Computer Support Forum

security protection malware complete removal

Question: security protection malware complete removal

Hello all,

I have the malware Security Protection on my desktop. A quick search on google can show you what it is. Anyway, I have run MBam numerous times, each of which has removed, it seems, a portion of Security protection. However, a link of security protection still winds up residing on my decktop as well as a reloaded version of SP later on. I cant seem to fully get rid of it. any ideas?

SW

Relevance 100%
Preferred Solution: security protection malware complete removal

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: security protection malware complete removal

Hiya and welcome to Tech Support Guy

Can you run the tools in this thread:

http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html

And then post the following:

1. Copy and paste the HijackThis log.
2. Copy and paste the contents of the DDS.txt file.
3. Upload as an attachment the Attach.txt file. There is no need to zip it as suggested in the DDS instructions
4. Copy and paste the contents of the ark.txt file.

Regards

eddie

1 more replies
Relevance 75.03%

Remove Security Protection (Uninstall Guide)​
What is Security Protection ?

Security Protection is a malicious software that will display virus alerts, also known as ?scareware?, claiming malware has been detected on your computer.
The security alerts are professional looking pop-ups and when you click on them, you?re advised to buy this malicious software in order to remove the detected threats.
In reality, none of the issues are real, and are only used to scare you into buying this malicious software and stealing your personal financial information.To make matters worse, this malicious software actually installs malicious code that puts you at risk of attack from additional threats.

You may find this malicious program under the name of :

Malware Protection
Spyware Protection

<div style="background-color:#FBEDED; border: 2px solid #AC6262; padding: 5px; margin-left: 40px;
margin-right: 40px;margin-bottom: 10px;text-align: center;font-size: 14px">As Security Protection is a malicious software which can severely damage your computer, compromise your credit card security and lead to identity theft,you are strongly advised to follow our Security Protection removal instructions below.</div>
Am I infected with Security Protection ?

This is how the main screen of Security Protection looks:

[attachment=438]

[attachment=439]

[attachment=726]

Security Protection Removal Instructions
(If you experience any problems completing these instruc... Read more

More replies
Relevance 70.11%

This whole mess started earlier this week. My wife received a virus infested email from a friend. Shortly after, the internet sites started running slower. She then received the "Security Protection" pop-ups. I already had Malwarebytes installed and ran a quick scan which only showed & fixed the Security Protection virus (2 infected files).The computer stayed on the remainder of the night and when she woke up the next morning, it was worse than before. I ran a full system scan which revealed over 40+ infected files. I thought Malwarebytes successfully found all the viruses and the computer ran well for a few hours and then my antivirus program 'Microsoft Essentials' shut down and the computer began locking up. I tried several times thru a hard-boot to run Malwarebytes again but it would run for a few seconds and then shut off. I have ran the various logs requested from reading the other posts but when trying to run GMER, the scan wouldn't finish and would shut off too.LOGS:::DDS (Ver_2011-08-26.01) - NTFSx86 NETWORKInternet Explorer: 8.0.6001.18702Run by Kevin at 20:26:48 on 2011-08-31Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.681 [GMT -4:00].AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}.============== Running Processes ===============.C:\WINDOWS\2440225872:2937818478.exeC:\WINDOW... Read more

Answer:started with Security Protection Virus now complete shutdown...Please Help!!

This topic is a duplicate of the one properly posted here: http://www.bleepingcomputer.com/forums/topic416950.html Posting more than one topic on the same issue is called double-posting and is not allowed on this forum because it can create massive confusion and in this case make the malware removal process more difficult and time consuming. Therefore, this topic shall be deleted.Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.Please note: you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and co... Read more

1 more replies
Relevance 70.11%

This whole mess started earlier this week. My wife received a virus infested email from a friend. Shortly after, the internet sites started running slower. She then received the "Security Protection" pop-ups. I already had Malwarebytes installed and ran a quick scan which only showed & fixed the Security Protection virus (2 infected files).The computer stayed on the remainder of the night and when she woke up the next morning, it was worse than before. I ran a full system scan which revealed over 40+ infected files. I thought Malwarebytes successfully found all the viruses and the computer ran good for a few hours and then antivirus program "Microsoft Essentials" shut down and the computer began locking up. I tried several times thru a hard-boot to run Malwarebytes again but it would run for a few seconds and then shut off. I have ran the various logs requested from reading the other posts but when trying to run GMER, the scan wouldn't finish and would shut off too.LOGS:::.DDS (Ver_2011-08-26.01) - NTFSx86 NETWORKInternet Explorer: 8.0.6001.18702Run by Kevin at 20:26:48 on 2011-08-31Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.681 [GMT -4:00].AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}.============== Running Processes ===============.C:\WINDOWS\2440225872:2937818478.exeC: ... Read more

Answer:started with Security Protection Virus now complete shutdown...Please Help!!

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

3 more replies
Relevance 69.29%

I created this thread in the "Am I Infected" area first and was told I should make a post over here.http://www.bleepingcomputer.com/forums/topic414198.html/page__gopid__2370897#entry2370897A quick summary.Infected with the Security Portection Malware yesterday, initially it tried getting me to download the bogus software.I rebooted in safe mode, and tried running the uninstall guide.Rkill, would run but it would complete and say it has found nothing.TDSSkiller, Malwarebytes, Superspyware I was able to download and install but once a scan was started they were shutdown and removed.My antivrus, (microsoft security essentials) is now shut off and cannot run.Also there is a process that shouldnt be there (2643737432:2814667618.exe) that I cannot terminate and is obviously part of the problem.I am in the process of completing the DDS and GMER logs and will post them shortly, I need to try to post them from the infected laptop, however bleepingcomputer was redirecting earlier so it might take me a bit.Thanks for any advice and help! This is the first time I havent been able to get rid of one of these tricky bastards on my own.Success with DDS!GMER will not complete the scan, it starts and gets shut down and the program removed so it wont start again without re-installing.DDS.txt.DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Run by Rob at 16:45:34 on 2011-08-13Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.10... Read more

Answer:Security Protection Virus.... Unable to complete uninstall guide

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

24 more replies
Relevance 67.24%

Wiindows XP (home) SP-3
Pentium D
2.80Ghz
Antivirus- Norton 360 & Firewall.

:-o
Hi there and thanks for the instructions on the subject. Bloody good info.
I have run the tools, one url was invalid and couldn't download the tool (MG-Tools)

SUPERAntispyware Results found some items (will be in the attachments text)

Malewarebytes Results also found some items (as above)

MGTools (Problem) URL IS INVALID AND COULD NOT INSTALL THE SOFTWARE.

I hope this is all the information you require.

My son run a keygen a couple of weeks ago and i just found out yesterday. Hit the roof! "Buy the bloody stuff if you like it"
I said!
Been running slower all the time and norton 360 caught a couple of things. Tried to remove the quarentined in 360 but found i couldn't if you want me to follow the instructions i did and it don't work for norton 360.

Thanks in advance for taking the time to look through the information i have given in the post and any help will be appreciated
 

Answer:Malware Removal Complete/Help please....

i managed to download MGTools and run it but for the life of me can not upload the results! Do i need to start a new thread to do this????
 

6 more replies
Relevance 66.42%

Here is what happened so far:My browser started redirecting some of my requests to totally unrelated webpagesI did a virus scan and found several includingRKIT/TDSS.DJAVA/Agent.HNTR/BHO.GenI removed them with my antivirus software (Avira Antivir)Then I checked with Gmer which showed a suspicious activityI ran TDSS KillerAfter reboot Gmer and TDSS Killer did not show anything suspicious any moreI then unistalled Firefox and download it new from Mozilla and reinstalledHowever it is still acting strangely -when I try to call webpages it stalls on several of them and seems to try to do something (redirect?) when the websites are loading code from google-analytics.comThis does not happen when I use Safari instead.I ran Rkill, which reported nothing.I ran DDS with this result CODEDDS (Ver_10-10-10.03) - NTFSx86  Run by  at 20:56:52,32 on 16.10.2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_21Microsoft Windows XP Professional  5.1.2600.3.125... [GMT 2:00]AV: AntiVir Desktop *On-access scanning enabled* (Updated)   {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\S24EvMon.exesv... Read more

Answer:Malware Removal complete? Somewhat doubtful

Not supposed to bump - I did read - , but not sure if it went underI know how frustrating it is when your computer isn't working properly. Let me assure you that your topic isn't lost, forgotten, or ignored. We work with hundreds of logs every day, so we have devised a means of seeing only those topics that don't have responses yet, which is why this is done as an edit rather than a response. At the moment, we have nearly 400 unanswered topics, the oldest dated Oct. 7, 2010 at 7:31 pm Eastern Daylight Savings time in the U.S.A. Your log topic is dated Oct. 16, 2010 at 3:11 PM using the same time zone.Our volunteer MRT team members have various levels of expertise and training, so while we try to take the oldest DDS/HJT logs, it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us would want someone to assist you who is not familiar with your issue and attempt to fix it.Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notific... Read more

4 more replies
Relevance 66.42%

Hello, I am trying to fix my neighbor's laptop (XP HOME, don't know what SP) but I cannot perform the fist step in the "Read & Run me first malware removal guide".

Here's why:
the neighbor came back from lunch to find her screen saver had locked her out of the PC asking her for her password. She had not set an account password, it just appeared. When I try to log in as admin i get a mesage that says "unable to log you in because of an account restriction".
If I try to reboot, windows says it is installing updates (4 of 4). it does this every time.

I can log in as admin but only under safe mode. When i try to remove Search Assist (via add remove programs) Windows tells me that the windows installer service could not be accessed because I am in safe mode.

I do not know where to start.
 

Answer:cannot complete malware removal 1st step

Do the rest of the steps as best you can from safemode - then perhaps we can work back from the top.
 

5 more replies
Relevance 66.42%

hey,i originally started the thread here and one of the admins suggested that i start the new one in this section. so here are the logs.DDSDDS (Ver_09-12-01.01) - NTFSx86 Run by sodina at 14:49:33.25 on 02/16/2010 TueInternet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Professional 5.1.2600.3.949.82.1033.18.3063.2684 [GMT -5:00]AV: 알약 *On-access scanning disabled* (Updated) {B9431E5A-E196-4B6F-843A-10E01DB25461}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exeC:\WINDOWS\system32\ctfmon.exesvchost.exeC:\WINDOWS\system32\fsproflt.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\conime.exeC:\Documents and Settings\sodina\Desktop\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://msn.com/mStart Page = msn.comBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program... Read more

Answer:Complete Removal of Internet Security 2010

okay, so i see there are still some remnants under trusted zones.i can also see some in registry. please recommend me a proper tool to get rid of any remaining.thanks.===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you... Read more

21 more replies
Relevance 66.42%

I recently was unfortunate enough to have my computer get infected with " Internet Security 2010" (which I believe is a virus or something like that) and I've already taken some steps in an attempt to remove it, but it's still clinging on.

First of all I'm not entirely sure that internet security 2010 is a virus but seeing as it downloaded itself onto my computer without my permission im assuming that it is indeed what's causing the issues.

