason you cannot perform a step, move on to the next.Please follow this guide. go and do steps 6 thru 8 ,, Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help . Then go here Virus, Trojan, Spyware, and Malware Removal Logs ,click New Topic,give it a relevant Title and post that complete log.Let me know if it went OK.

3 more replies
Relevance 66.42%
Question: Scan In Safe Mode

Hello,

Sorry if this has been asked before, but hopefully I won't get bashed for asking again. I see many times here at this site when people ask about software for spyware/adware, it is recommended that after installing it to run it in safe mode. What is the benefit, or advantage, of this? I currently run AdAware 2007 Free, AVG Anti Spyware, and Super Antispyware for spyware/adware prevention. I normally run these while the computer is running normally, or NOT in safe mode. Would I be better off to run these programs in safe mode? Will I detect/find/remove more this way? Your comments welcome, thanks.

Answer:Scan In Safe Mode

Windows when running normally often "protects" files it is using for various purposes, and malware often hides itself in these files for that very reason. When you run your computer in "safe mode" this limits Windows to the most basic of operations, thus "unprotecting" additional files because they are not being used or needed by the operating system.
Regards (and absolutely no bashing)
John

2 more replies
Relevance 66.42%

Norton informed me I had a download trojan on my pc and couldn't delete it, but said it had repaired it.I tried running a scan in safe mode with system restore off but norton wouldn't scan.When it says it has 'repaired' the file does this mean it is now ok or should I still be worried?

Answer:Can't scan in safe mode.

I was really hoping that someone else would comment on your other thread click here

2 more replies
Relevance 66.42%

hello ive been with this community for a while and wats safe how do i get to it and why do i use it?

Answer:why should i scan in safe mode?

http://www.computerhope.com/issues/chsafe.htmSometimes virus scanners have a problem deleting virus files while they are in use, when you start in safe mode these files will not be running making it possible for them to be deleted.You only need to scan in safe mode if your virus scanner picks up a file it can't delete.

8 more replies
Relevance 66.42%
Question: Scan in SAFE mode?

Years ago, (last time I had a virus) it really helped to scan in SAFE mode (with Norton 2005 or whatever) and I don't see alot of this nowadays. Does it still help, or are the anti-virus programs better? And yes, it did work better to find viruses, and was recommended highly.
 

Answer:Scan in SAFE mode?

We prefer that the scans be done in normal mode, where all services and drivers have loaded. But if something doesn't run in normal mode, we suggest trying in safe mode. :major
 

3 more replies
Relevance 66.42%
Question: scan in safe mode

I've seen this suggested often here but it's new to me. I do the maintennace in Safe Mode because of the assurance of having more stuff securely shut down but why scan for spyware adware, malware et al in Safe Mode?

Answer:scan in safe mode

When you boot into safe mode, it just loads a minimal set of generic drivers, that is it does not read the registry which is where the malware gets its instruction to load. Once loaded the spyware is sometimes tricky enough to evade the removal tools.

3 more replies
Relevance 66.42%

Hi,

I know I have virus or malware or something bad in my laptop... The problem is, it won't allowed me to scan it by using Malwarebytes or SUPERAntiSpyware, because it always shut my laptop down when I tried to scan it... This is only happened in safe mode... Please help me

Answer:Can't scan in safe mode

Hello Edward SamuelCan you run them in normal to se what they pick up?Run RKill first,then MBAM and SAS and post the logs please.Please download Rkill by Grinler and save it to your desktop.Link 1Link 2Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer, you will need to run the application again.

3 more replies
Relevance 66.42%

This is my friend's log...
She even failed to scan pc in safe mode..

Logfile of HijackThis v1.99.1
Scan saved at 11:25:39 PM, on 8/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\A\LOCALS~1\TEMP\{BA820A24-704B-428D-9904-71A10DAC1372}\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
... Read more

Answer:Help pls, cant scan pc in safe mode

Can anyone help please, because she cannot online due to that virus.
Thanks...

/Bump/

4 more replies
Relevance 66.01%

whats up!
i was wondering if any1 could help me. i have Norton AntiVirus 2003 (windows xp HE):
when im in normal mode, everything's cool - virus definitions are updated and everything's checked as ok.
But when i access norton in safe mode - the status of virus definitions comes up as an error and i'm not able to run a scan of any kind. when i try, it tells me virus definitions need to be updated but i am obviously not able to access the internet via safe mode.
Does any1 have an idea what the problem is??
I have js put the system through a repair (is that the reason?)
Also my security centre is unavailable and i cannot access my firewall (the error tells me windows firewall cannot be displayed because the associated service is not running) it then tells me if i want to start the ICF or ICS - and when i select ok, it says it cannot! How do i get these back??
 

More replies
Relevance 66.01%

i was told its worthwile running a spyware scan in safe mode, is this true?
if so can u tell me how to do it and with what program?
I have adaware, MS antispyware,Spyware docter @ spybot,
which of these is the best, I notice they all pic up differant spywares,any ideas?

thanks heaps guys

Answer:spyware scan in safe mode

Greetings,

In some situations it can be helpfull, but however you mentioned two programs that you have installed that have the capability to run a full scan before windows completly starts up making it as good or better than running a scan in safe mode. Both Adaware and spybot can do that, i'm not sure of a way to force Adaware to do that without being prompted after it finds items it cannot remove. But in spybot you can by clicking on settings on the bottom left and than settings on the mid left than scroll down to automation and system start. You can choose which one to click there but the option "Fix all problems on program start" would be easiet.

1 more replies
Relevance 66.01%

ok so im at work and the computer im working on got a worm virus. I can't open any .exe files so now im running in safemode. this computer doesnt have winzip and from what ive seen on your website i'll need it. i cant download it in safemode for some reason. comp says winzip installation has been blocked by administrator. i need to know how i can get rid of the virus through safemode. plz help! thanks

Answer:virus scan from safe mode

Hello whit037,

Do you still require assistance?

1 more replies
Relevance 66.01%

My computer was running really slow and was acting like it had a virus. Notepad quit working and everything, so I ran the virus scan a few times and nothing would come up. So I did it in safe mode and it said I had 42 infected files, and only 36 were deleted.... I probly shouldn't have deleted them, but now it is REALLY messed up.. here's my log

Logfile of HijackThis v1.97.7
Scan saved at 9:45:28 PM, on 6/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TWAIN_32\SiPix\SC-2300\SC23Exec.exe
C:\Program Files\McAfee\McAfee_VirusScan\alogserv.exe
C:\WINDOWS\System32\pdiihc.exe
C:\Program Files\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\TWAIN_32\SiPix\SC-2300\SC23CamC.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee_VirusScan\Avsynmgr.exe
C:\Program Files\McAfee\McAfee_VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee_VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\M... Read more

More replies
Relevance 66.01%

Afternoon all,A completed scan in safe mode using AVG8 shows the pc to be clear of all infections. Returning to normal, I have an avgrep.txt on my desktop which I opened. This shows that 453759 objects scanned and noticed that all objects that I've looked at that have been scanned are either >Log Locked file. Not tested. or >Locked file. Not tested (without the arrow heads.) Is this cause for concern?This is the first time I have done a scan in safe mode so maybe I'm being over cautious.Thank you for all responses.

Answer:Completed scan in safe mode

Kaspersky does the same thing it comes up when a file is password protected or the like, it comes up in normal startup as well so u dont need to worry about that aspect. however I am unsure to the safety of the scan when it comes up with messages like this, unfortanely i don't beleve there is a way to scan these area's propaley.hope this helps.

1 more replies
Relevance 66.01%

HI, I FOUND TWO VIRUS IN MY PC, "TROJAN MOO. AND VBS SORACI." WHEN I TRY TO SCAN NORTON INTERNET SECURITY IN SAFE MODE, ERROR SHOWS "SYMANTEC INTEGRATOR HAS ENCOUNTER A PROBLEM AND NEED TO CLOSE" I THINK Logfile of HijackThis v1.99.1
Scan saved at 12:42:07 AM, on 7/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Winamp3\winampa.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Progr... Read more

Answer:Safe Mode Norton Can Not Scan

Hi, Welcome to TSG!!

Run HJT again and put a check in the following:

O16 - DPF: {2C0F2AEA-3A9B-46DB-A7BE-80FF329E415D} - http://213.201.69.103/data/dialercab...ernacional.cab
O16 - DPF: {2F29658D-FB92-4A4F-8FFF-0D1BC1BA52C5} (GlassRoomVoice Control) - http://chat.chatessentials.com/hosts...sRoomVoice.cab
O16 - DPF: {AF087E66-838E-4A97-8A0B-0DDDA5DEA239} (OTAutoInstall Class) - http://streaming.endeavors.com/micro...loads/OTAI.CAB
O16 - DPF: {C4CA6559-2CF1-48B6-96B2-8340A06FD129} - http://www.adbars.com/adbars.cab

Close all applications and browser windows before you click "fix checked".

What is the exact location of the virus?
 

1 more replies
Relevance 66.01%

I used to use MBAM and a couple of other scanners in safe mode,but most of these Anti-malware scanners do not recommend to run them in safe mode anymore.
Can I still run MBAM in safe mode or is it recommended? Should I be trying to run any scanners in safe mode?
Are there any tools to do this still?
I don't have cablevision so I watch TV and movies from various sites thru Flash players like Gorillavid etc.,and there are lots of malicious popups to be aware of. So I always want to run a scan at days end,any recommendations?

