Computer Support Forum

Vista Home Security malware removal

Question: Vista Home Security malware removal

Hi! I'm running windows 7 and I have the same problem as this guy has:

http://forums.techguy.org/virus-other-malware-removal/983966-wpn-exe-file-posing-vista.html

It's malware masquerading as some kind of anti virus software that jumps up and starts doing a false scan and then tries to make me buy it. It pops up whenever I open an IE/Chrome window and attempts to hijack my browsing. I think it's also somehow hijack spybot search and destroy because I can't get that to scan at the moment. Nor can I get hijack this to produce a log (it just produces a blank notepad file and then 'vista home security' pops up and starts scanning again).

I can only use IE/Chrome when I terminate the process in the task manager (bal.exe - description is 'steam'.)

Being that it has pretty much crippled every possible form of defence my computer has I really would appreciate some help getting rid of this awful thing!

Thank you!

Relevance 100%
Preferred Solution: Vista Home Security malware removal

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Vista Home Security malware removal

9 more replies
Relevance 90.61%

Hello,

I seem to have the same issue as the poster below - except that I'm runnin Windows Vista. I can't seem to be able to download any program - even in safe mode - as the malware starts popping up it's own security windows. I would greatly appreciate any help.

http://forums.techguy.org/virus-oth...5697-vista-home-security-malware-removal.html

Thanks
 

Answer:Vista Home Security 2011 Malware removal

I was really hoping that someone can help on this. It's been 2 days since my original post; so I thought I would bump it up. Any help would be greatly appreciated. Thank you.
 

1 more replies
Relevance 74.62%

same prob as this on a hp desktop running vista home premium. its been a nightmare the past few few weeks and completely highjacked my pc. hope to receive some help to resolve asap. thank you...

http://forums.techguy.org/virus-other-malware-removal/983966-wpn-exe-file-posing-vista.html
 

More replies
Relevance 72.98%

Hi,I've picked up a nasty virus tonight, where "Vista Home Security 2011" dialog box popped up. It has completely shut me out of all my applications, including MBAM and Avira. In SafeMode, when I attempt to open them (using "Run as Administrator"), I get a message box stating "This file does not have a program associated with it for performing this action. Create an association in the Set Associations control panel." I am using Mozilla Firefox in its own safe mode, and have attempted to download other virus scanners, but I receive the same message when I try to run the app.I followed the instructions from the link below, to manually remove Windows & registry settings as directed. After rebooting, it didn't improve anything.http://www.precisesecurity.com/rogue/vista-home-security-2011/Please help me out!Thanks.MI managed to run DDS, but I am not able to access Defogger & GMER (due to same reason as stated above).Here are the DDS results:DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Mike at 0:10:14.13 on 2011-04-01Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.2.1033.18.3454.2810 [GMT -4:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windo... Read more

Answer:Vista Home Security 2011 virus removal

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

21 more replies
Relevance 71.34%

Hi there, I really need help with this. I tried using mbam, spyware doctor and a couple other antivirus/spyware/malware programs and I still have issues. Upon turning on my computer, I get a pop up saying that Windows Defender has an error: 0x80070006. Adobe is not updating and neither is Windows. Soon after I installed Spyware Doctor, I've been getting an Interactive Services pop up that has something to do with system32\SHELL32.dll and that's concerned with it not being able to open TFUN.exe . Any help would be greatly appreciated, thank you in advance.
Also, I had to zip the Gmer log file, I hope that's not a big deal.
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Icekibby at 19:04:08.80 on Fri 05/06/2011
Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_21
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1916.546 [GMT -4:00]
.
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.e... Read more

Answer:Vista Home Security Malware Help!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

2 more replies
Relevance 70.93%

Your excellent forum has been invaluable for me for years, but now I must ask for your help directly. I have been attempting to remove this malware from my mother's computer, and it appears I have made some progress following the Read Me steps, unfortunately I am unable to run combofix. It only goes to blue screen, then reboot. (Oh, it's 32 bit)

I should mention that I am not seeing the fake 'virus detected' scans anymore, but the random popups, redirects and lethargic performance continue.