When it first came to my attention, what happened was internet security told me my computer was infected and downloaded itself. All sorts of virus warning pop-ups started coming and my computer slowed down and lost some of its functionality. I immediately ran a full scan with Malwarebytes while leaving the countless pop-ups alone, seeing as they just came back if i got rid of them. While that was happening i looked for internet security on my desktop and deleted any parts i came across but i couldn't find it under the add/remove programs thing. Malwarebytes finished it's scan and I removed the infections it had found and restarted my computer as it said i needed to.
When the computer loaded back up the pop-ups stopped but the warning sign that took over my desktop was still there. I then ran a spybot search and destoy scan but it came up with no infections. This is when i tried looking up the infection, only to find i can't. My internet connection is fine, i ran the diagnose connection probl... Read more

Answer:Internet Security 2010 complete removal

I have the same problem. I put up a post yesterday about it and am just about to try the suggested steps now myself. Check the below link to view the topic.http://www.bleepingcomputer.com/forums/t/284677/internet-security-2010/

20 more replies
Relevance 66.42%

Followed instructions from here:http://www.bleepingcomputer.com/virus-removal/remove-security-protectionTDSS Killer detected something, but it was locked so it took no action to clean or remove.Proceeded with RKILL and MBAM install, but of course MBAM isn't able to update. What do I do from here? ThanksAlso, what advice can I give to my family to avoid this? Only 4 weeks ago my everybody's computer except mine was infected with XP Home Security (All have AV software). They do a fair amount of e-mail, youtube, browsing, etc., and they know not to blindly click on links/downloads. Any other advice you can suggest I give to the less-technologically literate, to help avoid infections in the future? Thanks*I tried running DeFogger first and the TDSSKiller again, and now it says "no infections found." MBAM still doesn't update.**Edit AGAIN - Ran SmitFraudFix, then realized I didn't even plug in the ethernet cable. Was able to update MBAM after and everything is working fine now, though I think SmitFraudFix may have partially fixed the problem? I was able to run programs (including mbam) upon reboot without having to use rkillHere's the log:.DDS (Ver_2011-06-12.02) - NTFSx86 NETWORKInternet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15Run by Administrator at 21:17:27 on 2011-06-20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3006.2723 [GMT -7:00].AV: BitDefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}AV... Read more

Answer:Security Protection Removal -

Hi, Welcome to Bleeping Computer.My name is Shannon and I will be working with you to remove the malware that is on your machine.I apologize for the delay in replying to your post, but this forum is extremely busy.Please Track this topic - On the top right on this tread, click on the Option button, and, in the drop-down list, click on 'Track this topic'. Under Subscription Information, click on 'Immediate Email Notification' and then click on the Proceed button at the bottom.Do Not make any changes on your own to the infected computer.Please set your system to show all files.Click Start, open My Computer, select the Tools menu and click Folder Options.Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.Uncheck: Hide file extensions for known file typesUncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Now, let's look more thoroughly at the infected computer -We need to see some information about what is happening in your machine. Please perform the following scan:We need to create an OTL Report
Please download OTL from here:Main MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Change the "Extra Registry" option to "Use SafeList"Push the button.Two reports will open, copy and paste them into your reply:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedPlease note: ... Read more

2 more replies
Relevance 66.01%

Infected by viruses, ran Spybot and Malwarebytes, MWB had been turned off, not normal. Still had problems, so Completed Read Me steps, Still have problems

Computer would not operate in std mode, so steps up to combofix were done in safe mode. Safe mode did not allow uninstall of Java, so this step was skipped.

Running Vista 64 so RootRepeal was not done.

Everything was fine for a few minutes. Browsed major geeks for a moment and start-up programs seemed fine.

When re-enabling user account control, double clicking the EnableUAC.reg brought up the windows does not recognize this file extension, browse to find the correct program. Tried twice, same result. So i did it manually through control panel and rebooted. Everything fine.

After re-start, step 6 of Vista instructions, right clicked Computer and things went bad. Computer locked. Tried a few times rebooting and problems got worse. Now in STD mode computer locks or screen goes black. Task manager will not come up to see what apps and processes are running. Sometimes desktop or startmenu will fade to grey and everything locks.

Also of note, in STD mode, I get a pop-up window titled Security Alert: You are about to view pages over a secure connection... no one will be able to see pages etc. I closed the window clicked google chrome to nav to Majorgeeks and all seemed well enough. Clicked restore pages, then naving MajorGeeks the browser locked with the message waiting on cache.

Now computer boots in STD mod... Read more

Answer:Malware removal steps complete, still have problems

Other MWB logs attached...
 

49 more replies
Relevance 66.01%

Hi, I am very new to this spyware stuff and i want to completly remove it from my system, PLEASE I AM DESPERATE FOR SOME HELP. Thanks.

Mitesh
 

Answer:Complete Removal Of Spyware Malware adware etc

12 more replies
Relevance 66.01%

I have a post here: http://forums.techguy.org/general-security/918356-how-do-you-bill-charge.html#post7342582 that discusses the aspects of how you would bill a customer when you have done a malware removal and complete update / protection of system that takes many hours to complete.

One of the things I note in that post is there would likely be comments on what you would do to speed up the process or how you would go about doing it to keep the total hours down to a minimum.

What I would like to discuss here is how and what do you do to keep the total number of hours down when you are doing a complete malware cleaning of a unit with your average to tough malware as well as when you are having to completely update the OS (service packs), install anti-malware tools, update programs, and etc to make the system as defensive as you can for your customer.

Let me give some examples from the other post and then please give feedback on how you handle these situations.

Let's say I have a client with a personal computer. They have 80GB of actual data all on the same drive as the OS, they have very little protection in place, their OS is multiple service packs behind, and they have multiple unknown pieces of malware on the system.

So let's say you go through the normal process of running the 2 to x number of tools you normally would run to clear of malware. You also go through your own personal investigation to catch things not found by the anti-malware tools. You then p... Read more

Answer:How would you go about doing malware removal and protection?

6 more replies
Relevance 66.01%

Hi all,
Requested Files attached

Original post below:
My PC is is/was infected by "Best Malware Protection". I've run Malwarebytes Anti malware and Combofix which seems to gotten rid of the annoying pop-ups - and to all intents and purposes has fixed the problem. I manually removed via HiJackthis's delete on reboot feature the hosts file that was permanently locked.

However when I now run Combofix it still tells me that a real time scanner is active - and tells me it is called Best Malware protection - asks me to disable this before continuing.

I cant seem to disable and am hoping someone can explain what i need to do to remove/disable. Besides this, computer seems to be running fine again.

Thanks everyone,
Mark

Answer:Best Malware Protection removal

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not d... Read more

2 more replies
Relevance 66.01%

I have a post here: http://www.bleepingcomputer.com/forums/t/311540/how-do-you-bill-charge-for-malware-removal-and-computer-updates/ that discusses the aspects of how you would bill a customer when you have done a malware removal and complete update / protection of system that takes many hours to complete.One of the things I note in that post is there would likely be comments on what you would do to speed up the process or how you would go about doing it to keep the total hours down to a minimum.What I would like to discuss here is how and what do you do to keep the total number of hours down when you are doing a complete malware cleaning of a unit with your average to tough malware as well as when you are having to completely update the OS (service packs), install anti-malware tools, update programs, and etc to make the system as defensive as you can for your customer.Let me give some examples from the other post and then please give feedback on how you handle these situations.Let's say I have a client with a personal computer. They have 80GB of actual data all on the same drive as the OS, they have very little protection in place, their OS is multiple service packs behind, and they have multiple unknown pieces of malware on the system.So let's say you go through the normal process of running the 2 to x number of tools you normally would run to clear of malware. You also go through your own personal investigation to catch things not found by the anti-malware tools. You then ... Read more

More replies
Relevance 65.19%

When I try to run a scan from usind AVG anti-virus, Avira, Windows Defender, or SuperAntiSpyware; when the scan gets to a certain point, Windows shuts computer down with a blue window. It says Kernel_Stack_ Inpage_ Error plus some standard verbage about if you recently installed sortware/hardware,see administrator, etc. At bottom it says: STOP: 0x00000077 (0x00000001, 0x00000000, 0x00000000, 0xF79B1D24). I could sometimes run AVG scan in "select drives/folders" mode but recently it quit allowing that after I upgrade to AVG 9 (free). I uninstalled AVG and went to Avira but with same results. Scanning with Windows defender did the same. I recently installed and ran SuperAntiSpyware and was able to pinpoint problem to " System Volume Information" directory. I am unable to open to see contents as Windows shows no files in it. When I ask Ariva to scan it, Ariva says no files also but if I use AntiSpyware to scan, it shows many files during it's scan but will get to a certain point and computer will shut down. I can almost see file that shuts it down but it happens too fast to catch it. I was able to run "RootRepeal" and log is below. I was not able to run "DDS.scr".

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/30 13:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepe... Read more

Answer:Unknown malware/virus won't let any anti-virus/windows defender/malware removal progran to complete scans

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

23 more replies
Relevance 65.19%

Here is the issue I was having prior to the "read me first" steps:

1) Search engine redirect: where I search for something via google, bing, or yahoo and when i click on the results it sends me to some unrelated website

Here are the issues i am having after "read me first" steps:

1) Search engine redirect: where I search for something via google, bing, or yahoo and when i click on the results it sends me to some unrelated website

2) I am having trouble opening file folders. I get an error message the windows has stopped working and then it searches for a solution and shuts down. I cannot even open up the file folder.

3) When I right click a file or folder, a windows installer window appears and attempts to either download something or install something. It seems to have something to do with Adobe.

I have no clue what all these logs mean. I just followed the steps and retrieved these logs.


View attachment combofix log.txt



View attachment 140457



View attachment defogger_disable.log



View attachment hijackthis.log



View attachment mbam-log-2010-07-02 (03-36-52).txt

[/ATTACH]
 

Answer:Malware Removal Instructions Complete... Problems still exist

View attachment MGlogs.zip



View attachment RRlog.txt
 

11 more replies
Relevance 65.19%

Got kicked after i typed up a very long post and now its gone.. Followed windows Vista fix guide got nowhere Tried windows 7 malware removal. The issue is with my laptop shut down the primary problems but still getting google redirects empty start bar and hidden files all over the place System is very much still infected.

1.SAS failed to install, Portable crashes after 5000 scans (2 threats) Skipped
2.MBAM installed updated crashes after 25 seconds no scans made (afterwards it seems to be deleted as i have to install it and update it again to re run it) Skipped
3.Combofx Get an alert about a Virut possible and contaminated file, deleted downloaded from place it mentioned same thing, try launching again it launches but hangs on scanning (let go for over an hour) Deleted redownloaded same results.
4. Skipped rootrepeal as i'm running vista 64 bit
5. Running MGTOOLS After getting an error about a missing file it continues to search for different things will post when it finishes or fails...Shortly after agreeing to the hijackthis acceptance Something kept opening a compose mail Window, as nothing in the guide refers to this i would close to, never got a scan completed finish on MGTOOLS it simply close and no log file exists where it should be.. Attempting to run it again but i believe this is enough information to get the ball rolling, Again no log files exist for any of the scans as they couldnt finish. Hoping for help in a big way ~Menace
 

Answer:Windows Vista Malware Removal Complete Failure

Have you tried running the scans in safe mode?

Please download and save the below tool from Grinler @ bleepingcomputer to your Desktop or anywhere else you can find it ( if the Desktop is not showing )

http://download.bleepingcomputer.com/grinler/unhide.exe

Now run it. Now see if you can find the items that seemed to be missing?

Now try to run this:
TDSSkiller - How to run

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Administrator


You only need to get one of them to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif
* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.

If you are having problems running Rkill, you can download iExplore.exe or eXplorer.exe, which are renamed copies of Rkil... Read more

26 more replies
Relevance 65.19%

I recently installed a new virus protection program(Norton Internet Security Online) and have been having problems eversince. I now get a message that my computer has had a serious error and wants me to send a message to Microsoft, also it shuts down and reboots seemingly at random. I tried to run a scan using the new virus program but the computer shuts down and reboots after it scans a particular number of files, then I tried running Windows Malware Removal Tool that also makes it shutdown and reboot. I'm including the files in the error report, the error signature, and a logscan from Hijack this. Hopefully you can give me some help.