Answer:Virus scan in Safe Mode

Safe mode - Why not use safe mode?Safe Mode is a troubleshooting mode designed to start Windows with minimal drivers and running processes to diagnose problems with your computer. This means some of the programs that normally start when Windows starts will not run.Why use safe mode? The Windows operating system protects files when they are being accessed by an application or a program. Malware writers create programs that can insert itself and hide in these protected areas when the files are being used. Using safe mode reduces the number of modules requesting files to only essentials which make your computer functional. This in turn reduces the number of hiding places for malware, making it easier to find and delete the offending files when performing scans with anti-virus and anti-malware tools. In many cases, performing your scans in safe mode speeds up the scanning process. Scanning in safe mode was a recommended course of action years ago before malware writers began to employ more sophisticated techniques to counter removal efforts in that mode.Why not use safe mode? Some security tools like anti-rootkit scanners (ARKs) and programs with anti-rootkit technology use special drivers which are required for the scanning and removal process. These tools are designed to work in normal mode because the drivers will not load in safe mode which lessens the scan's effectiveness. Other security tools are optimized to run from normal mode where they are most effective. For example, ... Read more

5 more replies
Relevance 66.01%

Hi all Running win98se, Whilst trying to run scan disk in safe mode i keep getting the box 'scan disk has restarted due to other programs writeing in the background', or words to that effect. Can anyone tell me why i thought that safe mode would stop all this. many thanks

Answer:scan disk in safe mode

you must stop everything else running in the background such as virus checker and screen saver etc. control/alt/del will bring up a list of most things that are running but not all. possibly starting in msdos mode would be a better bet.

2 more replies
Relevance 66.01%

For the past few weeks my computer has been running really slow. Nothing ever comes up on virus scans or anti spyware and I've tried everything recommened on this site. However, when I try to run them in safe mode, I get an error message and can't do it. Does this mean there's a problem or am I doing something wrong?

Answer:Virus Scan In Safe Mode

Which specific programs were you trying to run in safe mode?

What kinds of error messages were you receiving? What did the messages say?

Orange Blossom

15 more replies
Relevance 66.01%

Hi all Running win98se, Whilst trying to run scan disk in safe mode i keep getting the box 'scan disk has restarted due to other programs writeing in the background', or words to that effect. Can anyone tell me why i thought that safe mode would stop all this. many thanks

Answer:scan disk in safe mode

Hi Hacky. A search in Google for the phrase "disk has restarted due to other programs writing in the background" shows that yours is not an unusual problem, and can be caused, among other things, by bad sectors on the hard drive, trojans or viruses click here.A suggestion I found was to run Scan Disk from DOS. click here, and the following is copied from that site:1. Click on start, shut down, and restart in MS-DOS mode.2. Now type CD\. and then press Enter on the keyboard.3. You will be at the dos prompt now: C:4. Type SCANDISK, and press Enter.5. This will start the process, and when it gets all the way through the numbers, and asked if you want to do the full surface scan, choose yes with your arrow keys, and press Enter on the keyboard. This will take a while, hours for most. Best to run this at night so it doesn't interfere with your daily computing. Just turn off the monitor, and walk away. In the morning, you can read the results, and then exit the program, and when you see your dos prompt again, C:\, then turn off your computer, and restart it.

1 more replies
Relevance 66.01%

Greetings to all, How do I scan Windows 7 64--bit in the safe mode ? Mod Edit:  Merged topics - Hamluis.  How do I clean Internet Explorer in Windows 7 64--bit ? Thank you. Claudis

Answer:How do I scan Windows 7 64--bit in the safe mode ?

Not sure exactly what you want to do but maybe this will help.  You might need to visit the Am I Infected Section to learn how to run/use malware tools to keep these things clean.
 
http://windows.microsoft.com/en-us/internet-explorer/manage-delete-browsing-history-internet-explorer#ie=ie-11
 
https://support.microsoft.com/en-us/kb/923737
 
http://www.bleepingcomputer.com/forums/t/44694/slow-computer/

13 more replies
Relevance 66.01%

First let me say that there is nothing wrong with my computer. I am just curious. I am interested in people's opinions as to the recommended environment for scanning for malware, that is, scanning using my anti-virus software, Malwarebytes, etc which I do periodically (every few weeks or so). Should the scan be done in safe mode? Would scanning in safe mode make it harder for malware to hide from the scanning software? Or is there no difference as to whether I can in safe mode or regular mode?

Answer:Should virus scan be done in safe mode?

Would scanning in safe mode make it harder for malware to hide from the scanning software?As rule, Malwarebytes Anti-Malware should always be used in Normal mode, as not all items are loaded, and are available for scanning.The company, Malwarebytes, has always said to use Normal mode when ever you can to scan.Because there can be problems when infected, they developed the Chameleon version, for use when Normal version is not working -Go - Start > Programs > Malwarebytes > Tools > Malwarebytes Chameleon -From there you can run the Safety Version that will work if you are infected or can only get Safe mode Your statement of scanning "every few weeks" is a bit "not reasonable", as you should Update and Quick Scan at least once a week to be sure of safetyI have Pro version on one computer, but only Free version on another one that I Update daily, and scan at least 3 or 4 times a week.With the average Quick scan only taking 4 to 5 minutes, it is no problem while I just make a coffee and it is finished - Thank You -Please ask further if you have more questions

2 more replies
Relevance 65.19%

Hi there! I got a problem regarding my PC, lately. i noticed that my pc is acting strange so i decided to run a virus scan with my anti-virus. but, it seems it automatically stops its scans. also i tried the Malwarabyte's Anti malware that my cousin recommended. Every time i run that program, it automatically closes and sometimes, my pc will restart on its own. We also tried running the computer on its safe mode but the PC restarts again..

Also, few hours ago. i can't access this site and even the site where i can download a new Anti Malware. browsing the internet is slower. i manage to access this site because i tried the rkill that my cousin also recommended, but i tried to run to MBAM again and i got the same result.. the computer restarts.. XD

I hope you guys can help me in my problem. thanks in advance and have a great day!

Answer:My PC wont run a virus scan / safe mode

-- Some types of malware will target Malwarebytes Anti-Malware and other security tools to keep them from running properly. Other types of malware may delete the main mbam.exe executable file during installation or when attempting to perform a scan which results in various errors. If that's the case, please refer to the suggestions provided in For those having trouble running Malwarebytes Anti-Malware for using Rkill or downloading a renamed version of mbam.exe. Do not reboot after running Rkill. Immediately after running this tool, you need to perform your scan with Malwarebytes Anti-Malware.Note: You may have to make repeated attempts to use Rkill several times before it will run as some malware variants try to block it. If you get an alert that Rkill is infected, ignore it. The alert is a fake warning given by the rogue software which attempts to terminate tools that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine.

3 more replies
Relevance 65.19%

I have an slow running windows 7 asus laptop. I see in task manager that my cpu usage is somewhere between 75-100% with no additional applications running. There is a suspicious atieclxx.exe running that will not allow me to close or open containing file.
 
I have scanned with an updated MBAM in safe mode with networking and got no results.
not sure where to proceeed...

Answer:cpu near 100%, MBAM SCAN IN SAFE MODE NO RESULTS

From an earlier (2012) post:
is it located in the folder C:\Windows\System32?
If not it can be malware.
To end it type services.msc into your start-menu searchbox, find amd external events utility and disable it, so it doesn't start at next boot.

4 more replies
Relevance 65.19%

dad left his computer to my sister, and it has fsecure AV installed. i cannot get it to scan in safe mode. the interface won't pop up. there are 3 icons to choose from on the "start" list, and the same 3 in the "all programs" list (with the addition of help). the most obvious icon that should get the desired result is titled "fsecure AV2006". left click gets no response. right-click>open gets an hourglass that lasts about 5 seconds. right-click>run gets a red X with a message that says C:\program files\fsecure\internet security\FSGUI\fsavgui.exe service cannot be started in safe mode.
a great company like fsecure wouldn't have an AV programme that couldn't be used in safe mode, would they?
any ideas would be most appreciated.