Please see attached logs. I sooo appreciate any advice!
 

Answer:Malware Doctor/Vista Home Security - Please Help?

Welcome to MajorGeeks!

Please download TDSSKiller.exe and save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123tdk.com).
If you do not see the file extension, please refer to: How to view hidden, system files & folders!

Click the Start Scan button.
Allow the application to run if prompted by Windows or any security programs you have installed
Do not use the computer during the scan
It will start the scan and run rather quickly and will notify you of whether anything is found or not.
Follow the instructions to delete/quarantine if asks you what to do when if finds something.
Whether an infection is found or not, a log file should be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post )

Also attach the requested
RRlog.txt (from RootRepeal)
MGlogs.zip - normally it is C:\MGlogs.zip - only attach this log from MGtools.exe DO NOT attach any logs seen in the MGtools folder.

 

10 more replies
Relevance 70.52%

Was infected with Vista Home Security 2012. Was able to remove the malware using the manual removal guide on bleeping computer and this seemed to work but the popups for Vista Home Security 2012 saying my computer was infected continued the next day. Tried to remove again with the same self removal guide but was still unsuccessful. Most of the malware seems to be gone but certain remnants of the virus seem to still be there. For example I am unable to start windows security(aka I cant add windows firewall back up to protect my computer). Also when trying to do a system restore the restore fails everytime. I am able to run Malwarebytes and each time I run it it picks up new infections which it cleans but when my computer restarts I still seem to be infected. I have no idea at this point where to go I've followed the manual removal guide on this website and that hasn't worked so I'm wondering if there are any other suggestions based on my logs that anyone might have. I figure worst case scenerio I can save all my documents and programs and wipe my hard-drive but I'm trying to avoid that if I can. Any advice will be greatly appreciated thanks in advance. Here is my report from DDS.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Mike at 21:37:11 on 2011-12-18
Microsoft? Windows Vista? Ultimate 6.0.6002.2.1252.1.1033.18.3571.1989 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-... Read more

Answer:Infected With Vista Home Security 2012 (Manual Removal Only Partially Worked)

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/433326 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

3 more replies
Relevance 69.29%

I picked up Vista Home Security malware today, and have been unable to remove it. It runs in safe mode as well and prevents any program to open. It also made "Internet options" disappear from the control panel.

I did manage to run RKill but it did not find anything and failed to disable the malware in order for me to run my anti malware programs.

I tried launching anti-malware programs (malwarebytes, spybot) from a flash drive, to no avail.

Looking at my task manager, everytime I try to launch a program, the following malware process launches itself: xxt.exe.

Please help, I am getting desperate!

Fanny

Answer:Vista Home Security malware still running in safe mode

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

2 more replies
Relevance 68.47%

Good afternoon, unfortunately I'm at the limit of my abilities to remove a nasty malware issue. I've seen multiple posts regarding the same issue on here, but it seems that every fix is fairly specific.

It started with my desktop being cleared except for Recycle bin and a program called System Fix kept automatically running. Then IE audio files began playing in the background. After a system restore 1/2 my icons reappeared, but the audio files remained. Random searches displayed a pop up box that said "noooo" and an ok box. Along with being redirected occasionally.

After running combofix w/ no result, I ran tdskiller which only found 2 possible threats which didn't help w/ the audio files they were quarantined. I then ran Malware Bytes, which had identified and quarantined 2 files. I then ran unhide.exe which returned my missing icons, but immediately after running unhide, a new issue occurred. Vista Home Security 2012 started creating problems for me. I re-ran Malware Bytes which identified these files and quarantined them:

Malware Bytes log:

Database version: v2011.12.28.05

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
jliptak :: JLIPTAK-PC [administrator]

12/29/2011 03:45:41
mbam-log-2011-12-29 (03-45-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 176670
Time elapsed: 4 minu... Read more

Answer:Help needed with possible TDL4/Vista Home Security 2012 combo malware

16 more replies
Relevance 67.65%

Hi,

I?ve google?d my brains out on this one and have found a few forums that address issue in a similar fashion, but none that address it as I?m encountering it.