THANKS
haneline
files included in error report
C:\DOCUME~1\Larry\LOCALS~1\Temp\WERe270.dir00\Mini012810-16.dmp
C:\DOCUME~1\lARRY\LOCALS~1\Temp\WERe270.dir00\sysdata.xml
error signature
BCCode: 9c BCP1 : 00000002 BCP2 : 8054E0F0 BC3 : F6002000
BCP4 : 0000017A OSVer : 5_1_2600 SP : 3_0 Product :256_1
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 2:50:13 PM, on 1/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Progra... Read more

More replies
Relevance 64.37%

What is Best Malware Protection?

Best Malware Protection is a fake system security software that is considered as a Rogue. Rogues are malicious programs that hackers use to trick users by displaying false threats and problems that it claims to have detected. In reality, none of the issues are real and are only used to convince the user into buying their software and stealing their personal financial information
Am I infected?

This is a screenshots of this rogue.

Removal Instructions
(If you experience any problems completing these instructions, please start a new thread here)

1. This rogue adds a proxy server which prevents the user from accessing the internet. To remove this proxy server, start Internet Explorer. Under Tools, select Internet Options.

Select the Connections tab. Then click on LAN Settings.

Un-check the boxes under Proxy server if they are checked. This will remove the proxy server and allow you to use the internet again.

For Firefox users, go to Tools > Options > Advanced tab > Network > Settings > Select No Proxy

2. After getting rid of the proxy, restart your computer. As soon as your computer turns on, tap F8 until you reach the Advance Boot Menu. Use the arrow keys and select Safe Mode with Networking .

3. Download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3
Save it to your Desktop.
Double click the RKill desktop icon.
It will quickly run and launch a log. If it does not launch a log, tr... Read more

More replies
Relevance 64.37%

Hello and good evening my friend just rang me, she seems to have downloaded, total security protection which I found is rogue software, and it says her laptop is infected......and I need to remove this for her.....i just want the easiest way to remove this dodgy software!!!!! ASAP!!!!

Answer:Total security Protection...rogue software removal

click here

10 more replies
Relevance 64.37%

I am running Windows XP Pro, version 2002, SP3 on a Dell Lattitude D630 laptop. I recently was hit with the Google redirect virus redirecting to 63.209.69.107 and others. About the same time a new shortcut appeared on my desktop called "Security Protection". I downloaded and ran Malwarebytes. I ran it several times until it not does not find anything malicious. The problem now seems to be twofold. When the computer is connected wirelessly or with cable there seems to be internet activity happening but I can not access the internet at all. I can connect to my VPN (Sonicwall) but can not connect to my server at work. Also the shortcut is still on my desktop. Not sure if it is just the shortcut or if I still have some thing there.

I have been here before and got great assistance. Could use help again.

Answer:Google redirect and "security Protection" shortcut removal

We have a removal guide for this infection here: http://www.bleepingcomputer.com/virus-removal/remove-security-protection Please let us know if this resolves your issues.

Orange Blossom

1 more replies
Relevance 63.55%

I?m running Windows XP (2002). Yesterday, I had the ?Hard Drive Diagnostic? issue that I removed using the self-help guide. I ran rkill, Malwarebytes? Anti Malware, and Unhide.exe. Doing so took care of all problems and put all of my documents back in the ?my Documents? folder, except that the start menu shortcuts were not there (a bunch of empty folders where I anticipated links to MS Word and the like) and the background of my desktop had changed to the basic blue (or whatever that color is). I tried to follow the advice today of disabling antivirus software and running unhide.exe again; however, I was shortly being bombarded with the annoyance of Malware Protection. (I should note just prior to doing disabling AV software, I ran a Malwarebytes scan to make sure I wasn?t missing anything and came up with zero infected files.)

I tried starting in Safe Mode with Networking and running rkill; however, every time that I did so, the command window would open and state hat it was running and to be patient. Less than a half minute later, I would get a desktop message: ?Windows is running in safe mode. This special diagnostic mode of Windows enables you to fix a problem which may be caused by your network or hardware settings. Make sure these settings are correct in the Control Panel and then try starting Windows again. While in safe mode, some of your devices may not be available. To proceed to work in safe mode, click yes. If you prefer to use System Restore to restore your co... Read more

Answer:Malware Protection removal and TDSS Killer not working

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

29 more replies
Relevance 63.55%

Hi,I have tried many ways to get rid of some Malware that has only recently infected my PV. I hope someone can help me as this is my work PC and I need to plug back into my office network in a few days, but think this would be a bad idea at the moment.The problem first showed itself by insisting I had many viruses etc, and I should install Internet Security 2010. I have installed Malware Bytes removal tool, and installed as instructed. It found the above, said it was removed, but still it appears to exist, although the name of the infection has changed a few times, and is currently redirecting my brower to a similar page to the above malware. A popup now shows that I should install Cyber Security to remove the infections. This is obviously another malicious antivirus/malware program.I have McAfee Enterprise installed (which I can't seem to disable)I have also run SuperAntiSpywarePlus, which did the trick removing a similar problem about a year ago on a different PC. However, although this program also finds problems, and supposedly removes t5hem, the problem is still there.Please help. I have shown Hijackthis log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:58:42 PM, on 29/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\... Read more

Answer:Cyber Security removal; Malware removal not working

Hi,I have tried everything I know of to remove this pesky piece of malware. It seems to keep changing names, starting out as Internet Security 2010, and redirecting me on a google search to a webpage trying to convince I was riddled with viruii and malware, and then trying to sell me thier software, which is really just a scam. I ended up here after a few days of tearing my hair out, almost beaten. I went through the tutorials, but unfortunately that was before I fired off a post in desperation. Please delete my previous post, as I have now followed the suggested path, and run the utilities to help diagnose my problems. The resulting files are attached.Please help. I hope the files uploaded can provide an insight into whats happening.Apologies for jumping right in and posting a Hijackthis log before I had read the tutorials.ntents belowDDS.txt contents pasted belowDDS (Ver_09-12-01.01) - NTFSx86 Run by Greg.Middleton at 15:30:23.26 on Tue 29/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.3063.2330 [GMT 9.5:30]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\windows\Syst... Read more

3 more replies
Relevance 63.14%

I have the latest Norton Antivirus Protection. In reading some posts, i have read that sometimes a malware virus may infect even if one has protection. Is there a product that effectively does both?

Answer:Malware & Security Protection

No security software is foolproof.

4 more replies
Relevance 62.73%

What is "Microsoft Security Essentials ENHANCED PROTECTION MODE" ?

"Microsoft Security Essentials ENHANCED PROTECTION MODE" is a fake system security software that is considered as a Rogue. Rogues are malicious programs that hackers use to trick users by displaying false threats and problems that it claims to have detected. In reality, none of the issues are real and are only used to convince the user into buying their software and stealing their personal financial information
Am I infected?

This is a screenshots of this rogue.

[attachment=663]

Removal Instructions
(If you experience any problems completing these instructions, please start a new thread here)
1. Restart your computer. As soon as your computer turns on, tap F8 until you reach the Advanced Boot Options. Use the arrow keys and select Safe Mode with Networking .
2. Download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3
Save it to your Desktop.
Double click the RKill desktop icon.
It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
(This tools will kill the rogue's process temporarily. As a result, act quickly and move on to the next step.)

3. Download Malwarebytes' Anti-Malware to your desktop.

Rename the file to firefox.exe BEFORE downloading
Double-click firefox.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes&#... Read more

More replies
Relevance 62.73%

Why do I get warnings from Windows Security Center in Vista Premium that Malware Protection "cannot detect any anti virus in operation" when I have Kaspersky I S v7 running? Same window shows that Windows Defender is turned off. Is that because Kaspersky wants it off?

Answer:Security Center Malware Protection

You can turn off this annoying little feature if you are confident that you are protected.Defender is useless and you may as well leave it off.Open security settingsOn the Malware protection tab, expand it.Choose "Show me my options"Choose "I have a malware programme and I will monitor it myself"

4 more replies
Relevance 62.73%

Hello All,

Yesterday I my laptop got infected with the Security Protection Malware.

I attempted to follow the uninstall guide posted by Grinler with no luck.

My issue is that nothing seems to work.

Rkill, TDSSkiller and any anti-malware/anti-viral software I have tried will not scan, will not open, or will shut down once it starts scanning.

After the initial part where it was trying to get me to purchase the fake software, that has not reoccured, however I have been getting a couple of redirects and there is an odd process running in task manager. (2643737432:2814667618.exe) that I cannot terminate.

Any help would be appreciated.

Thanks,

Answer:I think Im infected.... Security Protection Malware but cannot get rid of it

With the information you have provided I believe you will need help from the malware removal team. Please make sure that you read the information about getting started first.Then start a new thread HERE and include or required logs.Including a link to this thread will be helpful. Good luck and be patient. Help is on the way!

3 more replies
Relevance 62.73%

My wife's laptop pops up a "Windows Security Center" alert in her tray periodically (few times a day) and firing up the Security Center says her "Malware protection" has been disabled.  If we wait long enough, it re-enables itself (5 - 15 mins?)Irritation factor: HighThreat factor: UnknownHer LT: Sony VAIO, Vista Sp1, 2 months old.My LT: HP Entertainment, Vista Sp1, 6 months old.Both laptops:Firewall: Comodo (mine), Windows Live OneCare (hers)AntiVirus: Windows Defender (both ON), AVG-free (both ON)AVG scans daily at noon on both machines. The Sony's odd "alert" behavior doesn't occur on mine.  AVG scans have fairly clean results (warnings only, which I assume are for tracking cookies.)My internet habits are fairly restricted: 8 to 10 "safe" sites.  She spends time on Pogo.com and collects recipes.  We both email (Yah__) and play the occasional amusing *.wmv video capture friends send to us.Anyone familiar with this behavior?  Is something venomous going on?Thanks...

Answer:Security Alert: Malware protection is OFF

QuoteBoth laptops:Firewall: Comodo (mine), Windows Live OneCare (hers)AntiVirus: Windows Defender (both ON), AVG-free (both ON)The real-time protection of two antivirus programs may conflict with each other and cause the following:1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.2) Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.3) Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.Uninstall OneCare or AVG and see if it stops. You should never run two antivirus or firewalls at the same time.

1 more replies
Relevance 62.73%

This is my first attempt at using this forum, so bear with me. I am not a very computer literate person, I live in Mozambique and my computer has AVG (paid version) installed. Since yesterday the security notification window tells me my malware protection is off and I cannot get it back on. I tried to run xsoftspyse but it does not run on vista. What are my options? I would like to check my computer for problems. which scanner can I use with vista? will i need to reinstall avg? Thanks for any help.

Answer:Malware protection turned off AVG Security

Over the years that I've been using AVG, it's gotten messed up several times.
I usually just do a re-install and that fixes it and I move on.

Before doing that, you might check in "services.msc" and see if all the AVG modules are set to Automatic and running......if not running see if you can START the service.

You might also do a System Restore (Registry Restore) to a point just before the problem started. I use that feature of windows at least once a week to fix one thing or another.

Failing that, I would definitely RE-Install AVG and take the "Repair" option during the beginning of the install.

Good Luck!

Shadow

3 more replies
Relevance 61.91%

Hello,
I have followed the wonderful "BleepingComputer" online proceedure for removing "Security Protection" malware from my computer. When TDSSKiller was originally run it saw three bugs. 2 of which it removed but the third was "hidden" and TDSSKiller could do nothing about it. No could MalwareBytes or anyother spyware program I could aply to it. I have tried it several times but no luck. The online proceedure indicated that if this was the case I should follow the proceedure for posting my problem for youall to see what could be done to correct it.