Answer:Unable To Scan In Safe Mode With Fsecure

YOU still can scan in normal mode? This behavior is typical for a trojan which blocks antivirus applicaqtions to start.Download and scan with SUPERAntiSypware Free for Home Users * Double-click SUPERAntiSpyware.exe and use the default settings for installation. * An icon will be created on your desktop. Double-click that icon to launch the program. * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Udates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.) * When done, select "Scan for Harmful Software". * There are three scanning options. Choose "Perform Complete Scan" and click "Next". * When done, a Scan Summary will appear with potentially harmful items that were detected. Click "OK". * Make sure they all have a checkmark next to them and click "Next". * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. * Click Preferences and then click the statistics/logs tab. * Click the dated log and press View log. A text file will appear so you can see the results. * Select close to exit the program. * Scan in SAFE MODEAfter that, download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.Reboot your co... Read more

2 more replies
Relevance 65.19%

hi, i can not defrag my drive because it tells me it has errors, it wont scan the disk because it keeps restarting, so i thought i would do it in safe -mode, and it still will not do it, owing to it keeping restarting, it said programmes are running..could someone PLEASE advise, it is doing me in....thanks

Answer:scan disk -safe mode -restart

sorry, it is win98se, thanks

4 more replies
Relevance 65.19%

I have a slow running windows 7 asus laptop. I see in task manager that my cpu usage is between 75-100% with no additional programs running at startup.IThere is a suspicious file named atieclxx.exe that will not open containing file and not end. I aslo followed this help in another post: "To end it type services.msc into your start-menu searchbox, find amd external events utility and disable it, so it doesn't start at next boot." there is also two desktop icons named "desktop" that i did not create. scanned with mbam in safe mode with networking and found no results. ATTACHED are the FARBAR  LOGSthanks in advance.Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-08-2015 01Ran by Dobbie (administrator) on DOBBIE-PC (15-08-2015 20:33:31)Running from C:\Users\Dobbie\DownloadsLoaded Profiles: Dobbie (Available Profiles: Dobbie)Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: FF)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(AMD) C:\Windows\System32\atiesrxx.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe(AMD) C:\Windows\System32\ati... Read more

Answer:cpu near 100%, MBAM SCAN IN SAFE MODE NO RESULTS

Greetings leftwheel and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that. ===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

39 more replies
Relevance 65.19%

I am using a emachines w 797 MHZ and Windows XP 2002 with SP1

I want to scan my computer for viruses in safe mode. Is there another way to get to safe mode. I always have GOBACK installed.

Thanks
 

Answer:Solved: Scan for Virus in Safe Mode

7 more replies
Relevance 65.19%

After a disaster a couple months ago - that you guys helped me to recover - I've been following some of the procedures with MBAM, DrWeb Cureit, TFC.exe, etc... on a regular basis. I have The Shield Deluxe as my resident antivirus package and Windows' standard firewall. I can't seem to run a DrWeb Cureit in Safe Mode. It gets about 10-15 minutes into the initial scan, then the PC reboots on its own.

Please don't tell me I'm infected again. It runs fine under a regular bootup. Neither it nor Shield Deluxe (same as BitDefender), are catching anything though.

Thoughts?

Thanks.

Tom

Answer:DrWeb won't complete scan in Safe Mode

Try a fresh download
Do you use Winpatrol or Spybot S&D's Teatimer function?
Anything that monitors and disables registry changes need to be disabled

2 more replies
Relevance 65.19%

anybody know why this would happen ?

first i did an ewido scan in safe mode, and then in normal mode:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:31:41 PM 9/23/2006

+ Scan result:

Nothing found.
::Report end

there was actually 3 infections though in the above scan, don't know why it said 0,

and now normal mode:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:00:45 PM 9/23/2006

+ Scan result:

:mozilla.10:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\oq7cdmrj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\oq7cdmrj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\oq7cdmrj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\oq7cdmrj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\oq7cdmrj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles... Read more

More replies
Relevance 64.37%

I am trying to help a friend figure out what is wrong with his computer, I am by no means computer saavy, just trying to help and hoping someone will respond with the answers we need.
First at start up he is getting the following error: "Procedure entry point get process image file name could not be located in the dynamic library PSAPI.DLL"; he's been given many ideas from others at to what's wrong, some said it has something to do with a Smart Bridge for Verizon but he doesn't have Verizon he has SBC DSL or that it's caused from Internet Explorer 7 Beta's (I'm not sure if he installed a Beta Version or not, will have to ask him), they said he just had to get rid of IE 7 Beta to fix the problem, just use a different browser such as Firefox. I have both IE 7 and Firefox on my system and I know from my own experiences that not all web sites work with Firefox even with my Agent Switcher add-on it doesn't work so I need to use IE on those sites so he really doesn't want to get rid of IE unless there is no other solution. We are just so confused and lost as to what to do!
I am wondering, if he does have a Beta Version, can he just uninstall it and download the regular IE 7, will that fix the PSAPI.DLL error????
Secondly, and most importantly I think, he can not run a DOS Virus Scan in Safe Mode, gets some kind of "path not found" error, he has McAfee Security software and when he spoke to them they told him it's... Read more

Answer:Virus Scan in Safe Mode will not run & PSAPI.DLL Error

If he might have a virus, the best thing to do is to go to this page http://forums.majorgeeks.com/showthread.php?t=35407 and follow all the instructions and see shows up. Then if there are signs of infection, ask for help in the malware forum and see if that resolves all the problems.
 

2 more replies
Relevance 64.37%

Hey guys-
I'm running through all your spyware steps for the third time and when I go into safe mode to run Trend Micro's and Symantec security check Zone Alarm keeps shutting them down at the end of the scan thinking someone is trying to hack my computer- so I'm not getting the final results. I'm running Win XP SP1/Dell Dimension 8300/2GB RAM. Is is safe to shut Zone Alarm off during the scans??? Thanks for any help.

Dave
 

Answer:[B]online scan and zone alarm in safe mode[/B]

No do not shutdown ZoneAlarm. Try running the scans in normal boot mode.
 

11 more replies
Relevance 64.37%

Hi... Im hoping you can help me.... I am having problems with my xp... It is freezing and rebooting by its self.....I have tried to scan with several on line scans, and have tried to scan with MCAfee, Norton and they all freeze before i'm able to get a full scan finished.... Before my Norton froze i did pick up that i had a w32.spybot.worm..... I had thought i had gotten rid of this but my computer is still doing the same.... I also ran a xoftspy scan and it came back with something called troj/anaFTP-01.... I have also noticed that my recived bytes are really High as of this min they are 6,023,307 im not sure if this is normal or not)and my sent bytes or 896,397... PLEASE PLEASE IF you have any suggestion please let me know.... ALSO I HAVE TRIED TO SCAN IN SAFE MODE IT STILL FREEZES>>>HELP
THANK YOU,
CARLAMICHELLE

Answer:Computer is freezing and rebooting byt its self.Have tried to scan in safe mode

Please do NOT double post. I answered in your first thread. If you can't scan in safe mode..then move on and follow my instructions using hijackthis.

1 more replies
Relevance 64.37%

I see a lot of suggestions stating to do the Virus &/or Spyware scans in "Safe Mode". Is that a good idea? When should you scan in normal mode or safe mode? Whats the difference?

Answer:Should All Virus & Spyware Detectors Scan From "safe Mode"

I run my AV/Spyware scans in Safe Mode, when these programs are having trouble getting rid of a particular file, or I suspect that my computer might be infected.Otherwise, I do my regular scanning in Normal Mode.Definition of Safe Mode

2 more replies
Relevance 64.37%

I have a possible 'false positive' that was found by running the a-squared scanner namely Antivirus Gold.click hereI am unsure whether it is a false positive or not but I don't think it is as after doing a Google search I came across a website that mentioned 3 HJT entries namely:O4 - HKLM\..\Run: [AntivirusGold] C:\Program Files\AntivirusGold\AntivirusGold.exe /h O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\System32\winnook.exe O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\System32\hookdump.exe After running Hijack This I checked my log and couldn't find these 3 entries so I assume I am clean?Just to satisfy my curiosity I ran the a-squared scanner in SAFE MODE and when I did this NOTHING was found!How is this possible? As it WASN'T found in Safe Mode does this indicate that the suspicious entry IS a false positive after all?p.s. I have asked this question on the a-squared forum but have so far not received a reply :0(

Answer:a-squared scan query and Safe Mode in Windows XP

Have a look here.click here=

10 more replies
Relevance 64.37%

I've never posted before so bare with me. 
I've noticed my computer behaving /wrong/ specifically when running chrome and a certain game. 
In chrome the following things happen
1. On startup it doesn't do what I've told the settings to do
(I said open latest tabs, but it shows me a blank page, but history still shows those tabs available. 
2. When I try watching netflix, it says my components are not updated, I click go to components and see that all the components have the "no updates found" and then I click "check for updates" and the /thing/ switches to "component not updated" normally it would update then. 
3. When trying to switch tabs it takes a few seconds to recognize my click, the pages run at normal speed individually. 
4. When trying to search in the address bar it takes up to a minute to register I clicked, and when I type it takes a minute to load(but I can type while it's frozen) This is the same for the search bar in "new tab"
5. I have many (4) adblocks, but I've had those for a while and never had problems
6. When I click (sometimes) it opens a new page to malicious software, (flash is needed to be updated)
In my game(s) this happens
My CPU jumps from about 20% for 10 seconds to 60% for 10 second back down to 20%, over and over and over again. It doesn't stop. 
(I have intel core i5 4600(or 6400))
In game the framerate goes from 25fps(at 20%) to 4fps (at 60%) 
So I decided to run some antifirus programs, 
I downloaded p... Read more

Answer:Crash during virus scan in safe mode (windows 8.1)

Welcome Silvershade to the Bleeping Computer Community  There are 2 initial factors based on your post that could be causing your problem, but we need to ask some question and post some scan logs by following the instructions below. Your computer may be experiencing high CPU usage due to thermal events, conflicting softwares installed or some PUP/Adwares or infections may be involved. Download SecurityCheck.exe from Here. Run SecurityCheck and follow the instruction from inside the code box.. When the scan is finished, a notepad will automatically open as check.txt   Please copy and paste the contents here on your next reply. Download Speccy and then install the program.  To post and publish a snapshot of your PC.. In the Menu bar, click File -> Publish Snapshot. Click Yes > then Copy to Clipboard. On your next reply, right-click on a empty space and click Paste on reply box then click Post. Download MiniToolBox and run the program. SelectList Last 10 Event Viewers, List Installed Programs and List Users, Partitions and Memory Size then click Go.A notepad will open then copy-paste the report on your next reply.