So here?s what happened:

I logged on one day to find the Windows Vista Home Security 2012 malware on my laptop. Did the search and downloaded Malwarebytes Anti-Malware to remove it from the system.

After the system scan and removal, a restart was required. Upon restarting, I see a blue splash screen that lists "Other User" only-my acct isn't there. At the bottom left corner is the "ease of access" blue button but it does nothing. When I select the "other user" I'm prompted for a username and password. I've tried everything I can imagine but it says something like "This domain either does not exist or the username or password is incorrect".

The 'other user' screen looks similar to this...sans the WindowsServer 2008 logo...
I?ve tried booting into Safe Mode, however pressing F8 throughout the boot sequence does nothing.

Having just thrown out the system recovery CDs during a move (of course), I was able to download a Windows Vista Boot Disc, which allows me to run the ?repair my computer? option. Unfortunately, the following is true:

? Startup Repair ? looks like it runs, and finds one root problem?however upon restart, same ?other user? screen.
? System Restore ? luckily there are several restore points. I ran a restore to a point a month ago, however ... Read more

Answer:Windows Vista Home Security 2012 Malware to 'other user' only option at login

With the name and make of your computer, we can find out how to access the restoration partition, if you have one and restore to factory defaults. You may want to save your stuff first, using Ubuntu.
http://www.howtogeek.com/howto/windo...dows-computer/

4 more replies
Relevance 63.55%

Hi,I have tried many ways to get rid of some Malware that has only recently infected my PV. I hope someone can help me as this is my work PC and I need to plug back into my office network in a few days, but think this would be a bad idea at the moment.The problem first showed itself by insisting I had many viruses etc, and I should install Internet Security 2010. I have installed Malware Bytes removal tool, and installed as instructed. It found the above, said it was removed, but still it appears to exist, although the name of the infection has changed a few times, and is currently redirecting my brower to a similar page to the above malware. A popup now shows that I should install Cyber Security to remove the infections. This is obviously another malicious antivirus/malware program.I have McAfee Enterprise installed (which I can't seem to disable)I have also run SuperAntiSpywarePlus, which did the trick removing a similar problem about a year ago on a different PC. However, although this program also finds problems, and supposedly removes t5hem, the problem is still there.Please help. I have shown Hijackthis log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:58:42 PM, on 29/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\... Read more

Answer:Cyber Security removal; Malware removal not working

Hi,I have tried everything I know of to remove this pesky piece of malware. It seems to keep changing names, starting out as Internet Security 2010, and redirecting me on a google search to a webpage trying to convince I was riddled with viruii and malware, and then trying to sell me thier software, which is really just a scam. I ended up here after a few days of tearing my hair out, almost beaten. I went through the tutorials, but unfortunately that was before I fired off a post in desperation. Please delete my previous post, as I have now followed the suggested path, and run the utilities to help diagnose my problems. The resulting files are attached.Please help. I hope the files uploaded can provide an insight into whats happening.Apologies for jumping right in and posting a Hijackthis log before I had read the tutorials.ntents belowDDS.txt contents pasted belowDDS (Ver_09-12-01.01) - NTFSx86 Run by Greg.Middleton at 15:30:23.26 on Tue 29/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.3063.2330 [GMT 9.5:30]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\windows\Syst... Read more

3 more replies
Relevance 61.5%

Hi there,

I'm new to this forum.

The other day I got hit by Vista Home Security and Windows Home Security virus. It's made my computer completely useless(no Internet access).

For the past 2 days I've trying to fix it but to no avail.

At first I went to safe mode and tried a restore to a prior period but the virus was even in safe mode. Any time I tried to restore, the virus pops up even after I tried to end process.
So I did some research and found this:

http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011

I loaded rkill and Malwarebytes onto my computer using a USB stick. But rkill is not stopping the Vista Home Security and Windows Home Security virus from running so that I can download Malwarebytes and run it so that I can remove the virus.