HP Compac DC5700 small form
Pentium 4 CPU 3.2GHz
XP Professional service pack 3

DDS.txt contents.
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Administrator at 17:34:09 on 2011-08-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.718 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\Defogger.exe
.
============== Pseudo HJT Report ===============... Read more

Answer:Trouble clearing out "Security Protection" malware

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.Please download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to contin... Read more

8 more replies
Relevance 61.91%

No programs will run in 'Normal Mode'; therefore I restsarted and initiated 'Safe Mode'. It never boots into safe mode; before it even finishes loading the drivers it restarts.

Please Help!!

Answer:Security Protection Malware/Spyware Infection

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/424320 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

26 more replies
Relevance 61.91%

I'm using McAfee VirusScan Enterprise 8.5.0i

Windows tells me "McAfee VirusScan Enterprise is on but is reporting its status to Windows Security Center in a format that is no longer supported. Use the program's automatic updating feature, or contact the program manufacturer for an updated version."

I've tried updating it 3 times so far, and it tells me everything is up to date. I'm unsure as to why this problem is persisting.

Answer:Windows Security Alert - Malware Protection

Don't worry about it, as long as you know that McAfee is running correctly, disregard Windows Security center. It is probably a bug. I had that problem when I first installed Avira.

1 more replies
Relevance 61.91%

Good day all,
I'm not sure what this is, please help:confused
I have installed Pccillin, and updated... the issue:
Windows Security Center >Malware Protection is telling me that my anti virus and Spyware are out date.
How can I get this resolved?

Thank you.
 

Answer:Windows Security Center Malware Protection

Not a malware issue so thread moved to Software Forum.
 

4 more replies
Relevance 61.91%

Hello,

I've been infected with the "Security Protection" virus. I followed the removal protocol listed on your website and ran Malwarebytes in safe mode with networking. It seemed to find the virus but after the computer restarted in regular mode I still found the "Security Protection" icon on the desk top. I am also still experiencing Google and Firefox redirects, so it appears that the virus has not yet been eliminated. I would appreciate some assistance in cleaning my system.

The Malwarebytes log is below:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7609

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

8/30/2011 6:08:43 AM
mbam-log-2011-08-30 (06-08-43).txt

Scan type: Full scan (C:\|)
Objects scanned: 368466
Time elapsed: 51 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Security Protection (Rogue.SecurityProtection) -> Value: Security Protection -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items d... Read more

Answer:"Security Protection" Malware - Ran Malwarebytes but still have redirects

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

20 more replies
Relevance 61.91%

When the fake XP 2012 Security Center popped up, it's activity and nonstop fake threat pop ups scared the crap out of me, but I knew I had aquired a virus. I noted down some key behaviors and turned to my only other internet connection: My old Moto Q smartphone to begin web searching for information. I have spent literally hours on the search from my phone, viewing webpages and forums most in a single column a few words wide. I read everything I could find on tis site, without printing capabilities I hand copied tutorials and guides. This started nearly two weeks ago.
I had a brief opportunity at a clean computer with a USB, and a list of every tool I might need, I can't even save tools to the miniI followed given directions for this specific .malware removal, san disk this thing uses.
After days at it, I think I am at the light at the end of the tunnel, but I need help with the most annoying, and ddifficult hurdle: I cannot get my PC back online. I followed the prep and I have my logs and Ive got them on the mini sandisk to hopefully be able to post them through my crappy old phone. this has been a nightmae, but this site and all the volunteers are my new heros! Im crossing my fingers now, as Im about to get these logs up and not lose all this that Ive typed.

Answer:Nightmare battle with the rouge trojan XP Home Security 2012, possible complete removal but with loss of Internet connectivity

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/433968 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 61.09%

hI I was wondering if someone could help me with something you see I have this problem I installed Microsofts One care scanner on my computer but it did not work so the other night I decided to uninstall it. So when I uninstalled it I did not realize that it would impacted Windows security center at all so I went to go into the security center and found that everything else was green except malware protection the bar is yellow. What I would like to now is their a fairly easy solution to fixl this problem. When I pulled down the menu on the yellow malware protection bar it said that my antivirus was still on but that it was reporting it to windows security center in a format that is not supported. For me to automatically update the program or call the manufacturer for a newer version. I have all the current updates on my computer. Widnows Defender is on and is still protecting my computer and my firewall in security Center is green and other security bar is also green.

What can I do to fix this problem so I can get malware protection to go back to green.

I am not an advanced user

some info that mgiht be helpful:

Windows Vista home basic

please if any one could help me thanks very much

please explain your solutions how to fix this problem in detail please

bye for now Howard31
 

Answer:Having trouble with Security Center Malware protection is yellow

Microsoft stopped Windows OneCare and replaced it with a free "Secutiry Essentials" package. To stop the security centre popup, you can either tell it to ignore that you have no AV software (not recommended) or install some

You can try the new Microsoft SE package (free) here : http://www.microsoft.com/Security_Essentials/

Or, if you don't like that then you could try Avira AV (also free) : http://www.avira.com/en/download/index.html
 

3 more replies
Relevance 61.09%

Hi,

I have some sort of malware/virus that I can't for the life of me seem to get rid of. I am running Trend Micro Internet Security and PC Tools Spyware Doctor. I have also run Ewido and Ad-Aware SE. and CleanUp. - deleted all temps, cokkies etc.

I have read the Antivirus Gold blog from this website and done as instructed with SmitFraudFix.zip.

I have even removed a file that I think is causing some of the trouble isaddon.dll using hijackthis in safe mode, but the flamin file keeps coming back, so I cant be getting all of it.

I have a flashing yellow "!" and "Security Alert" in the task bar, telling me my computer is infected and that i need to buy this and that to fix it.

I am also getting radom web pages opening up advertising poker and porn, when Im not even surfing the net.

My Internet Explorer Home Page has been hijacked by: //www.sysnetsecurity.net/
Please if anyone can help me through the HijackThis log below, it would be most appreciated.

Thanks
RTD

Logfile of HijackThis v1.99.1
Scan saved at 10:03:18 PM, on 15/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\syste... Read more

Answer:Malware - Protection Bar, Security Centre, Antivirus Gold

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you.

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijackthis log, in this thread, so I can help you with your Malware Problems.

If you have resolved this issue please let us know.

3 more replies
Relevance 61.09%

Hi AllI am yet again asking for help to remove spyware from his system, this computer was infected 4 - 5 weeks ago and with you help i manged to remove all traces. However, my freinds brother is a Porn monster, anything that stats free porn is clicked on i imagine!! After the last infection, i have installed spyware blaster, super anitspyware and trend internet security and still it gets in!!!Please find below hijackthis logs, you help is appreciated.JasonLogfile of Trend Micro HijackThis v2.0.2Scan saved at 09:07:23, on 08/11/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Common Files\Sitecom Shared\PnP Universal Installer\DevNotifySvc.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\... Read more

Answer:Internet Security Alert And Privacy Protection Malware

Welcome to the BleepingComputer HijackThis Logs and Analysis forum maxHyper My name is Richie and i'll be helping you to fix your problems.Your version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest version of Java Runtime Environment (JRE)2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 3'.3. Click the "Download" button to the right.4. Check the box that says: "Accept License Agreement".5. The page will refresh.6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.7. Close any programs you may have running - especially your web browser.8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.10. Click the Change/Remove button.11. Repeat as many times as necessary to remove each Java version.12. Reboot your computer once all Java components are removed.13. Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.Download SDFix.exe and save it to your desktop:http://downloads.andymanchesta.com/RemovalTools/SDFix.exe* Double click on SDFix on your desktop,and install the fix to C:\ Please then reboot your computer into Safe Mode by doing the following:* Rest... Read more

17 more replies
Relevance 61.09%

Hi,Repeated popups and warnings led to a Google search on the Subject above and finding this forum.I initially attempted a "Restore Point" rollback but that would not complete successfully.I then completed the following -- Uninstall "XP Anti-Virus"- Ran SmitfraudFix- Ran SDFix- Ran ComboFix- Installed and Ran HijackThis(Attempted a "Fix Checked" without success of "O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - C:\WINDOWS\system32\awtuvULB.dll")- Installed and Ran SUPERAntiSpyware(found 0 errors or problems in any category)HijackThis still displays "O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - C:\WINDOWS\system32\awtuvULB.dll" which concerns me so I am posting so the guru's can check out the logs....As a newby to the forum I appreciate any help/advice :^) Thanks.Deckard's System Scanner v20071014.68Run by administrator on 2008-04-18 16:18:31Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --96: 2008-04-18 23:18:37 UTC - RP324 - Deckard's System Scanner Restore Point95: 2008-04-18 22:49:23 UTC - RP323 - Installed SUPERAntiSpyware Free Edition94: 2008-04-18 21:40:02 UTC - RP322 - Restore Operation93: 2008-04-18 21:27:20 UTC - RP321 - Restor... Read more

Answer:Removal Of Xp Anti-virus, Privacy Protector, Error Cleaner And Spyware&malware Protection

Hello there and welcome to Bleeping Computer's security forum.My name is David, I will be helping you with your log today.It is a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available. It is important that you complete the instructions in the right order, and that you don't miss out any steps.Please set your system to show all files. Click Start, open My Computer, select the Tools menu and click Folder Options.Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.Uncheck: Hide file extensions for known file typesUncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - C:\WINDOWS\system32\awtuvULB.dllO20 - Winlogon Notify: awtuvULB - C:\WINDOWS\SYSTEM32\awtuvULB.dllO21 - SSODL: DriveSys - {7dc6ff88-ddc9-4b18-a143-ef3f8f110be0} - C:\WINDOWS\Resources\DriveSys.dll (file missing)O21 - SSODL: SysBoot - {fd5ffa08-e23f-467f-867a-8a5770344bc3} - C:\WINDOWS\Resources\SysBoot.dll (file missing)Click on Fix Checked when finished and exit HijackThis.Make sure your Internet Explorer is closed when you click Fix Checked!Open hijackthis, click 'conf... Read more

1 more replies
Relevance 60.68%

we only do WSUS Security updates at work, and I need to MANUALLY download the update to MS Malware Protection Engine to get to version 1.1.10701.0. everything I find says windows update - can't do it.  I need a URL to go to that has the definition
to download, every URL I find only has information regarding it. I need a URL to download the update. Any help would be appreciated.

Answer:need to download MS Malware Protection Engine / we use Security updates only in WSUS

Hi,
Like below article description, the Microsoft Malware Protection Engine is running in these products:

Microsoft Forefront Client Security Microsoft Forefront Endpoint Protection 2010 Microsoft Forefront Security for SharePoint Service Pack 3 Microsoft System Center 2012 Endpoint Protection Microsoft System Center 2012 Endpoint Protection Service Pack 1 Microsoft Malicious Software Removal ToolMicrosoft Security Essentials Microsoft Security Essentials Prerelease Windows Defender for Windows 8 Windows Defender for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2
Windows Defender Offline Windows Intune Endpoint Protection
Thus you only could update it via these products as its description. This article provides information about how to update the Malware Protection Engine. Please read it as reference:
http://support.microsoft.com/kb/2510781/en-usKaren Hu
TechNet Community Support

2 more replies
Relevance 59.04%

When I try to run the Sysinfo, the message is MacFile opener can't be opened.
I have a Mac mini, late 2009, OSX El Capitan, version 10.11.6
I had MacKeeper security software for years.
2 weeks ago I allowed them to remotely reconnect the MacKeeper and run a cleanup to regain memory space.
They called the service MacKeeper Remote Assistance.
Now my computer password does not work, I can't access I cloud and I can't open system preferences.
I believe my computer has been compromised.
MacKeeper is owned by Kromtech.
I have no transportation to take my computer to be checked out.
Does anyone have an idea what I can do to get rid of this.
I would appreciate any suggestion
 

More replies
Relevance 59.04%

I have a custom built computer about 6 years old. I have Windows XP Home. I use AVG Anti-Virus free version 7.5 and SpyBot.