18 more replies
Relevance 64.37%

i have a laptop that has the Blue Screen due to possibly a virus/trojan. is there a way i can use a free online virus scanner via Safe Mode w/ Networking? if so, how?
 

Answer:possible to run free online virus scan via safe mode?

Boot to Safe Mode with Networking and try it...
 

3 more replies
Relevance 64.37%

Hello.

Case scenario: A PC has 2 user Computer Administrator accounts such as CairoHacker & speed in this picture: http://www.codeproject.com/KB/winsdk/ShareWinXp/3.jpg

If I boot into safe mode in lets say the account 'speed' to do scans for viruses and spyware, will this also remove viruses and spyware from 'CarioHacker' account? Or do I have to boot into safe mode in each account to do the scans?

Also lets say in another scenario that the account CairoHacker was just a limited account, would scans done in the account 'speed' also clean up malware in the CairoHacker account?
 

Answer:Do I need to scan in multiple Safe Mode accounts in Windows?

First, it would be best to run the scans in normal start up mode. Most of the times, all you need to do is scan in an account with Admin. privileges. If there are multiple accounts with Admin. privileges, then it sometimes becomes necessary to scan the other accounts with just SAS and MBAM to see if there is anything that got missed. Does this answer your question?
 

6 more replies
Relevance 64.37%

I'm running MS Vista Home Premium. The computer hangs 5-10 seconds after boot up. It does not give me a chance to run virus scan in normal mode. When I log in Safe Mode, it lets me run the virus scan (AVG) but then hangs again after 5 minutes in the middle of the scan. I have also tried running a portable virus scanner (ClamWin Free Antivirus) but even that hangs. I ran Hijack This, DDS and GMER and am attaching the logs below. Any help is greatly appreciated...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:55 PM, on 13-02-2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Ritika\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer&#... Read more

Answer:Vista Hangs even while running Scan in Safe Mode!

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/442573 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 64.37%

Guys,

As much as I love Norton, I have ALWAYS had problems running the Program Scan option in Norton IS. It worked the first time I configured the firewall when I set up the computer 7 months ago. Since than, about 80% of the time it will crash anywhere from 10% of the way through to just about all the way through. My question is, can I run the program in Safe Mode? I think this manual configuration is designed to be used only when you first set up Norton IS to confirgure your firewall, which is the ONLY time it worked on my computer all the way through. (Maybe one other time, but that's it.) But I wanted to see all the Internet Programs on my system and think I have too many running processes in the background which is causing the crash. Can it be run in Safe Mode?

Jack
 

Answer:Norton IS 2004: Can I run program scan in Safe Mode?

Hi, No, I would say it should not be, as most of the things running would not be working in Safe Mode, for one thing.

That's what Safe Mode is, a diagnostic mode....lots of things do not load when you start in Safe Mode.

If the thing is not checking what is running live, then maybe you could see what programs have had access or been blocked... but if it is reflecting realtime monitoring, most of the things that normally run wouldn't be shown.

You can try, that shouldn't harm anything.

Maybe pick Safe Mode with Networking if you have XP
 

1 more replies
Relevance 64.37%

My administrator disabled task manager when i tried to scan in safe mode neither d antivirus or windows defender will run

Answer:Antivirus will not run in safe mode

that is a virus defenitly a virus try to use command prompt if th works personal message me.else Download malwarebytes anti malware and rename the setup file to something random like sdggfhf and run it and install it.if the setup dosent terminate it will work.now goto the place were you installed malwarebytes rename the file mbam.exe to a random name too and run it.if it starts run a quick scan and remove the viruses then run a full scan.after all this is over(if)the task mgr will still not work.but i ll tell you how to after.

2 more replies
Relevance 64.37%

Hi
 
I downloaded dodgy file last week. Afterwards my antivirus (Vodafone PC Protection) wouldn't run normally or in safe mode. Neither would AVG or malwarebytes. Before malwarebytes stopped its scan I glimpsed a message saying something like boot files hidden.
 
I decided to reinstall OS using drive partition.
 
Everything seemed fine until yesterday when I found a message saying the laptop had just recovered from a blue screen crash. Then this morning everything froze on startup. 
 
I can currently boot in safe mode but I can't run the antivirus.
 
I've just run Kaspersky TDSSKiller in safemode and when I included 'Loaded Modules' among objects to scan it reboots to normal, bypassing safe mode, then freezes at 75% installation of the Kaspersky utility. I can't copy and past the report. 
 
I guess my partition drive must have been infected as well. Any help would be greatly appreciated.
 
 
Evolver
Edited by hamluis, Today, 07:46 AM.Moved from Win 7 to Am I Infected - Hamluis..
 
Moderator Edit: Moved from the AII forum to the Malware Logs forum Due to Combofix Log
Roger

Answer:Antivirus won't run in safe mode

Have removed PUP.Optional.Conduit via MWB and a ton of trackers via Hitman Pro but the AV still won't open. 

5 more replies
Relevance 63.55%

Hi XP Pro freezes during AVG virus scan and it also hangs when I try to reboot in Safe Mode.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:00:53, on 18/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.eircom.net/
R1 - HKLM\Software\Microsoft\In... Read more

Answer:XP Pro freezes during virus scan, unable to boot in Safe Mode.

Hello and welcome to TSF

Hijackthis Uninstall List

* Start HijackThis
* Click on the Config button
* Click on the Misc Tools button
* Click on the Open Uninstall Manager button.
* You can click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into your next reply.

Also post a new Hijackthis Log.

3 more replies
Relevance 63.55%

I need help really bad, I need my computer for school! It just turned off on its own one day and when i restarted it, it had an antivirus dialog box popping up and my background pic and thats it and it wouldnt let me in. Now it shows the background pic, no icons or my taskbar. I can get in safe mode with networking but i cant run a virus scan, and i just downloaded charter security suite that i got from the company im using. P.S. They told me to delete my virus protection when i signed up for the internet (not telling me correctly that i couldnt download their package security suite til i got my first bill in the mail w/my security code) and my luck...this happened two days before i got my bill.   

Answer:My computer is only working in safe mode and wont let me run a virus scan!

1) Never run your system without a GOOD antivirus utility installed and resident.2) Download a boot time antivirus utility and create a cd with it (Avira, Avast, Bit Defender, etc). Boot to that cd and run an av scan at boot.

3 more replies
Relevance 63.55%

A friend passed me her laptop saying it was slow and needed a clean up. Encountered several different antivirus programs, various startup issues. 
 
Tried to run an MBAM scan in safe mode and after 2-3 mins the laptop straight crashes (no BSOD or anything, just turns off). 2nd attempt happens again. Attempted to run an ESET Online in Safe Mode with Networking and same type of crash. Switched to regular login and attempted a Trend Micro Housecall and after 1 min laptop crashes again. Here is DDS scan log. Thank you for any help.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16750  BrowserJavaVersion: 10.7.2
Run by Rachel at 23:37:40 on 2014-03-03
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.2807.1161 [GMT 0:00]
.
AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Win... Read more

Answer:Safe Mode MBAM Scan causes repeated laptop crash

Hello GavinSpavin,

Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

   Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  I will be analyzing your log. I will get back to you with instructions.  1.Uninstalling A Program Through "add/remove"Click "start" on the taskbar and then click on the "Control Panel" icon.Please doubleclick the "Add or Remove Programs" iconA list of programs installed will be "populated" this may take a bit of time.If they... Read more

11 more replies
Relevance 63.55%

As I stated on my other post, my computer has been formatted for a month now. I?m using windows XP. My main antivirus (McAfee) just can?t complete a whole scan without the pc restarting by itself. It happens with all antivirus and anti malwares and some other kind of programs too. I just don?t know what to do anymore.

On the other post someone told me to try my scans on safe mode. McAfee restarted, SpyBot closed and couldn?t get open again and stinger had to close. Only hijack worked all the way through. I have disabled windows restore.
This is the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:18:03, on 3/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe
c:\ARQUIV~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Softw... Read more

Answer:All Antivirus Canīt Go Through Even In Safe Mode (hijack Log)

Hello katia and welcome to BleepingComputer!Apollogies for the delay. The forum has been very busy lately. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log.Thanks,Johannes

3 more replies
Relevance 63.55%

Okay so I am having major problems! Run ning Windows XP First I started getting all these porn popups and nothing made them go away. So I ran a Ccleaner, and Spybot S&D. I was prompted to reboot. I did. when I got to log in screen, it immediately prompted an automatic reboot citing a NT Authority\system reboot. So I rebooted in safe mode with networking, came here and have tried to follow read and run me first. Now every time I try to run SuperAntiSpyware, it starts to run, shows 2 trojans and something else, then stops running and I no longer have access to it. So I tried running malewarebytes (also renamed it mb.exe). Same thing. Starts to run, dissapears then I no longer have access to it. Happened to spy bot S&D. Came here and tried to access the online SuperAntiSpyware. No go. Runs, picks up 2 Trojans and quits working. HELP!!! I can not boot in normal mode.
 