Every time I run rKill I get the black screen and then after a while I get this message and then a notepad the program finished.

" sed.exe: can't read c:\users\acer\appdata\local\temp\rks1.log: no such file or directory "

The Vista Home Security and Windows Home Security virus wasn't disable so that I could download and run Malwarebytes.

I tried it in normal mode and safe mode.

The big issue is that the virus hit my work computer and I got a deadline.

Any help would be greatly appreciated.

Answer:Vista Home Security and Windows Home Security virus

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

1 more replies
Relevance 59.86%

Hi,I am using Windows Vista Ultimate 6.0.6002 Service Pack 2 Build 6002 and have recently been infected by the Live Security Platinum virus (PUM.Disabled.SecurityCenter) and have cleaned it using the method from here.Everything's been going ok actually, except for the fact that now the whole of my Windows Security Center is unusable. I suspect it is due to the system files that were removed or modified during the removal process.Now Windows Update is not even present in the Services list and Windows Defender gives a "failed to initialize" error.It would be great if you could shed some light to me for this problem.Thank you.

Answer:Windows Vista Security Center problem after successful removal of Live Security Platinum virus

DownloadFSS Checkmark all the boxesClick on "Scan".Please copy and paste the log to your reply.

31 more replies
Relevance 59.04%

Hi! I, like many others it seems, have the MS Removal Tool / Win 7 Home Security virus on my dad's computer. I've gone through the tutorial listed on the site (and other threads on the subject), with no success, for a few reasons:

Firstly, disabling the proxy doesn't work, in either IE or firefox. The proxy server box is unchecked, and all sites are still blocked (after showing them for a split-second). This isn't the end of the world I suppose, as I've copied all necessary files (so far) over via USB. I'm in Safe Mode (have ditched networking after disabling the proxy didn't work), and I only have one shot at transferring files after each boot - it doesn't depend on the amount of time after startup, the Explorer windows only opens once.

The problem is that the virus is blocking all programs, under most circumstances - I've downloaded all versions of RKill, and the only one that I've had ANY 'success' with is rkill.com - once when I clicked manically to beat MSRT, and the program ran after being blocked about 150 times - the DOS screen came up (with dialogue, not just black), then later a logfile, which indicated that no process had been killed (I'm not 100% that this was rkill.com that I opened, I can't remember, but I think it was). The second time was when I tried to beat MSRT at startup (which seems to have worked for some other people) - rkill.com ran, but the installer wasn't able to write several of the ... Read more

Answer:MS Removal Tool / Win 7 Home Security

Hello, let's try once more this way.Reboot into Safe Mode with NetworkingHow to start Windows 7 in Safe Mode>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.Next run Superantisypware (SAS): Download and scan with SUPERAntiSpyware Free for Home UsersDouble-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your de... Read more

3 more replies
Relevance 59.04%

Hey everyone,

I'm new to this site but a quick Google search seems to suggest this is a really useful forum. I'm not particularly knowledgeable about the inner workings of computers, so I'm here to seek help with the removal of the malware "XP Home Security".

I've actually looked up some Youtube videos and read some forums, leading me to do some work myself. However, I'm not sure if I'm actually clean and I'm worried I might be still infected since I didn't use Rkill or something like it. What I did was the following:
1. Used system restore, using one week prior to today as my restore point.
2. Updated existing Malwarebytes Anti-Malware on my computer and ran it (quick scan; took maybe 45 minutes or so).
3. MBAM found 10 infected files, so I had the program delete the files. It restarted my computer and this is where I am now.

It LOOKS LIKE I have no problems now, but I would like to know if there are flaws with what I have done. How can I be sure I'm clean? I am currently running MBAM again (full scan of my C drive) and waiting for results.

Also, my computer uses the family wi-fi connection. Should I be worried that the other 3 computers in the house might be infected? My infected computer is currently offline (I'm using a netbook to write this) with the hopes that it won't be able to infect the other ones.