I am a personal property appraiser and after not having used my computer for about five months because of open heart surgery I am getting back to work. Recently started working on an appraisal that visited several foreign (Japan, China, Germany) sites.

During the past week I noticed that when searching on google and get zillions of hits on a subject I would click on the hit and at the connection find that it had nothing to do with what I was looking for...often a listing of services, clicking back sometimes took me to the desired site but often instead of being misdirected nothing happened until I got the message "not responding" and "ending now" took me out of Google and I'd have to start the search all over.
I finally noticed that the blue title bar at the top of the page said "jump...." and then would quickly flash off so I started searching google for "jump redirected internet searches and hence found your site.

I have read your instructions and have downloaded the program that scans my computer and prints out a log. I have saved it and will paste it below.

AVG has not detected this virus. Spy Bot (after loading updates that were neglected when I was sick) discovered a trojan...can't remember the name right now...and it was deleted. It wasn't the problem because I'm still having the same pro... Read more

More replies
Relevance 58.63%

QUOTE(ewu @ Oct 14 2010, 05:25 PM) I am running XP and it seems to function well with the exception of multiple mshta.exe incidences. I fell victim to the security essentials trojan but Avast was able to catch it before my system was substantially compromised. It seems like most items have been removed aside from the mshta.exe issue.Exactly every hour, Avast alerts to mshta.exe accessing a location and blocks it. When I check the task manager it sometimes comes up many times. I have taken to ending mshta.exe whenever I see it.I have run quick and full scans with Avast, Malwarebytes, SuperAntiSpyware, and Spybot. I booted up into safe mode and ran quick scans with all four. I also ran a boot-time scan with Avast. All these scans have come up with no infected files.I also downloaded and ran panda anti-rootkit both regularly and in safe mode.Please advise as to how I can resolve this issue.Thanksas per boopme instructed:DDS (Ver_10-10-10.03) - NTFSx86 Run by Eric at 10:11:55.64 on Fri 10/15/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_19Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.782 [GMT -7:00]AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.ex... Read more

Answer:driver/service protection of malware - mshta.exe and "Microsoft Security Essentials Alert" attack

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The ... Read more

14 more replies
Relevance 58.22%

this seems to be just like AVP 2009 mess that I removed a while back (pop ups bogus warnings, etc) with the exception of this one actually hides the desktop icons also....

DDS LOG:
DDS (Ver_09-09-29.01) - NTFSx86
Run by Sharon my Love at 20:56:23.85 on Thu 10/01/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.358 [GMT -4:00]

AV: Verizon Internet Security Suite Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Verizon Internet Security Suite Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon\Verizon Internet Security Suite\rps.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsy... Read more

Answer:security tool malware removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

2 more replies
Relevance 58.22%

I needed to amend the instructions written by Grinler for removing total security which is a virus/malware in order to get it to work. The link to the instructions: http://www.bleepingcomputer.com/virus-remo...-total-securityTotal Security has gotten smarter and now won't allow most processes or applications to run. Nothing I tried at first would allow me to end the Total Security process. Total Security shut down anything I tried to run... like hijackthis, malwarebytes, spybot, adware etc....I surmized, that total security will not allow you to run any exe programs other than a few it knows about.My solution was to rename the ProcessExplorer file..... Procexp.exe to iexplore.exe. (Download process explorer from Microsoft on a different computer if you have to.).... renaming to other file names like explorer.exe may work too.After doing that I was able to end the process and proceed with process.I think Grinler has edited his instructions so everything is good.Thanks to Grinler for posting the instructions. Good LuckHarold

More replies
Relevance 58.22%

I have noticed that I've been having popup ads lately, which is very strange since I've had popup blockers for a very long time. I keep my antivirus programs (mostly) up to date, and I rarely go on 'bad' sites. However, today when I restarted my computer, I had the "Security Tool" program pop up and give me a list of fake viruses that it wanted me to delete. I didn't delete them; instead, I opened my Killbox program and deleted two of the Security Tool files, but it would not let me delete the main folder for them. I opted to do the "delete on restart" method, which took out the main folder.

However, I've been trying to run the suggested "Malwarebytes Anti-Malware" scan to make sure the Security Tools is gone for good, but I absolutely cannot seem to run it. Every time I try to install/run the program, I get an error message or the program will start and stop itself. Eventually, it will be unable to find the mbam.exe file that is needed to run the program. I've tried to do all the suggested methods to make the program work that were listed on different forums from google.

I am still getting popup ads. I am unsure if this was the only problem my computer is having. To be safe, I have run a Hijack This, DDS, and RootRepeal scan on my computer. I do have Killbox, so I can manually delete anything that isn't safe (if it lets me delete it). Any help would be greatly appreciated!

If I read the "How To Post" thread correctly, I'll post... Read more

Answer:"Security Tool" Malware Removal

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

2 more replies
Relevance 58.22%

Help! To remove AV Security Suite Malware. I tried booting in the Safe Mode and unchecking proxy server, then running rkill.com, and then running Malwarebytes to remove AV Security Suite Malware. All efforts have been unsuccessful.DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Robert DeAngelis at 10:01:57.89 on Fri 10/01/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.673 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exesvchost.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\explorer.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Robert DeAngelis\My Documents\Downloads\dds.scr============== Pseudo HJT Report ===============uLocal Page = \blank.htmuWindow Title = Windows Internet ExploreruDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8mSearch Bar = hxxp://www.wtywsdclgucnkkrhwzcxvhf.com/4tJGAN... Read more

Answer:AV Security Suite Malware Removal

Hello BobDeaWelcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it. When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================Please download Rootkit Unhooker and save it to your desktop.Double-click RKUnhookerLE.exe to run it.Click the Report tab, then click ScanCheck Drivers, Stealth Code, Files, and Code HooksUncheck the rest, then click OKWhen prompted to Select Disks for Scan, make sure C:\ is checked and click OKWait till the scanner has finished then go File > Save ReportSave the report somewhere you can find it, typically your desktop. Click ... Read more

1 more replies
Relevance 58.22%

I read many of the other posts regarding how to remove the Security.Hijack malware. I ran Malwarebytes anti-malware and got 2 warnings about the Security.Hijack i asked Malwarebytes to remove them and i restarted the system but didnt actually remove anything so now i'm here asking for some help to how i can remove the 2 warnings in my system.

I followed another ''guide'' that was made within this forum but i kind off got lost in the rain
 

Answer:Removal of Security.Hijack Malware

It looks like you started to do the following, but didn't finish. So finish these instructions and attach the requested logs.

READ & RUN ME FIRST. Malware Removal Guide
 

3 more replies
Relevance 58.22%

The computer is infected with Win 7 Security 2011. I ran House Call last night, it found ten objects but wouldn't remove them. It chose ignore, and wouldn't allow me to quarantine them. I ran a quick scan, and found nothing. The complete scan took 4+ hours, and came up with the ten objects.

MalwareBytes will not load up, and HJT will not create a log file. When I ran the suggested program..., it came up with a "sample hosts file", and there were no lines mentioning HJT. The output is below:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

I ran TFC, OTL, DDS, and TSG SysInfo.

SysInfo output:
Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows 7 Home Premium , 64 bit
Processor: AMD Athlon(tm) II P320 Dual-Core Processor, AMD64 ... Read more

Answer:Win 7 Security 2011 malware removal help please

7 more replies
Relevance 58.22%

My sypmtoms began as "AntiVirus Studio 2010" fake spyware removal software and "Security Shield"

I thought using Malwarebytes Anti-Malware I had removed the problem. Unfortunately, there have still been issues.

The current issues are intermittent.

Blue Screen (iastor.sys)
Pop-Ups for Viagra, Porn Removal, Free giftcards, etc. (I have not had a pop-up since trying to pay more attention)
Often very slow (sometimes just before blue screen)

GMER text is attached.

Please note that the DDS did not run.

?   ?? ? @ ? ? ? ?!?L?!This program cannot be run in DOS mode. (This is followed with pages of characters)

Please help me with this malware and instruct me how to properly run the DDS software.

OK, since I already attempted removal before finding this forum, here are copies of MalwareBytes Anti-Malware logs.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/22/2010 8:14:25 AM
mbam-log-2010-12-22 (08-14-25).txt

Scan type: Quick scan
Objects scanned: 159223
Time elapsed: 10 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys ... Read more

Answer:Malware Removal - Security Shield?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting... Read more

2 more replies
Relevance 58.22%

Malware has attacked my computer and gives that red shield in the bottom that says something like "You have a security alert!" and makes many pop ups and takes over internet. I deleted ~tmpa.exe and ~tmpd.exe. But it comes back when I reboot. Log below.You help is greatly appreciated. I am sure if I delete the correct things, I can lick this.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:25:06 PM, on 1/15/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\SYSTEM32\taskeng.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exeC:\Windows\system32\ctfmon.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exeC:\Program Files\Tr... Read more

Answer:Malware removal Help - Security alert!

Hi, allingtonj Welcome. Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**Please, never rename Combofix unless instructed.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.... Read more

2 more replies
Relevance 57.4%

Hi,

Thanks in advance for any help. I will do my best to provide all the necessary info. Last week, I got the Outerinfo and Internet Speed Monitor infections. I used online tutorials to remove these items using ComboFix and AVG Anti-Spyware, etc. Yesterday I got Security Toolbar 7.1 infection that causes pop-ups (with the little yellow triangle) and slows the system down, and I cannot seem to remove it. I ran the ATF cleaner and created a system restore point. I ran an updated version of AVG Anti-Spyware (but I cannot find the log). I tried to run Super Anti-Spyware but got an install error. I ran Panda Active Scan. I have updated the security patch for XP. I still have this infection.

Here are the logs I can provide:

First is Panda scan log:'
Incident Status Location

Adware:adware/searchaid Not disinfected c:\windows\winshow.exe
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d37f2pwb.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d37f2pwb.default\cookies.txt[hc2.humanclick.com/hc/51325817]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\James\Cookies\[email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\James\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\James\Co... Read more

Answer:Solved: Malware Security Toolbar 7.1 Removal

10 more replies
Relevance 57.4%

Hello,I'm Jon, and I have an infected PC, yadda yadda yadda. Please forgive me, but I am not as spyware savvy as many of you are, I'm sure. My computer just started getting a small white X in a circle in the tray, and a pop up window down there saying: Warning! Security Report. Your Computer is infected! It is recommended to start spyware cleaner tool. When I right click on it, it sends me to an antivirus page, and then does tab afetr tab of crap. I also am getting warnings on my normal browser pages as well, now. I am not clicking on any of them, of course, because it appears to be malware? I run a Windows XP OS. I am not sure if it is NT or not. I am in an office with six different computers on our network. It is wireless internet, with a server running cables to all of our computers. I use Internet Explorer, maybe version 7? I am not the most tech savvy out there, so forgive me if I am being too vague. I have Ad-Aware, Spy-Bot, and I believe we are running Symantec Antivirus, but I think I only have Endpoint protection. Perhaps it is installed on our server, then distributed in our small network? I also noticed that my task manager will not work, and my background photo has been disable on my desktop? Can anyone help me remove this nasty thing?Thanks for any help-Jon(Moderator edit and note: thread moved to more appropriate forum. jgw)

Answer:warning security report! malware removal??