Answer:Can not boot with out safe mode can not run any antivirus

Not trying to bump, I have an update...


I finally got combofix to work. Ran it. It detected a rootkit. It removed a bunch of infected stuff. This allowed me to boot in normal mode and download/run malewarebytes
I've also attached a couple of logs. Not sure if they are time stamped. But the order of running was
Root repeal last night
CF alog fter running it
Malwarebytes


I still can not run SAS but am actively trying.
 

6 more replies
Relevance 63.55%

I have a host of problem that have developed of late. I installed a file conversion program called Audio Convert and during the install some odd 'windows related" messages came up. Awhile ago you helpedme solve an issue regarding a "No Disk" error. You saw that I had no antivirus engine and I've been tring with my IS{P to get their program working but still have had no luck, you suggested AVG and I tried and failed to get it to install and load properly. After that little incident recently, I've lost my "Run" button, after clicking stat, I ahve no Shut Down/REstart buttons, instead I have a switch user button. I lost my Msconfig, and can't restart in safe mode, in any of them, the computer goes into a restart.



I've got an HP Pavillion m7480n, P4 930, 2G of RAm, Wndow XP Media Center Edition, it's 2 months old



Can you help?

 




Relevance 63.55%

A friend brought me a computer because Anitvirus Security Pro would keep running on her laptop. I have had this on different computers and have been able to clean them but this one is really a beast.
 
Her system is running Win 7  the laptop is not allowing the system to boot in Safe Mode and It will also not allow access to Regedit or MSCONFIG. Any suggestions on getting control of the system back?

Answer:Antivirus Security Pro - won't allow Safe Mode

here is my frst file
 FRST.txt   19.44KB
  2 downloads

28 more replies
Relevance 63.55%

Help I cannot get ito safe mode to remove Antivirus Security Pro! Please can someone help me?!

Answer:Antivirus Security Pro - won't allow Safe Mode

I also am running win7 64bit

6 more replies
Relevance 63.55%

Hi, i am new to this forum and i have a pretty big problem with my computer. Dell Dimension 4550, windows xp home edition, service pack 3.

I first encountered the problem when i was bombarded by a ton of popups of random things in internet explorer, but i use opera as my main browser. so that was odd. The popups then turned into an automatic installation that looked to be authentic windows security center, but was a fake, and i could do nothing about it. if i ended the process, another would start.

The popups have now stopped, i ran superantispyware and found many viruses. I fixed all, but when i log onto windows, i get error messages of missing .dll files: ntuser.dll, calc.dll, sinuvili.dll, pofutuva.dll.

Another problem is my safe mode. when i attempt to run, a blue screen appears stating that windows has shutdown to prevent damage to computer, and at the bottom of screen i see: *** STOP: 0x0000007B (0xF7A46528, 0xC0000034, 0x00000000, 0x00000000)

I saw in another forum that to fix this, i could boot from the original xp disc, select "R" to repair, and enter "CHKDSK /R". I tried this, but nothing happened.

Another observation is my computer clock, it has changed to military time.

I have now tried to run a HIJACK THIS log, but i wasn't able to. So i ran rsit.exe, and came up with the attached log file.

Can someone please look over the log file and tell me if there is anything i can do? i am lost when it comes to this.

Thank you, ... Read more

Answer:Cannot Run antivirus programs, or run in safe mode.

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Go to Start > Run and copy/paste the following into the Run box and click OK:

C:\rsit\info.txt

A text file should open. Please post the contents of that file in your next reply.

------------------------------------------------------

I need to see a gmer log in order to help you.

Delete your existing copy of gmer. Please run this special version of gmer:

Download GMER Rootkit Scanner from here and Save it to your Desktop. Double-click gmer.exe to run it. If asked to allow gmer.sys driver to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Uncheck the following ...Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it... Read more

2 more replies
Relevance 63.55%

Okay so I am having major problems! Running Windows XP First I started getting all these BAD popups and nothing made them go away. So I ran a Ccleaner, and Spybot S&D. I was prompted to reboot. I did. when I got to log in screen, it immediately prompted an automatic reboot citing a NT Authority\system reboot. So I rebooted in safe mode with networking, tried to run antivirus. then I tried to run SuperAntiSpyware, it started to run, showed 2 trojans and something else, then stoped running and I no longer have access to it. So I tried running malewarebytes (also renamed it mb.exe). Same thing. Starts to run, dissapears then I no longer have access to it. Happened to spy bot S&D. Tried to access the online SuperAntiSpyware. No go. Runs, picks up 2 Trojans and quits working. HELP!!! I can not boot in normal mode.

I can not run a Hijackthis....

Answer:Can not run Antivirus, can only boot in safe mode

You mentioned that you booted into safe mode with networking.
Have you tried regular safe mode?

3 more replies
Relevance 63.14%

Hey guys. The problem first began when i was using google chrome and my laptop just hung and went completely unresponsive. When i force shutdown and restarted it started fine but the next time i opened chrome it hung again. This time the restart in normal mode just went from the windows logo to a blank screen. When i stared in safe mode and ran my avg command line scanner it found 106 infections but wasnt clear on its actions against it. Whenever i run this scan i can start it on normal mode again and seems to function normally but clicking on chrome brings back those problems. when i tried using firefox it slowed down and went unresponsive too. After a few days of normal usage i started getting BSODs quite frequently (usually a few minutes after normal startup and desktop access...and today after happening twice in normal mode ive only been able to see my screen in safe mode. the command line scanner brings the same results. Cant seem to do a boot time scan with avast as it just goes from the windows logo to blank screen. Any advice? 

More replies
Relevance 63.14%

Hi Folks.
I am new to the forum.
One of my PCs is acting strange. XP SP3 system.
Cleaned some things with Mbam.
But noticed that when I boot into Safe mode, McAfee Real Time scanner is off. If I turn it on, 3 seconds later it gets turned off. Seem like a virus.
McAfee scans are clean. MBam scans are now clean.
Several online scanners come up clean
several free scanners come up clean (occasional tracking cookie)
Combofix runs to stage 50, prints "deleting files" and the PC immediately reboots.
Usually jusched.exe crashes after startup.
Feels like something is lurking in there.
Any help is appreciated.
Below is the HJT log.

Thx.
David

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:32:37 PM, on 2/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExS... Read more

Answer:Mcafee Real time scan disabled in Safe Mode - Infected?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the ... Read more

2 more replies
Relevance 62.73%

Please help,

I'm running windows xp SP2 and have acquired "antivirus 2008". I tried following the steps in one of the forums disabling the needed things in AVG, and spybot, installing sdfix, and when I attempted to enter safe mode using the F8 method, I was unable to use the up/down arrows or the ones on the number key pads to select safe mode. I'm at a loss at this point and a newbie to the forum. I've attached a log from hijack this.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:03 AM, on 15/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sstray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files... Read more

More replies
Relevance 62.73%

Help, I cannot load Norton antivirus 2005 in safe mode (windows XP - service pack 1).

It generates an error and says the symantec integrator has generated an error??

Any ideas how I get this service started manually?
 

Answer:No Norton Antivirus 2005 in SAFE mode

Norton will not install in Safe Mode.
 

5 more replies
Relevance 62.73%

Greetings All!
I'm reaching out to the Pro's.

Huge mess on my bosses laptop - kids used it need I say more. It started with Internet Security 2010 which I thought I had removed and now Antivirus Live is in there. I can't get McAfee to load, rkill is now detected and blocked, won't work, can't get network connection any more. All this in just 6 hours yesterday!

I can't get on line to get HJT nothing is being allowed to run other than the fake infection warnings. This is a WinXP media center OS running IE7.

I'm open to suggestions, and need some help.
 

Answer:Antivirus-Live not able to boot into safe mode

16 more replies
Relevance 62.73%

We have a user who got the Antivirus Security Pro virus and I'm trying to remove it. All "how-tos" say to boot into safe mode, but this version of the virus won't allow me to do so, either with command prompt, networking or without. Without safe mode, I'm not sure how I'll be able to remove it. Any ideas would be great.

Answer:Antivirus Security Pro Removal - No Safe Mode

I'll report this topic to appropriate helpers.
1. Please let us know what Windows version you have and if it's 32- or 64-bit.
2. Is the computer bootable in any mode?
Hold on there....

2 more replies
Relevance 62.73%

Hello my name is Austin,
 
As many other posters this past month, my father recently got infected with the Antivirus Security Pro Malware. I built this computer 8 months ago for my father, so I'm almost responsible for anything wrong with it. I'm a novice at most programming lingo, but I am really good at following processes, as it's what I do for a living. I WILL be donating to the person helping, my father needs his computer to do work this weekend. So before we start this process, I want to say "Thank You" in advance.
 
Any way, I tried doing the bleepingcomputer.com solution for the malware, but I have not been able to enter safe mode (shuts down soon after log in).
 
I read a post today on the first step of run the frst.exe file in the infected computer. Please let me know if you prefer for me to paste the report results within my post or attach the file. Here are the text results:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-IPBE6V6 on 18-10-2013 17:10:41
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] - "C:\Program Files\Microsoft Security Client\msse... Read more

Answer:Antivirus Security Pro Malware - No Safe Mode

Justsalsa,
 
 
to BC Forums!!
 