I apologize for the massive email in advance, but I would really appreciate any feedback anyone might have abou... Read more

More replies
Relevance 59.04%

When I try to run the Sysinfo, the message is MacFile opener can't be opened.
I have a Mac mini, late 2009, OSX El Capitan, version 10.11.6
I had MacKeeper security software for years.
2 weeks ago I allowed them to remotely reconnect the MacKeeper and run a cleanup to regain memory space.
They called the service MacKeeper Remote Assistance.
Now my computer password does not work, I can't access I cloud and I can't open system preferences.
I believe my computer has been compromised.
MacKeeper is owned by Kromtech.
I have no transportation to take my computer to be checked out.
Does anyone have an idea what I can do to get rid of this.
I would appreciate any suggestion
 

More replies
Relevance 59.04%

I have a custom built computer about 6 years old. I have Windows XP Home. I use AVG Anti-Virus free version 7.5 and SpyBot.

I am a personal property appraiser and after not having used my computer for about five months because of open heart surgery I am getting back to work. Recently started working on an appraisal that visited several foreign (Japan, China, Germany) sites.

During the past week I noticed that when searching on google and get zillions of hits on a subject I would click on the hit and at the connection find that it had nothing to do with what I was looking for...often a listing of services, clicking back sometimes took me to the desired site but often instead of being misdirected nothing happened until I got the message "not responding" and "ending now" took me out of Google and I'd have to start the search all over.
I finally noticed that the blue title bar at the top of the page said "jump...." and then would quickly flash off so I started searching google for "jump redirected internet searches and hence found your site.

I have read your instructions and have downloaded the program that scans my computer and prints out a log. I have saved it and will paste it below.

AVG has not detected this virus. Spy Bot (after loading updates that were neglected when I was sick) discovered a trojan...can't remember the name right now...and it was deleted. It wasn't the problem because I'm still having the same pro... Read more

More replies
Relevance 58.63%

Dear MG,

I am attempting to clean up malware on a Dell Dimension 9150 PC running Windows XP Home Edition SP3. The system had Avast antivirus installed but the Avast service had been stopped and would not restart. Although the Avast interface would launch, there was no response when any buttons were clicked.

I have carefully reviewed and followed the instructions provided in this forum. I removed the following unused applications in the control panel - including AOL Version 9, Avast Antivirus, Google Chrome, "Classic Phone Tools", "Digital Line Detect", Learn2 Player and "MyWay Search Assistant". Mozilla FireFox was also removed and is to be reinstalled later after the system has been disinfected.

I downloaded, installed and ran Microsoft Security Essentials - which found one infected file. I noticed that during my ComboFix scan, despite having temporarily disabled Microsoft Security Essentials and Windows Firewall, it reported that McAfee Antivirus scanning was still enabled. McAfee was not among the applications in the Add/Remove Programs part of the Control Panel - and is therefore likely installed in some kind of stealth mode. I'm also unable to open the Windows Update "Check for Updates" page.

The scans found 8 or 9 infected files and over 500 tracking cookies. However, RootRepeal found no evidence of Rootkits. Since I am unfamiliar with interpretation of the logs (see attached), I would like your assistanc... Read more

Answer:Malware Removal from Windows XP Home PC

Hi and welcome to Major Geeks, Dave2U!

Your logs are clean of malware. However, if you wanted to tidy up a bit and remove the remaining traces of McAfee from the Security Center cache, see the below:
These fixes are optional as they are not malware related.

From Add/Remove Programs (via Control Panel), please uninstall the below:

Viewpoint Media Player <-- Should have been uninstalled earlier
RealPlayer Basic <-- Is this functioning? The below service is associated with it and appears to have an invalid ImagePath

Code:
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASCTRM]
"ImagePath"="\??\c:\windows\system32"
Please download Disable/Remove Windows Messenger by Doug Knox to your desktop.