G'day, Jon,Can you please Post into this Area and be Patient, we are having a very busy time just now?http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/Someone will come there to Help you out.

4 more replies
Relevance 57.4%

hello fellow tech heads

i've had a day from hell trying to remove the above trojan. none of the things found on the net worked for me like booting into safe mode as the virus was still active and stopping things. blocking task manager so i took things into my own hands and downloaded rkill which was the only thing that i could acctually load in safemode, killed it ran malwarebytes got rid of it well i taught i did but then when i booted into windows my programs are still missing from the start menu, malwarebytes i just installed was not there so reinstalled it and still was not lising in my programs

win update thinks its turned off when its on

accidentally turned hidden files on and found some of my movies and files which are marked as hidden OMG what the.........

so i can use my computer as per normal now and for internet i have to go through windows explorer but i am still infected and not sure how to fix it now as i cannot remove avg as its saying that its missing some reg file and therefore cannot run combofix

help pls :)

Answer:xp security 2011/ malware removal tool

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Who instructed you to run ComboFix?

As you should have read here in Step 2 of our NEW INSTRUCTIONS thread:

Why we don't ask you to run ComboFix from the onset

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

------------------------------------------------------

We first need to verify if there are any rootkits present and how they could affect our tools.

DDS & GMER are preliminary scans. We use their logs to map our strategy for attack.

With these logs we can determine the infections present and decide whether to deploy ComboFix.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. Please follow our pre-posting process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one ... Read more

19 more replies
Relevance 57.4%

sir, Two computers(winXP-pro-sp3) in my office have infected with virus/malwares but of different nature. In First machine, Avira free was installed. Same machine had to be reformatted(only C-drive out of three partitions, C, D & E) a week ago after a virus removal exercise with Mcafee AV, which resulted vanishing of Desktop & start menu. Probably fresh virus infection occured due to non-formatting of other two partitions containing lot of data( mainly .doc, .pdf, .jpg, .htm & .txt). This time I tried to clean the machine with a updated Nod32(installation folder copied from another machine) kept in a flash drive. cleaning was done in safe mode when some 2000+ virus was removed by Nod32 including some conficker,autoit viruses. Before reaching safe mode, I tried TaskMgr, Msconfig, regedit & windows search, all of which were disabled. However, it was possible to view hidden files & file extentions, inluding system files. But after reboot, viruses not removed, took control of machine & reaching safe mode was blocked. One thing i noted is infection of svchost.exe & explorer.exe. First one was operated from a folder(2537452) within system32, second one was associated with a file "regsvr.exe"I read your article for removal of security tool & accordingly downloaded rkill.com, kept in desktop & wanted to run but every time virus terminated the application before starting. I could install a current version of malwarebytes' Antim... Read more

More replies
Relevance 57.4%

Hi

I'm trying to remove this malware from my laptop computer but all instructions that I've read indicate to download removal spyware...but my browser won't start up! I tried burning the indicated software to a CD and then loading to the infected computer but still no luck...

Any ideas?!

Thanks!

More replies
Relevance 57.4%

I have followed the suggested guide to removal the malware 'Security Tool' (Remove Security Tool and SecurityTool (Uninstall Guide)). However when I try to run the rkill file the virus shuts it down before it has a chance to act.I have tried not clicking on the pop up boxes however this does not work.I have been able to download the malwarebytes set-up however the malware is blocking me from running the program.Is there any other way I can either run the rkill program or allow the malwarebytes to open and install?(I am using a new samsung r519 laptop running windows 7. It is a week old so has no unusual software or hardware)Any help would be really appreciatedEdit: Moved topic from AntiVirus, Firewall and Privacy Products and Protection Methods to the more appropriate forum. ~ AnimalAllen

Answer:Failed Removal of 'Security Tool' Malware

Thanks Animal..Run FixExe.regFixExe.reg ....click Run when the box opensIf you get an alert that Rkill is "infected", ignore it. The alert is just a fake warning given by the rogue software which tries to terminate programs that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine. Or try running SAS first after Rkill.Download and scan with SUPERAntiSpyware Free for Home UsersDouble-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the Scanning Control tab.Under Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the... Read more

1 more replies
Relevance 57.4%

Hello,I'm out of tricks to get rid of this nasty rookit infection I have. It started this past saturday 12/17 with the XP security 2012 malware. I followed instructions online and removed it (various reg edits and running MBAM etc). It had corrupted my rundll32.exe file, which I restored from my XP disk (you will see a reference to the "old" copy I made be overwriting in the DDS log). After that my applications all worked again and my computer seemed fully functional but then I realized the virus also has a rootkit attached to it that causes google redirects in Firefox. I ran TDSSkiller and it found something and cleaned it the first time. Since then it has re-surfaced many times. MBAM found something once or twice upon resurfacing, but hasn't found anything the past few scans. TDSSKiller doesn't find aynthing anymore. SuperAntiSpyware doesn't find anything. I decided to run Mcaffee anti virus, and it said it found 3 files with Downloader-BMN.gen.g(Trojan) .. This was exciting, I hoped that would be it. But alas firefox googles still redirect. I haven't done any more scans and thought its time to call in the pros. Also forgot to mention I've run defogger and disabled my CD emulators, and ran CC Cleaner multiple times and deleted all my history and temp files etc. I have NOT run comboFix yet .. Here is the DDS log:.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30Run by Bill at 21:11:18 on 2011-1... Read more

Answer:rookit won't go away after XP security 2012 malware removal

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

18 more replies
Relevance 57.4%

Hi! I'm running windows 7 and I have the same problem as this guy has:

http://forums.techguy.org/virus-other-malware-removal/983966-wpn-exe-file-posing-vista.html

It's malware masquerading as some kind of anti virus software that jumps up and starts doing a false scan and then tries to make me buy it. It pops up whenever I open an IE/Chrome window and attempts to hijack my browsing. I think it's also somehow hijack spybot search and destroy because I can't get that to scan at the moment. Nor can I get hijack this to produce a log (it just produces a blank notepad file and then 'vista home security' pops up and starts scanning again).

I can only use IE/Chrome when I terminate the process in the task manager (bal.exe - description is 'steam'.)

Being that it has pretty much crippled every possible form of defence my computer has I really would appreciate some help getting rid of this awful thing!

Thank you!
 

Answer:Vista Home Security malware removal

9 more replies
Relevance 57.4%

Hi,

My computer got infected with the koobface several weeks ago. I posted in the 'Am I infected? What do I do?' section and the Hijackthis logs section and we have used malwarebytes to remove the infected files, restored windows to the last known good configuration and used the XP system restore feature and updated security.

Unfortunately none of this has worked. After using the internet (through both IE and Firefox) for around 5 mins the window freezes so I have to close it down. My computer then blue screens and I receive the ***STOP: 0x0000000A message. After logging back on I receive the following message 'loading model error. load default model?'. If I log off before internet freezes I get this message 'the instruction at 0x000f2fc0 referenced memory at 0x000f2f0. The memory could not be written. Click ok to terminate the program. Click cancel to debug the program'.

The last time my computer blue screened I received an error report after logging back on. I thought the info could be of help. Please find all of the details below:

Error Report Contents
The following files will be included in the report
C:\DOCUME~1\JAIME-~1\LOCALS~1\Temp\WERc30b.dir00\Mini100409-01.dmp
C:\DOCUME~1\JAIME-~1\LOCALS~1\Temp\WERc30b.dir00\sysdata.xm

Error signature
BCCode : 1000000a BCP1 : 0000BA33 BCP2 : 00000002 BCP3 : 00000001
BCP4 : 806E4A8E OSVer : 5_1_2600 SP : 2_0 Product : 256_1 l

I've had the problem for a couple of months now and I'm keen to get it fixed asap. Pl... Read more

Answer:Still getting BSOD after malware removal [moved from security]

'C:\DOCUME~1\JAIME-~1\LOCALS~1\Temp\WERc30b.dir00\Mini100409-01.dmp'

It made a minidump, so look for them and zip up the latest 4 and attach them.

7 more replies
Relevance 56.99%

i cant even get Hijack this to work as soon as i run it it disappears so i cant even post that here to show whats going on with my computer.. im using windows XP... i keep getting redirected when i try to search on yahoo or google... using mozilla firefox. ive also tried to run in safe mode but i keep getting a blue error screen and cant move past that.

Answer:advanced virus removal / security tools malware?

Let's see if we can get a scan to workIf this works, go ahead and repost in the HJT forum. If not, post back hereRun this application and then immediately run your scanPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer or you will have to run it again

8 more replies
Relevance 56.99%

Sirs,
My desktop was recently infected with a malware security shield.After doing some google search I used first stopzilla avm 2113 .But since It wanted a registraion for repair scanning threats that I could not afford,I uninstalled it and then of my own I ran combo-fix.After that there seems to be no problem with my system that is windows7/32bit.however I donot understand the contents of its log report and need help from a suitable helper.the log report is enclosed.
moreover I want to know how should I protect my computer from subsequent threats as I cannot afford a fully paid anti virus.
thanks
vkwd7

More replies
Relevance 56.99%

I have a malware infection I can't figure out how to fix. It started with a fake Windows Security Center scan warning, which I did not allow to run and then I notice several instances of ooj.exe running in my task manager. It has blocked me from opening almost any program/.exe. Windows just asks me to select a program to open the file. I can't run mbam or Super AntiSpyware. I have tried running FixExe.reg from a USB drive, it seemed to help initially, but no longer does.

I followed your general instructions. I could not run the defogger or gmer.exe (it just hung when trying to run). I did run the DDS (log pasted below and attach log is attached).

Any help would be greatly appreciated. Thanks!

.
DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Run by Administrator at 15:42:08 on 2011-07-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.969 [GMT -6:00]
.
AV: AVG Internet Security *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TEMP\hki183.exe
C:\Documents and Settings\All Users\Application Data\gj8Be6Sx.exe
C:\WI... Read more

Answer:Help wiht Malware Removal - ooj.exe, Wndws Security Cntr

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on http://www.bleepingcomputer.com/logreply/412109 and follow the instructions there. If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following inf... Read more

34 more replies
Relevance 56.99%

Hey Guys,
 
I Follow the 

CryptoLocker Ransomware Information Guide and FAQ
http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#decrypt
and set the security policies to avoid CryptoLocker attack my computer which are these 
 
Block CryptoLocker executable in %AppData%

Path: %AppData%\*.exe Security Level: DisallowedDescription: Don't allow executables to run from %AppData%.

Block CryptoLocker executable in %LocalAppData%

Path if using Windows XP: %UserProfile%\Local Settings\*.exePath if using Windows Vista/7/8: %LocalAppData%\*.exeSecurity Level: DisallowedDescription: Don't allow executables to run from %AppData%.

Block Zbot executable in %AppData%

Path: %AppData%\*\*.exe Security Level: DisallowedDescription: Don't allow executables to run from immediate subfolders of %AppData%.

Block Zbot executable in %LocalAppData%

Path if using Windows XP: %UserProfile%\Local Settings\*\*.exePath if using Windows Vista/7/8: %LocalAppData%\*\*.exeSecurity Level: DisallowedDescription: Don't allow executables to run from immediate subfolders of %AppData%.