Thanks for the FRST report. I am presuming it was run from a USB pen drive.
 
Let's see if the following works for you to remove the Antivirus Security Pro Malware ...

  Please open Notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below
Save it to the USB pen drive, and name it: fixlist.txt
 
start
HKLM\...\Run: [MSC] - "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey
HKLM-x32\...\Run: [] - [x]
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{c2c37fed-cd7d-2662-80ff-1651ebb34c7f}\   \...\???\{c2c37fed-cd7d-2662-80ff-1651ebb34c7f}\GoogleUpdate.exe"
C:\Users\RichardRice\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
C:\ProgramData\pvqdkqkjvbllroblbxh.reg
end

Once again, run FRST64 as you did before.
When the tool opens click Yes to disclaimer.
Now, press the Fix button, just once, and wait.
 
When done, FRST produces Fixlog.txt on the USB pen drive.
 
>> Please provide the Fixlog.txt on your reply.
 
 
  If (which I doubt) the computer is still under the 'spell' of the Antivirus Security Pro Malware, look for its shortcut on your Desktop .
Next, go to Control Panel > Folder Options
Click the View tab
Select/check: Show hidden files, folders and drives
Click: Apply > OK
 
Right click on the Antivirus Security Pro icon on... Read more

3 more replies
Relevance 62.73%

I am newly registered to this great site. I am also a very infected Dad trying to remove Personal Antivirus from our family computer. I could not download/then launch Malwarebytes tool in normal mode. I am now following another thread trying to progress in save mode...

Any help advice is appreciated running malware quick scan...

Safe mode allowed download and quick scan now completed
Malwarebytes' Anti-Malware 1.38
Database version: 2283
Windows 5.1.2600 Service Pack 2

6/25/2009 8:07:06 PM
mbam-log-2009-06-25 (20-07-06).txt

Scan type: Quick Scan
Objects scanned: 112670
Time elapsed: 13 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 157
Registry Values Infected: 12
Registry Data Items Infected: 0
Folders Infected: 31
Files Infected: 193

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfu... Read more

Answer:Safe Mode Stage Personal Antivirus XP

For what its worth after copying th deleted files into this thread and closing down the priogram in safe mode and restarting in normal mode I was able to access the malware program and have found an additional 21 infected files full scan continues.....more to follow..

3 more replies
Relevance 62.73%

i have some error while installing antivirus BIT DEFENDER in normal mode so i am trying to use safe mode but i am scared that what will be on that case
will any features be missed out when we install in safe mode rather than normal mode?
ANY DEMERITS PLZ MENTION

More replies
Relevance 62.73%

Computer infected with Antivirus Security Pro; cannot successfully log on with Safe Mode as computer reboots at log on.

Answer:Antivirus Security Pro will not allow me to boot up in Safe Mode

KellyV6726,
 
to BC Forums!
 
When you start the computer and tap the F8 key until you get to the Advanced Boot Options menu, are you able to use
the arrow keys to select the Repair your computer menu item?
 
From there...
Select your language settings, and click: Next
Select your User account and click: OK (If you did not set a password, leave blank.)
 
On the System Recovery Options menu do you get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors
Command Prompt
 
Are you able to select the Command Prompt?

7 more replies
Relevance 62.73%

after installing norton internet security2003computer will ony start in safe mode then certain programmes wont run have tried unistall but it wont uninstall os/windows 2000me.also get messagedriver installation failed ..how do i fix

Answer:norton antivirus computer in safe mode

Here are a few options for uninstall click hereIf none of these help then go back to 'support' and start again, putting in your version info etc and you may be able to find something on the knowledge base to help you

1 more replies
Relevance 62.73%

Please let me know if there is anything I can do to get rid of antivirus live. My computer will not run any security software and it will not go into safe mode.

Answer:Can not get into safe mode and laptop has antivirus live

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. I currently have as many open topics as I can effectively handle; this will have you back in queue with the proper logs so an available helper would be able to assist.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 62.73%

My husband's friend brought his computer over. He thought he had a simple hijack situation. Whenever he opened IE, Firefox, Nortons, etc it woudl immediately close. My husband has tried numerous things. He cannot even get these programs to run in safe mode. Even in safe mode, these programs immediately close. We dont even know what we're trying to kill. Any suggestions???

Answer:Cannot run antivirus, antimalware, or internet even in safe mode

Sorry, he is on a Dell laptop, running XP.

1 more replies
Relevance 62.73%

HI GUYS. I badly need help. My PC is acting weird. The symptoms are enumerated below. Suggestions are very much welcome. I found a similar thread with almost the exact symptoms. The guy found a solution. I am really hope I'll find mine. Please do take time to read my post.


SYMPTOMS:
I first found out about the infection about two days after the internet connection at home was restored.(My provider had a routine maintenance check up for the lines in my neighborhood.) I can't really say when is the exact date of the attack. So here is a list of symptoms of the infection/attack?.

1. McAfee anti virus stopped working.

2. Can't install anti virus. Tried to install other anti virus. The list includes AVG, Kaspersky, and Nod 32 but all failed.

3. The IE and opera browsers does not work but firefox is fine.

4. Can't connect to Yahoo! Messenger. Prompts a message telling to try again. Every time I do, it prompts the message again.

5. Can't boot in safe mode. When I try to boot in safe mode, it loads all the drivers and reboots again. Normal mode is fine.



WHAT I TRIED TO DO:

Note: Since my pc is sooooooooo slow, I reformatted my pc hoping the problem would go away. Unfortunately, it didn't do anything good with regards to the infection. It did make my pc a little bit faster though. Also, I can now use the opera and ie. Still, the problems persist.


1. Installed SuperAntiSpyware. Scanned pc and detected infections. The Lo... Read more

Answer:can't boot in safe mode; can't install antivirus

Assuming you are trying to run the Read and RUn First instructions, you don't mention whether you tried running ComboFix and MGTools......we need more than just the SAS log to see what is happening in your system.

And yes, I would advise staying off the web (physically disconnect) until you have to attach logs here.
 

1 more replies
Relevance 62.73%

My dad's flash drive was infected with Antivirus Security Pro, yesterday I plugged it into my laptop and it got infected
I tried to remove it as I did on his computer but I just doesn't let me boot into Safe Mode, as it automatically reboots the system
I've googled about this and read some topics on this forum about this
as I read some things about the virus getting smarter, I've already did those FRST things and here is the log, as I know there's one specific way to do to each user
I'm posting on this section cause I realized I could've posted on wrong section before

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-09-2013 01
Ran by SYSTEM on MININT-2JK5KHB on 28-09-2013 21:05:33
Running from G:\
Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
[b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b]

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [L... Read more

Answer:Antivirus Security Pro won't let me boot into Safe Mode

Hello pedrofortunato I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the... Read more

25 more replies
Relevance 62.73%

Hey Forum!! I have a lappy here with a special version of this normally easy to remove virus and I need some assistance. Per other forum post instructions, I have scanned with FRST and here is my log:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by SYSTEM on MINWINPC on 07-10-2013 11:15:50
Running from F:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [hpqSRMon] - [x]
HKLM\...\Run: [HP Health Check Scheduler] - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM\...\Run: [Microsoft Default Manager] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM\...\Run: [AS2014] - C:\ProgramData\gX3ga333\gX3ga333.exe [550552 2013-10-04] ()
HKLM\...\Winlogon: [Userinit] c:\windo... Read more

Answer:Antivirus Security pro cant boot into any safe mode

Hello Huludrock I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same... Read more

3 more replies
Relevance 62.73%

I read the Antivirus Security Pro Removal Guide for this site but I cannot get into safe mode.  The F8 key doesnot work and I cannot run msconfig either so i am kind of stuck.  HELP

Answer:Antivirus Security Pro removal but cannot get into safe mode

Hello ac lets see if we can get a DDS log as per this guide...Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.Let me know if all went well.

7 more replies
Relevance 62.73%

I may be infected with a virus. I am scanning using Norton right now and OneCare won't turn on its firewall, telling me that I am 'At Risk'.

If nessesary, could I install antivirus software like Norton on my computer using Safe Mode? Note that it is likely I have been infected.

If you need anymore information, please feel free to ask.

-Elk

EDIT: Also know that recently my computer had been randomly freezing in the past three weeks. I remember I stumbled onto a website where it suddenly told me that 'MY COMPUTER WAS INFECTED'. From experience I knew it was spyware, and instead of saying YES or NO on the warning popup, I clicked the X. Norton immeditely told me I was infected and tried 5 times to remove it. Then the warnings from Norton stopped, thinking that it finally got the trojan.

More replies
Relevance 62.73%

Hi all, First time here at BleepingComputer.com. I just took a look through some of the forums and it looks like there's a fellow named "Gringo" who is adept at this one and may be able to help me out. I've got a computer that has the Antivirus Security Pro virus on it and it's beating me up pretty badly. I can't boot into safe mode, nor can I load any programs to clean it up. What can I do to get this off my system? Thanks for the help. DK.Edit: Moved topic from Anti-Virus and Anti-Malware Software to the more appropriate forum. ~ Animal

Answer:Antivirus security pro won't let me boot into safe mode

I'll report this topic to appropriate helpers.
1. Please let us know what Windows version you have and if it's 32- or 64-bit.
2. Is the computer bootable in any mode?
Hold on there....