Double-click MessengerDisable.exe to run it.
Place checkmarks in "Uninstall Windows Messenger" and "Hide Messenger from Outlook Express"
Click Apply
Click Exit

Fixing items using ComboFix
Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop -- but do not run it.
If it is not on your desktop, the below will not work.
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Open Notepad and copy/paste the text in the below code box into Notepad:

Code:

[COLOR="DarkRed"]KillAll::[/COLOR]
[COLOR="DarkRed"]ClearJavaCache::[/COLOR]
[COLOR="DarkRed"]DDS::[/COLOR]
uInternet Settings,ProxyOverride = 127.0.0.1
[COLOR... Read more

8 more replies
Relevance 58.63%

Attempted to remove Home security 2012 Virus from PC. /processor AMD Athlon()x3 440 processor 2.81 GHz /RAM 4.00/ 3.25 usable /32 bit /Win 7 ultimate service pack . Intially Recieved pop up with the home security 2012 asking me to buy product. on desk PC / cant remember exactly what I did thenm but subsequently I was unable to access internet. Used my Netbook to access internet tech support / First attempt used NOrton 360 then malwarebytes anti mal in safe mode as directd.did not resolve problem. 2nd atempt I registered the home security virus with numbers for registered provided by tech/ Fix NCR Fix_pinifi /Win 7_gv_fix as instructed./ intially this seemed to fix all problems (20 min or so) . at present : have access to internet can access email / specific URL search attempts are rediredted to inappropriate sites. /attempted to implement the instructions from this site regarding GMER, HIJACK, DDS. could not access sites tyo download.. /copied downloads from flash drive but the do not work.. the GMER does come up does quick scan then disappears before I have time to copy the results.. I am a begginer regarding PC Tech stuff, and have no clue as to what I should do now.. at present pc is on in safe mode with network .. WHAT NEXT???
 

More replies
Relevance 58.22%

Help! To remove AV Security Suite Malware. I tried booting in the Safe Mode and unchecking proxy server, then running rkill.com, and then running Malwarebytes to remove AV Security Suite Malware. All efforts have been unsuccessful.DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Robert DeAngelis at 10:01:57.89 on Fri 10/01/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.673 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exesvchost.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\explorer.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Robert DeAngelis\My Documents\Downloads\dds.scr============== Pseudo HJT Report ===============uLocal Page = \blank.htmuWindow Title = Windows Internet ExploreruDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8mSearch Bar = hxxp://www.wtywsdclgucnkkrhwzcxvhf.com/4tJGAN... Read more

Answer:AV Security Suite Malware Removal

Hello BobDeaWelcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it. When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================Please download Rootkit Unhooker and save it to your desktop.Double-click RKUnhookerLE.exe to run it.Click the Report tab, then click ScanCheck Drivers, Stealth Code, Files, and Code HooksUncheck the rest, then click OKWhen prompted to Select Disks for Scan, make sure C:\ is checked and click OKWait till the scanner has finished then go File > Save ReportSave the report somewhere you can find it, typically your desktop. Click ... Read more

1 more replies
Relevance 58.22%

I needed to amend the instructions written by Grinler for removing total security which is a virus/malware in order to get it to work. The link to the instructions: http://www.bleepingcomputer.com/virus-remo...-total-securityTotal Security has gotten smarter and now won't allow most processes or applications to run. Nothing I tried at first would allow me to end the Total Security process. Total Security shut down anything I tried to run... like hijackthis, malwarebytes, spybot, adware etc....I surmized, that total security will not allow you to run any exe programs other than a few it knows about.My solution was to rename the ProcessExplorer file..... Procexp.exe to iexplore.exe. (Download process explorer from Microsoft on a different computer if you have to.).... renaming to other file names like explorer.exe may work too.After doing that I was able to end the process and proceed with process.I think Grinler has edited his instructions so everything is good.Thanks to Grinler for posting the instructions. Good LuckHarold

More replies
Relevance 58.22%

The computer is infected with Win 7 Security 2011. I ran House Call last night, it found ten objects but wouldn't remove them. It chose ignore, and wouldn't allow me to quarantine them. I ran a quick scan, and found nothing. The complete scan took 4+ hours, and came up with the ten objects.