Block executables run from archive attachments opened with WinRAR:

Path if using Windows XP: %UserProfile%\Local Settings\Temp\Rar*\*.exePath if using Windows Vista/7/8: %LocalAppData%\Temp\Rar*\*.exe
Security Level: DisallowedDescription: Block executables run from archive atta... Read more

Answer:Security Policies doubts after Malware Removal Tools

Instead of playing with the Local Group Policy Editor manually to set these GPOs, you should just download and use the free version of CryptoPrevent that will do everything for you and also offers you various options when it comes to the "thightness" of the settings.https://www.foolishit.com/vb6-projects/cryptoprevent/This tool was created following Lawrence Abram's instructions you just followed, plus some custom made rules, so you'll be good if you use it.

1 more replies
Relevance 56.99%

The malwarebytes antivirus did not remove the winweb pop up security alert. When I run the scan it does not detect any malicious items. The only malware quarantined was from the vendor Adware.Zango. The item is very long. I would cut and paste it here but can't seem to do that. It starts with HKEY_CURRENT_USER. This was the only one found in the registry of malware antivirus. There are many other items in the winweb security alert like trojans and others. should I write these down in the postings? The pop up Lsas.keylogger keeps coming up too.I did switch to firefox. Before winweb was on my screen I used Internet explorer. I'm not sure if the browser matters. I've used firefox eversince winweb has been popping up. Also, I could not run kapernsky's free scan for some reason. I did download the new runtime JAva but I still couldn't get a scan.I will cut and paste the reports from RSITLogfile of random's system information tool 1.04 (written by random/random)Run by sam pratt at 2008-12-03 10:43:54Microsoft Windows XP Home Edition Service Pack 3System drive C: has 258 MB (3%) free of 8 GBTotal RAM: 254 MB (27% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:44:46 AM, on 12/3/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS&... Read more

Answer:Malware removal request( winweb security alert)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable ... Read more

3 more replies
Relevance 56.99%

I hope I am finally in the right forum. Please, please help.Mod Edit: Topic in XP forum, http://www.bleepingcomputer.com/forums/topic433359.html/page__gopid__2516139 .Following pinned instructions for 2012..Security..XP, I was able to remove a number of Trojans with Malwarebytes, restored the firewall, reran Avast, and thought all was OK. And it seemed to be for a couple days.... Then Avast informed me it couldn't protect for firewall/email. Removed a few more trojans with malwarebytes, but could not get the firewall back up. Another forum has directed me here, explaining that I probably have resident malware.At this time, my computer is hung on the "windows is shutting down" window (I was trying to restart.) Before that, I had physically unplugged from the internet. A lot of services were running huge I/O and Other while I had nothing up but the CPU usage screen. InCDsvc and lsass were the most active. Oddly, I got a message the last couple reboots, that InCD could not be started.The scary thing for me (other than that the screen hangs there) is that all these processes were running very actively, but none were identified with a user - usually, it specifies network, local, Irena - like a ghost in the machine. It got quiet when I stopped the InCD, and very quiet after I pulled the Internet plug.The message was: Windows cannot start the Firewall/Internet Connection Sharing (ICS) service. I didn't go online after that. Now it's just a hung "shutting ... Read more

More replies
Relevance 56.99%

Hi All and Brian
 
I have moved my issue to the correct spot as requested.
 
All of a sudden I had Antivirus Security Pro flash up and tell me a had a whole heap of virus' and that people on the net could see me via my camera (my camera light was consistently on).  I suspect I got this from a dodgy site I visited (which obviously Microsoft essential did not pick up)
 
I following the instructions from this site http://www.bleepingcomputer.com/virus-removal/remove-antivirus-security-pro which appear to have removed most of it but I still have the following issues.
 
No matter what I download the virus windows comes up and deletes the file and secondly
And I could not find Microsoft Security essentials to uninstall. 
 
I have tried a Microsoft programme to try and remove/rectify  Microsoft Sec Essentials but it seem to still be there because I cannot install any new anti virus program (I have tried reinstalling MSE and even Trend but to no avail)
When I try and install MSE I keep on getting the 0x80070643 error
 
I have been contemplating doing a complete reformat??
 
 

Answer:Cannot remove Microsoft Security Essentials after malware removal

You are probably infectec with ZeroAccess rootkit.Open your topic here --> http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/Follow this guide --> http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

2 more replies
Relevance 56.99%

I followed the Malware removal guide top to bottom, and it successfully removed the problem I had - which was that Google searches were returning false results

Thank you!

After completing the procedure I now get error alerts on my existing Security software:

1. Norton Internet Security 2009 -
a Risks in compressed file "dc1.exe"
b Risks in compressed file "Combofix.exe"

2. Spyware Doctor -
Application.NirCmd (22 infections)

Do you know if these are false alarms related to the Malware removal process?

Should I ignore these alarms, or let the software apply a fix?

Can I now safely toggle System Restore?
 

Answer:Security threats reported after completing Malware removal

I can't see log files for Malwarebites AntiMalware or for SuperAntiSpyware

I did run the scans but I don't think they found any infections
 

5 more replies
Relevance 56.99%

Hi fellow techs

Just got d above virus and Wat a mission it was to get rid of it

However it has left some damaging things behind like win updates thinks it's not turned on when it is!!!

As well as it's made some ordinary files like movies to be marked as hidden files

And all programs is not listing a thing but they are all still present!!!!

What the&hellip;&hellip;

Can anybody help

I will try restoring to a week ago soon to see if that works

Answer:Xp security 2011 / malware removal tool virus

You are still infected. We cannot help you here with Malware removal as per forum rules. Please head over to Virus/Trojan/Spyware Help and post there for more help
NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

1 more replies
Relevance 56.99%

Hello,

I seem to have the same issue as the poster below - except that I'm runnin Windows Vista. I can't seem to be able to download any program - even in safe mode - as the malware starts popping up it's own security windows. I would greatly appreciate any help.

http://forums.techguy.org/virus-oth...5697-vista-home-security-malware-removal.html

Thanks
 

Answer:Vista Home Security 2011 Malware removal

I was really hoping that someone can help on this. It's been 2 days since my original post; so I thought I would bump it up. Any help would be greatly appreciated. Thank you.
 

1 more replies
Relevance 56.99%

On internet i have seen several times the advice to change the name by which a particular malware removal program is known since some malware recognizes the files
or the ---.exe and then prevents its installation onto an infected computer or its execution, even if the program was installed on the computer before the infection took place.
This was advised for TDSSKiller (tdss.exe should be renamed to e.g. whatever.com)
Malwarebytes AntiMalware should be renamed before using it on an infected computer.
See e.g.
How To Easily Remove Google Redirect Virus
http://www.usenetmessages.com/view.p...&id=476887&p=C

Can anyone say anything about this? And should this also be done routinely with other malware removal programs? If that would really be necessary/advisable then why wouldn't the providers give you the choice of renaming by asking if you want to, or simply give you no choice but rename their product? Probably not many people would ever think of doing it themselves.

Answer:Should malware removal programs be renamed for security reasons?

I'm perhaps being rather cynical, but I'm very suspicious of articles that have a link to a 'registry cleaner' or any other so-called utility that claims to clean or speed up your computer.

I'm of the opinion that some of these can easily corrupt your registry or your system.

Microsoft Security Essentials along with Malwarebytes and ignoring suspicious web pages or links has kept my computer free of viruses so far.

As for renaming Malwarebytes, I certainly wouldn't do it. If the door is already open, the undesirable alien is already in and only its removal will suffice.

The door needs to be locked, not just have its name changed.

6 more replies
Relevance 56.99%

Hi All
I don't know where to put this request, it kind of crosses over different topics.
I had that Antivirus security pro virus which has now been removed following the method from this site (many thanks for that, it has been a huge relief), however I still get the .exe file errors and deletion when I try and download something and I cannot remove or reinstall Microsoft security essentials.  I have re run the malware program several times now and says everything is clean??
I have window 7 64bit if that helps
Cheers
DAvid

Answer:Cannot remove Microsoft Security Essentials after malware removal

G'day David, fellow aussie here.....
 
I would just about bet money that your PC is still infected mate . In fact i would probably bet the farm on it !
 
Ok...(on a more serious note)....Post a new Topic here :: http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
 
Describe what led you to know that you were infected....and what steps you have taken since.
 
Kind Regards,
 
Brian

1 more replies
Relevance 56.99%

HI
could you please help me in solving my system problem.

when i start the computer it says the following message

The path'c:\WINDOWS\o4251227.exe' does not exist or is not a directory.

Windows cannot find "'C:\WINDOWS\o4251227.exe'".Make sure you typed the name correctly, and then try again. To search for a file, click the start button, and then click search

then when i click on the browsers it open very late.

Next is if i goto for google search and when i click the result it will open the websites like

'http://goldenmango.com/fine.cfm?pt=2&rpt=1&kt=1'
http://216.133.243.28/2.php?sid=677...LaW5nZG9tCUdC&objTimStr=0.22215900+1203094488
http://www.uncoverthenet.com/search/?q=fine'

unrelated links..

After going thru these website i have installed the Hijack This and the report is

Logfile of HijackThis v1.99.1
Scan saved at 10:08:41 PM, on 2/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\C... Read more

Answer:Solved: System is in a big trouble. security and malware removal

13 more replies
Relevance 55.76%

this was my original topic that describes my problems: http://www.bleepingcomputer.com/forums/t/260661/please-help-me-with-advanced-virus-removal-software-cannot-even-load-windows/ i was told at the end to post this log:Running from: H:\Documents\Win32kDiag.exeLog file at : C:\Documents and Settings\Administrator\Desktop\Win32kDiag.txtWARNING: Could not get backup privileges!Searching 'C:\WINDOWS'...Found mount point : C:\WINDOWS\$hf_mig$\KB890046\KB890046Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\addins\addinsMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP176.tmp\ZAP176.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP21D.tmp\ZAP21D.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP300.tmp\ZAP300.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\temp\tempMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\tmp\tmpMount point destination : \Device\__max++>\^Found mou... Read more

Answer:advanced virus removal/total security malware problem on my laptop

excuse me, i know you guys are busy, but it's been 3 days and i havent gotten a reply yet. i thought i read somewhere that topics that dont get activity after 3 days get locked or deleted, so was just wondering about that.

even if you may not answer my question immediately, a response would be appreciated.

4 more replies
Relevance 54.94%

Hi all, just saw this in the bottom right tray a red windows security alert, when I click it on it says Malware protection, windows did not find any anti-virus software. Although I do have super anti spyware loaded on this machine. I have attached a screen shot.

Any help would be appreciated.
 

Answer:Solved: Windows security center message "Malware protection not found"

16 more replies
Relevance 54.53%

hello, a friend has droped off a broken windows xp computer with me for repair. The followed http://www.bleepingcomputer.com/virus-remo...-security-suite this guide section 'automated removal section and now the PC bluescreen's on both normal and safemode. Looking for guidance as to what they might have broken. Thoughts? The BSOD is a stop c000021a - windows logon process system process terminated unexpectedly with a status of 0xc00000005 (0x00000000 0x00000000).

Answer:BSOD after following "automated removal instructions for security suite using malwarebytes anti-malware guide

Hi .The majority of references I see for this...are for Win 2K. XP users who have this error...don't really seem to get a resolution of any sort that I can see.From looking at the Win 2K references, I'd say that the registry is jumbled. A repair install effort would be worth a try...but I suspect that a clean install will be the ultimate resolution.Some Google Links.Louis

1 more replies
Relevance 54.12%

Hi. I cant get rid of these. I've done the READ & RUN ME FIRST steps. I have attached AVG, BitDefender and Panda files. GetRunKey and ShowNew coming in next post.
 

Answer:help i have spyware & malware protection error cleaner and privacy protection

here are the other two files
 

9 more replies
Relevance 54.12%

A new variant of the ACCDFISA Protection Center ransomware has been released called Malware Protection. The malware developers target Windows servers and appear to hack them in order to install the software. Once the Malware Protection ransomware is installed, it will lock you out of computer and create password-protected RAR archives out of your data that you can no longer access unless you pay a $300 ransom.