4 more replies
Relevance 62.73%

Hello,

I am unable to remove a stubborn rootkit problem from my computer. Even in safe mode, I am unable to run any antivirus program or Malwarebytes.

I checked Non Plug and Play drivers, but did not see anything suspicious except "Catchme".

Any help would be appreciated. The logs are below and attached.

Thank you,
Shootmenow

DDS (Ver_09-12-01.01) - NTFSx86 MINIMAL
Run by Administrator at 9:40:45.03 on Thu 12/31/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1976.1721 [GMT -6:00]
============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\system32\svchost.exe -k netsvcs
D:\WINDOWS\Explorer.EXE
D:\Documents and Settings\Administrator.NLM-DUSTINB\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\progra... Read more

Answer:Cannot run Malwarebytes or any antivirus software even in Safe Mode

I tried running ComboFix a couple of times. During the Completed_Stage_2, I get the following error:PEV.cfxxe has encountered a problem and needs to close.After hitting close, ComboFix continues to run and spits out this log:ComboFix 09-12-29.06 - Administrator 12/31/2009 15:01:51.6.2 - x86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1976.1468 [GMT -6:00]Running from: G:\ComboFix.exe.((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-31 ))))))))))))))))))))))))))))))).No new files created in this timespan.(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))..((((((((((((((((((((((((((((( [email protected]_17.51.21 )))))))))))))))))))))))))))))))))))))))))..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"FingerPrintSoftware"="d:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]"TPHOTKEY"="d:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-09-30 68976]"LPManager"="d:\progra~1\THINKV~1\... Read more

3 more replies
Relevance 62.73%

Hi all,

Last night my Acer Aspire One became infected with the Xp Antivirus 2012 virus. I have dealt with this once before and suspect it may be from a shared disk I used. Anyways, last time I was able to track the problem down using some tutorials, rkill, malwarebytes and a few other malware removal tools. This time though the damage was done too quickly. By the time I knew it, no programs would launch. I couldn't access the task manager either. My laptop froze and when I tried to reboot I'd get the laptop splash screen and then nothing. I attempted to boot in safe mode and no dice.

My next step was to use Hiren's Bootcd and use Mini Xp to boot up. I was able to do so successfully but once there I was not able to get much done to fix the boot up problem. I tried identifying the problematic system file in the system32/ drivers folder but found none than looked suspicious. There was no oddly named sys file with the size 0kb.

I am at a crossroads. Should I just back my files up (since I can access them with mini Xp) and restore windows to factory settings or do I have a chance to fix this thing?
Thanks!

Chris

Answer:Can't boot up using Safe Mode - XP Antivirus 2012

You could try to repair your Boot File? This can be done by selecting r when coming into the Disk or onboard Recovery. When asked type in fixboot That should get it booting again, but please, before you do any thing further Post in the "Am I Infected" Forum http://www.bleepingcomputer.com/forums/forum103.html and include a link to this? Once there you will get expert help on Malware.Ray.

43 more replies
Relevance 62.73%

Hi, my mothers Compaq Presario Windows 7 became infected with Antivirus Security Pro.  I have tried to boot into safe mode with and without networking to no avail, it will look like it is working in but will bring up the windows screen and then indicate that it is logging off. I am unable to bring up tskmgr, mbam or rkill in regular mode.  Per a previous post I ran fst64 to get the information and am copying it below: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013Ran by SYSTEM on MININT-5T4B15L on 18-10-2013 14:58:14Running from H:\Windows 7 Home Premium (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: RecoveryThe current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [PC-Doctor for Windows localizer] - C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)HKLM\...\Run: [AS2014] - C:\ProgramData\6DXrl3Xn\6DXrl3Xn.exe [659096 2013-10-18] ()HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,,C:\ProgramData\6DXrl3Xn\6DXrl3Xn.exe -sm,HKLM\...\Policies\Explorer: [NoControlPanel] 0HKLM-x32\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)HKLM-x32\...\Run: [HP Remote Solution] - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solut... Read more

Answer:Antivirus Security Pro - Won't let me boot into Safe Mode

One more thing, in looking at the above log, is shows several restore points, however, when I tried to to access them, I was told that system restore was turned off.

8 more replies
Relevance 61.91%

Hey there,
 
My computer has recently been attacked by the Antivirus Security Pro virus. I'm a little lost on how to recover my computer because I can't boot into safe mode. I was told to purchase antivirus software to remove the ASP virus and install it in safe mode, but I can't even reach safe mode. Please help if you can!
 
Thanks,
 
CarPanthers

Answer:Antivirus Security Pro problems (can't boot into safe mode)

Can't boot in Safe Mode with Networking? (Antivirus Security Pro Virus blocks Safe Mode with Networking)
If you have more than one user account in your operating system - please log-in to the clean account and download the recommended anti-spyware software, install it and run a full system scan, remove all the security infections it will detect, however if you have only one user account please follow this guide (this guide will show you how to create a new user account using safe mode with command prompt - using this newly created user account you will be able to remove Antivirus Security Pro virus).
If Antivirus Security Pro virus also blocks your operating system's Safe Mode with Networking follow these removal instructions:
1. Start your computer in Safe Mode with Command Prompt - During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with command prompt from the list and press ENTER.
 
2. When command prompt mode loads enter the following line: net user removevirus /add and press ENTER.
 
3. Next enter this line: net localgroup administrators removevirus /add and press ENTER.
 
4. Finnaly enter this line: shutdown -r and press ENTER.
 
5. Wait for your computer to restart,  then boot your PC in Normal Mode and login to the newly created user account ("removevirus"). This account won't be affected by the infection and you will be able to downlo... Read more

2 more replies
Relevance 61.91%

Hi,

I am facing a major virus problem with my system. Task manager, registry edit and folder options of my operating system got disabled and also I am unable to boot in safe mode. If I press F8 and chose Safe Mode (with networking or any other option), pc is getting restarted again so again I had to start my pc normally.

I downloaded avira and avast and when I tried to install them, installations were being closed at the starting without any prompt messages. While googling, I came to see this forum I had downloaded hijackthis and here is my log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:56:00 PM, on 2/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin ... Read more

Answer:Unable to install antivirus & cannot boot in safe mode

Hello, sundeep38.My name is aommaster and I will be helping you with your log.I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.Thanks and again sorry for the delay.Please note that I am in the process of my training so it may take a while for me to get back to you, as each of my fixes need to be checked by a coach first.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)In your next reply, please include the following:RSIT Log

22 more replies
Relevance 61.91%

Good evening--I've been reading through a lot of posts, and it appears after an FRST scan some of the moderators will create a customized fixlist.txt to combat the specific problem. The Windows Home Premium 64-bit box has all the classic symptoms of Antivirus Security Pro with the added bonus of not being able to boot into safe mode. I can run the FRST tool, and I've attached the FRST.txt and Addition.txt results, but I can't read them very well.
 
Can anyone shed some light on next steps? Please let me know if you need any additional information!
 
Thanks in advance!

Answer:Antivirus Security Pro - no safe mode, need FRST reading

Hello gr33d,Welcome to Bleeping Computer.My name is fireman4it and I will be helping you with your Malware problem.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.If you do not understand any step(s) provided, please do not hesitate to ask before continuing.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.I will be analyzing your log. I will get back to you with instructions.Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt
HKLM\...\Run: [AS2014] - C:\ProgramData\ahrpDns3\ahrpDns3.exe [779952 2013-11-21] ()
HKCU\...\Run: [AS2014] - C:\ProgramDat... Read more

4 more replies
Relevance 61.91%

Ok. I've read all these threads regarding this horrible malware. Yesterday i noticed I was infected with this antivirus pro 2010. The computer wouldn't allow me to do much so i tried to reboot in safe mode. That was the last time I was inside Windows xp operating system. Now I can't get in through safe mode, normal mode or anything else. My computer boots just up to the Windows Xp logon screen and then shows the fastest blue screen and reboots. It repeats this cycle endless times. The last thing I tried was using the Windows xp cd to repair. Unfortunately it tells me the partition1 is (unknown) so they want to format my drive and reinstall. I'm trying to recover files on this laptop. BTW its a Compaq Presario. I even tried the recovery console to simply get a prompt and my c: drive wasn't even listed. Only some D:\MinNt

Help Please!
 

Answer:antivirus 2010 can not boot in safe mode-tried everything advised here

Antivirus Pro been removed- Hijackthis log review

Please review the log below:



Edit by chaslang: Inline and incomplete HJT log removed. READ & RUN ME FIRST. Malware Removal Guide sticky not followed.
 

2 more replies
Relevance 61.91%

I am following instructions to remove the system care antivirus on my computer, but using F8 upon startup won't work, the computer just freezes up and will not boot. If I do not use F8, it will to boot normally, but nothing opens up when I go try the Run --> msconfig method.
How can I wipe out this virus?

Answer:how to remove systemcare antivirus when safe mode will not load

Hello Campfire and elcome -
 
Do you have Malwarebytes' Anti-Malware Free (aka MBAM) already installed on your computer ??
 
Please list your Make / Model and Operating System Version (XP /Vista / Windows 7).
Also list your Antivirus and any Antimalware programs already installed -
 
Can you open the computer in Any mode (Normal / Any Safe Modes / Etc) -
 
Thank You -

4 more replies
Relevance 61.91%

Hello,
 
I have a Dell laptop which is infected with Infected Antivirus Security Pro, will not let me start in safe mode:
Windows 7 Home Premium, P4 Dual Core T4300 2.10GHz, 4.00 GB,  64Bit 500GB HD.
 
I tried running malwarebytes and all .exe file execution are blocked by Antivirus Security Pro, tried to restart in safe mode as soon as it gets to desktop it shuts down and restarts.
 
Need help removing please, Thank you

Answer:Infected with Antivirus Security Pro, will not let me start in safe mode

Before you do anything just try and "activate" it using this code, its a longshot but sometimes it works and you will be able to run malwarebytes and other tools
 
AA39754E-715219CE
 
See video for help on to do this
http://www.youtube.com/watch?v=y58O8bqx9sQ

6 more replies
Relevance 61.91%

My computer was hit with the Security Tool virus. It's possible I even allowed it through spybot -- the little spybot messages come up while I'm typing, sometimes, and if I hit the "a" key for allow, then who knows what just happened?

Anyway, I can only run ANY program from safe mode -- including task manager and any antivirus program -- and running any antivirus software will cause the computer to turn itself off. I can't download winzip from safe mode, so forgive me that the logs attached aren't zipped.

Thanks in advance for the help.

Also, I'm having difficulty with the gmer program. It only allows me to check five boxes: Services, Registry, Files, C:, and ADS. All other boxes are greyed out. Also, it only allows me to save as a .log file, which I'm not allowed to upload...

I opened the gmer log and re-saved it as .txt... hopefully nothing's lost in translation?

Ah. Completely missed this: "Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post"

Well, that explains that.

Also, here's the DDS. My apologies for losing track of some of the very simple instructions.

DDS (Ver_10-12-12.02) - NTFS_AMD64 NETWORK
Run by Qris at 15:50:19.86 on Mon 02/21/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1617 [GMT -8:00]

AV: AVG Anti-Virus Fre... Read more

Answer:Antivirus software forces shutdown in safe mode

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

Open your task manager and stop this process in bold.

uRunOnce: [gDbLmCf05200] C:\ProgramData\gDbLmCf05200\gDbLmCf05200.exe

To get to the Task Manager press the CTRL+ALT+DEL keys simultaneously.

When done delete this folder in bold.

C:\ProgramData\gDbLmCf05200\

Restart the the computer normally if you can.

Submit a fresh DDS log for my review.

Let me know what problem persists.

3 more replies
Relevance 61.91%

Microsoft XP media centre edition SP2

have seen other threads talking about things like "combofix" will this work on my laptop? Also saw one saying remove "enable third party browser extensions" which I have done but no change.

This is what happened:

I became infected by "Antivirus Trigger" which stopped everything working except thier pop ups of course.
I then was told to download Smitfraudfix which I had to download on to a disk on another computer and then could only run in "safe mode " on the infect laptop, which I did.

result - Anitivirus trigger does not now come up when machine is switched on, but nothing works in normal, very slow opening and as I try to open IE it totally freezes and says (not responding).

error says:
szAppName : iexplorer.exe
szAppVer : 7.0.6000.16735
szModName : hungapp
szModVer : 0.0.0.0
offset : 00000000

and
C:\Docume~1\gary\Locals~1\Temp\WER8555.dir00\iexplore.exe.mdmp
C:\Docume~1\gary\Locals~1\Temp\WER8555.dir00\appcompat.txt

in short, I am doing this from the safe mode on my laptop as nothing works when starting up normally,

any advice or directions would be GRATEFULLY received.

Have added HJT and here is the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:17, on 05/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\... Read more

More replies
Relevance 61.91%

My colleague 'accidentally' ran the 'Folder Virus' in my office computer,

Symptoms,

the usual,
Creating a replica of itself inside a folder with the same name as the folder
Copying itself to any external peripheral connected via USB (Pen drives, HDD etc.)
Task Manager Disabled
Regedit Disabled
Internet Explorer not working, Homepage reset to 'googleinindia.blogspot.com'

the unusual,
Cannot enter safe mode (pc reboots)
Unable to run existing antiviruses, including McAfee and Spybot S&D
Unable to run certain existing applications including MATLAB and Adobe Reader

McAfee displays an error during system startup, Spybot just sits there quietly, MATLAB encounters a fatal error (in matlab.exe)

I ran the DDS.exe, but it could only output a 'DDS' report and no 'Attach' report. I have also run the RootRepeal.exe
I am posting the DDS and RootRepeal Logs.

An early reply will be highly appreciated

Regards

Answer:TaskMgr, Regedit, Safe Mode, Antivirus not working!

Hello,We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.ComboFix should not be run unless requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Post the contents of C:\ComboFix.txt in your next reply.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: Combofix.txt log.txt info.txtThanks

2 more replies
Relevance 61.91%

Dear Computer Hope,I have been infected with this virus and need help with manual removal of files, dlls and registry entries. I can only run Windows in safe mode and I am unable to run McAfee, Hijack This, or any other spyware removal applications. I am running Win XP but don't know how to tell which service pack I have in safe mode, I'm assuming SP2. I hope you can still help. I have found instructions elsewhere on how to remove registry entries and unregister .dll files through cmd prompt but in following instructions at hxxp://wiki-security.com/wiki/Parasite/WindowsAntivirusPro I went ahead and (unwisely?) deleted the Programmes\Windows Anti Virus Pro\ folder altogether and now do not have the .dlls to unregister.  Any advice would be greatly appreciated, thanks.garddfon

Answer:Windows Antivirus Pro manual removal in safe mode

Stay out of the registry.You'll have to go here....http://www.computerhope.com/forum/index.php/topic,46313.0.htmlIf you've lost your connection, download the programs to a USB stick on a good PC and transfer them to your PC.If you have difficulty, you may have to run them in safe mode, tap F8 at start, .If you have difficulty, you may have to rename the programs when you save them.If you get stuck on a step, proceed to the next .Post the logs for step 3,4 and 6.

14 more replies
Relevance 61.91%

Hi,
 
I have a laptop running windows 7 that has been infected with Antivirus Security Pro.  When I try to start in Safe Mode the computer keeps restarting before I can do anything.
 
I can not download any malware removal or any other software.
 
I can not seem to start any programs.

Answer:Infected with Antivirus Security Pro, will not let me start in safe mode

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.    Scan with FRST (Recovery Environment)To run FRST on Vista and Windows7:For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.Plug the flashdrive into ... Read more

36 more replies
Relevance 61.91%

One of my salesmen's laptops is infected with Anitvirus Security Pro. His system is running Windows 7 Professional SP1. The system will not boot in Safe Mode (it loads through the welcome screen and then immediately logs out and restarts in normal mode) and It will also not allow access to task manager, Regedit or MSCONFIG.
 
Any assistance would be appreciated! Thanks.
 
Beth

Answer:Antivirus Security Pro - won't allow safe mode, regedit, msconfig

Hello BethI would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", thi... Read more

4 more replies
Relevance 61.91%

So I found a previous topic that I couldn't reply to and here is what I have done...
It suggested that I use the Farbar Recovery Scan Tool via the system recovery options.  Here were my results....
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2013
Ran by SYSTEM on MININT-JR029EJ on 30-10-2013 21:35:02
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [BeatsOSDApp] - C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-21] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-24] (IDT, Inc.)
HKLM\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered)
HKLM\...\Run: [MapsGalaxy Home Page Guard 64 bit] - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\AppIntegrator64.exe [548936 2013-05-20] ()
HKLM\...\Run: [AS2014] - C:\ProgramData\DV7Uns33\DV7Uns33.exe [560776 2013-10-30] ()
HKLM\...\Winlogon: [Userinit] userinit.exe,C:\ProgramData\DV7Uns33\DV7Uns33.exe -sm,
HKLM-x32... Read more

Answer:Antivirus Security Pro Virus won't boot Safe Mode

Hello scagigal I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same"... Read more

3 more replies
Relevance 61.91%

I am having an issue with my computer since I updated my iTunes and QuickTime and now anytime I try to open or run a program, it pulls up "view downloads" page and asks if I want to run or save the file. Neither option works as it simply re-opens another "view downloads" page and won't allow anything to run. I am operating in Safe Mode but same issue arises. See attached picture as anything I try to open goes to this page and keeps adding the same item over and over if you try to click run or save.
Can you steer me in the right direction?

Answer:Virus won't allow any downloads or internet in safe mode. Won't run antivirus

Hello,
Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.
Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.
If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

3 more replies
Relevance 61.91%

A friend brought me a computer because Anitvirus Security Pro would keep running on his moms laptop. I have had probably 5 different computers that have had this on them and have been able to clean them but this one is really a beast.
His system is running Win 7 and he tried a number of things before bringing it to me with no luck.
I printed off the Anitvirus Security Pro Removal instructions from this site but the laptop is not allowing the system to boot in Safe Mode and It will also not allow access to Regedit or MSCONFIG.
Any suggestions on getting control of the system back?
 
Thanks
John
 

Answer:Antivirus Security Pro - won't allow Safe Mode, Regedit or msconfig

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.    Scan with FRST (Recovery Environment)To run FRST on Vista and Windows7:For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.Plug the flashdrive into ... Read more

38 more replies