When installed, the Malware Protection ransomware will scan your computer for all files using certain file extensions and will use the command line RAR program to turn them into a password protected RAR archive. These files will be renamed with the .aes extension and are supposed encrypted with the AES encryption. You will then be prompted to pay a ransom in order to get the decryption key to restore your files. The decryption key starts with aes987156 and then the password for the RAR files is appended to it. The decrypt.exe program will read through the list of encrypted files and extract them to the proper location using the RAR password. In the past version of this malware, there have been some cases reported that the decrypt process actually deleted the files, so once you have the RAR password it is suggested that you use a manual method restore the files. A manual method using a batch file can be found in the How to remove and decrypt the ACCDFISA Protection Program guide.

The files that this infection installs can be found in the following locations:


... Read more

Answer:New ACCDFISA Protection Center ransomware called Malware Protection

Hello,

Thanks for all the tips. We have had a number of clients affected with both variants. All these clients had kaspersky installed! Does anyone know the source of these infections? Is it via email/web/RDP or manual?

Thanks
Nihar

more replies
Relevance 53.3%

hi guys,iam dinesh .iam using a compaq pressario computer. i want know that how to install spybot s&d easily.and comodo firewall(without antivirus because iam using kaspersky antivirusso,no internet security).and i want to know that do i need to install all my sytem drivers(motherboard.....display drivers) before installing all protections to my pc.and tell me any other protection that i can do.one more thing that i use to format my hard disk frequently.so my hard disk failed to work so i replaced it.why it happened is that due to formatting.

Answer:complete protection softwares

hi guys ,

iam using p4 compaq pressarrio. 160GB satahdd, 1 GB ram and i currently have comodo internet security(firewall+antivirus),spybot s&d,superantispyware free edition.

And only comodo and spybot s&d (sd,teatimer) are running at background.and i use super antispyware only when i want scan for viruses.

i want to know that is avast is better than comodo antivirus.and iwant also install malwarebytes antimalware in my pc,is that worthy having enough protection.

and do spybot sd,teatimer need to be turned on forever,because firewall is already running then whats the need of spybot.

10 more replies
Relevance 53.3%

Hi everyone,
I would like to get my dad several layers of protection on his pc. He is currently running Norton and most likely using the basic windows firewall.
I am currently running all free versions on my computers but my Dad is 80 and I just don't think that he will go in and keep all of the different programs updated. Free versions would be great but I don't know if they offer scheduled scans and auto updating.
I need programs that will be VERY easy to use.
Any input would be great.
Thanks so much.

Answer:Looking For Complete Protection For My Dads Pc

Hi StephMc, to BleepingComputer Norton 360 is a great new progam from Symantec that includes all-in-one protection against Viruses, Spyware, and Hackers. It automatically removes spyware and threats as well as automatically updates. This would be great for your dad because it does everything automatically, you basically "set it and forget it". It is not free however.I can give you some free programs, but most of them will require some interaction from your dad. If you like I can list them, if not you can try Norton 360.Please let me know.

4 more replies
Relevance 52.89%

Hi guys,Simple question - I hope! I am a bit of a greenhorn with IT but please can you smarter people tell me if there is an ABSOLUTELY FREE software programme in existence that covers your PC for viruses,spyware,and all the other nasties.I have a basic HP laptop - runs Vista and currently have AVG installed (free version), but as other post have said - seems like that is coming to an end and it doesn't seem to want to allow me to up date it to the version 8 when I try - so might have to change at the end of May......but your general advice and suggestions would be very greatly appreciated as I am conscious to protect myself COMPLETELY and would welcome some pointers and how to dos! many thanks everyone.

Answer:Complete Laptop Protection freeware ???

If you cannot get AVG free to work then try avast which is also free. It isnt my personal preference however it does work well.Be sure to get spybot s&d and also spyware blaster to protect against spyware malware and adware rubbish.Finally get CCleaner to keep your PC clean of any things such as tracking cookies and other junk websites make you download.However AVG8.0 is totally free I had it installed however it caused me some issues so had to revert to 7.5 for now. If you want me to send you a copy of AVG 8 by email or MSN messenger hit the yellow envelope and drop me a message. I would be more than happy to send a copy.A

10 more replies
Relevance 52.89%

I currently run AVG, ZoneAlarm (free) and Spybot. Is there anything else that I need?N

Answer:Protecting my computer. Is my protection complete

Spywareblaster and mailwasher and adawareclick hereclick hereclick here

4 more replies
Relevance 52.89%

I currently run AVG, ZoneAlarm (free) and Spybot. Is there anything else that I need?N

Answer:Protecting my computer. Is my protection complete

Sorry for the extra posting. My computer dsid not appear to respond so I hit the post button again :-(

10 more replies
Relevance 52.89%

Hey everyone, I have been using Eset SS5 and my license runs out in a couple of days.

therefore it's that time again that I have to think do I stick with ESS or do I move to something else? I have heard fights over bitdefender total and kaspersky pure being the best I could get right now with no inclusion of Eset anywhere...

so what i'm asking is:
what should I use?

Answer:need to buy a new complete protection suite any recommendations?

Mse :d

9 more replies
Relevance 52.48%

  I am a bit unsure of difference between malware protection and anti-virus protection. I have Norton nis which is great for stopping Trojans. I have a company that works on my computer if I have a problem. They wanted me to put in a anti malware program. I have been having problems with computer lately, so I let them do this, could this cause a problem, because I know that you are not supposed to run 2 anti-virus programs?
          Anyone?

Answer:Difference between malware protection and virus protection

Anti-virus and anti-malware programs each perform different tasks as it relates to computer security and threat detection. Essentially, they look for and remove different types of malicious threats. In simplistic terms, an anti-virus program will focus on viruses, worms, Trojans, rootkis and bots while anti-malware programs generally tend to focus more on spyware, adware and PUPS (potentially unwanted programs)?. However, there can be some overlap in functionality and detection features depending on the program's scanning engine, how the vendor defines a specific threat and what Naming Standards are used. Some vendors also add a modifier or additional information after the name that further describes what type of malware it is.The Difference Between Antivirus and Anti-MalwareAntivirus and Antispyware Software: What's The Difference?What Is the Difference Between Antivirus & Antispyware?Use Anti-Virus and Anti-Spyware SoftwareTo fully understand the difference between Anti-virus and Anti-spyware (anti-malware) programs, you need to understand the difference between the various types of malware. Please read the Glossary of Malware Related Terms.

6 more replies
Relevance 51.25%

StartupList report, 6/18/2010, 12:17:38 PMStartupList version: 1.52.2Started from : C:\Program Files\hijackthis\Trend Micro\HiJackThis\HiJackThis.EXEDetected: Windows XP SP2 (WinNT 5.01.2600)Detected: Internet Explorer v8.00 (8.00.6001.18702)* Using default options==================================================Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\spnsrvnt.exeC:\Program Files\Reliance Netconnect - Broadband+\bin\MonServiceUDisk.exeC:\Program Files\Netbooster Client\Client\ventc.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\DAP\DAP.EXEC:\Program Files\Skype\Phone\Skype.exeC:\Program Files&#... Read more

Answer:System security AV pop up/removal of malware anf trojans from the logs/system slowed down

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.I would like to get a better look at your system, please do the following so I can get some more detailed logs.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appe... Read more

3 more replies
Relevance 50.43%

This is my first malware analysis and writeup... hope you enjoy!

Thanks to Billy69 for the sample.


Code:

Filename: 0ff1ceval1dKey00.exe
Approx. file size: 1.7 MB
MD5: 597029dcb2738c17be6d79814cdaf229
SHA-1: 4a99520e5e2070d02883cdba89ecf188b3b39add
VirusTotal: https://www.virustotal.com/en/file/b1221bb12788f188e4259305e1d37e91cac7ca2810d0211c45600a23697882bd/analysis/
HybridAnalysis: https://www.hybrid-analysis.com/sample/b1221bb12788f188e4259305e1d37e91cac7ca2810d0211c45600a23697882bd?environmentId=1
Analysis was performed in a Windows XP VirtualBox.
Host machine was Xubuntu 14.04 LTS.

Section 1: Dynamic Analysis
Upon execution, the malware drops some files to the user's AppData folder. Here are the interesting parts of the Regshot log:


Code:

Regshot 1.9.0 x86 Unicode
Comments: Filename is 0ff1ceval1dKey00.exe
Datetime: 2015/8/30 07:15:14 , 2015/8/30 07:17:31
Computer: XPLAB , XPLAB
Username: [REDACTED] , [REDACTED]

----------------------------------
Keys added
----------------------------------
HKU\S-1-5-21-790525478-854245398-1343024091-1003\Software\9hGVNkAaKZH

----------------------------------
Values added
----------------------------------
HKU\S-1-5-21-790525478-854245398-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\Znggurj Lbhat\Qrfxgbc\Fnzcyrf\0ss1priny1qXrl00.rkr: 02 00 00 00 06 00 00 00 D0 19 09 B4 F3 E2 D0 01

HKU\S-1-5-21... Read more

Answer:Malware Writeup: Complete AutoIt Malware Analysis

@TheSteampunkHedgehog

You said that you're relatively new to malware analysis but this thread proves the exact opposite.

Great work !
 

1 more replies
Relevance 50.02%

sfc scan doesn't complete 100%. Stuck at 47%.
Beginning system scan.  This process will take some time.

Beginning verification phase of system scan.
Verification 47% complete.

Windows Resource Protection could not perform the requested operation.


POQ 54 ends.
2017-04-18 10:21:38, Info                  CSI    0000015e [SR] Verify complete
2017-04-18 10:21:39, Info                  CSI    0000015f [SR] Verifying 100 (0x0000000000000064) components
2017-04-18 10:21:39, Info                  CSI    00000160 [SR] Beginning Verify and Repair transaction
2017-04-18 10:21:41, Info                  CSI    00000161 Hashes for file member \SystemRoot\WinSxS\amd64_microsoft-windows-s..onfiguration-wizard_31bf3856ad364e35_6.0.6002.18005_none_99f97c2900b9a29f\scwvariables.xml
do not match actual file [l:32{16}]"scwvariables.xml" :
  Found: {l:32 b:fGqMO3OFxggeHpXSicGbhktZ19XTGUG3C/gKGwQvwFs=} Expected: {l:32 b:vh/Tpmyj15maCCdMLUbLZ5pxibPU/7Q+yDDiMjcSKVw=}
2017-04-18 10:21:41, Info            &n... Read more

More replies
Relevance 49.61%

Privacy Protector, Error Cleaner and Spyware&Malware protection, it pops up a message saying my computer is infected and keeps opening internet windows even when i change the homepage away from the site it wants to go to. it is really slowing my laptop down, and when u attemp to close the pop ups or delete the desktop icons, it frezzes the laptop and the only way to resolve it is to restart but it just comes back no matter what, norton will not pick it up either. it is causing my laptop start up and loading time to be epic and is making it unusable, this topic has been fixed before by RichieUK on: http://www.bleepingcomputer.com/forums/t/105116/privacy-protector-error-cleaner-spyware-malware-protection/ i have the exact same thing. should i just follow those steps or wait for specific advice for my system? Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:00:05, on 03/09/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\S... Read more

Answer:Malware, Privacy Protector, Error Cleaner And Spyware&malware Protection

Hello,* Download Combofix to your desktop.Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.When finished and after reboot (in case it asks to reboot), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt. Post the contents of this log in your next reply together with a new hijackthislog.Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

27 more replies