MalwareBytes will not load up, and HJT will not create a log file. When I ran the suggested program..., it came up with a "sample hosts file", and there were no lines mentioning HJT. The output is below:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

I ran TFC, OTL, DDS, and TSG SysInfo.

SysInfo output:
Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows 7 Home Premium , 64 bit
Processor: AMD Athlon(tm) II P320 Dual-Core Processor, AMD64 ... Read more

Answer:Win 7 Security 2011 malware removal help please

7 more replies
Relevance 58.22%

I have noticed that I've been having popup ads lately, which is very strange since I've had popup blockers for a very long time. I keep my antivirus programs (mostly) up to date, and I rarely go on 'bad' sites. However, today when I restarted my computer, I had the "Security Tool" program pop up and give me a list of fake viruses that it wanted me to delete. I didn't delete them; instead, I opened my Killbox program and deleted two of the Security Tool files, but it would not let me delete the main folder for them. I opted to do the "delete on restart" method, which took out the main folder.

However, I've been trying to run the suggested "Malwarebytes Anti-Malware" scan to make sure the Security Tools is gone for good, but I absolutely cannot seem to run it. Every time I try to install/run the program, I get an error message or the program will start and stop itself. Eventually, it will be unable to find the mbam.exe file that is needed to run the program. I've tried to do all the suggested methods to make the program work that were listed on different forums from google.

I am still getting popup ads. I am unsure if this was the only problem my computer is having. To be safe, I have run a Hijack This, DDS, and RootRepeal scan on my computer. I do have Killbox, so I can manually delete anything that isn't safe (if it lets me delete it). Any help would be greatly appreciated!

If I read the "How To Post" thread correctly, I'll post... Read more

Answer:"Security Tool" Malware Removal

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

2 more replies
Relevance 58.22%

Malware has attacked my computer and gives that red shield in the bottom that says something like "You have a security alert!" and makes many pop ups and takes over internet. I deleted ~tmpa.exe and ~tmpd.exe. But it comes back when I reboot. Log below.You help is greatly appreciated. I am sure if I delete the correct things, I can lick this.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:25:06 PM, on 1/15/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\SYSTEM32\taskeng.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exeC:\Windows\system32\ctfmon.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exeC:\Program Files\Tr... Read more

Answer:Malware removal Help - Security alert!

Hi, allingtonj Welcome. Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**Please, never rename Combofix unless instructed.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.... Read more

2 more replies
Relevance 58.22%

this seems to be just like AVP 2009 mess that I removed a while back (pop ups bogus warnings, etc) with the exception of this one actually hides the desktop icons also....

DDS LOG:
DDS (Ver_09-09-29.01) - NTFSx86
Run by Sharon my Love at 20:56:23.85 on Thu 10/01/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.358 [GMT -4:00]

AV: Verizon Internet Security Suite Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Verizon Internet Security Suite Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon\Verizon Internet Security Suite\rps.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsy... Read more

Answer:security tool malware removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

2 more replies
Relevance 58.22%

I read many of the other posts regarding how to remove the Security.Hijack malware. I ran Malwarebytes anti-malware and got 2 warnings about the Security.Hijack i asked Malwarebytes to remove them and i restarted the system but didnt actually remove anything so now i'm here asking for some help to how i can remove the 2 warnings in my system.

I followed another ''guide'' that was made within this forum but i kind off got lost in the rain
 

Answer:Removal of Security.Hijack Malware

It looks like you started to do the following, but didn't finish. So finish these instructions and attach the requested logs.

READ & RUN ME FIRST. Malware Removal Guide
 

3 more replies
Relevance 58.22%

My sypmtoms began as "AntiVirus Studio 2010" fake spyware removal software and "Security Shield"

I thought using Malwarebytes Anti-Malware I had removed the problem. Unfortunately, there have still been issues.

The current issues are intermittent.

Blue Screen (iastor.sys)
Pop-Ups for Viagra, Porn Removal, Free giftcards, etc. (I have not had a pop-up since trying to pay more attention)
Often very slow (sometimes just before blue screen)

GMER text is attached.

Please note that the DDS did not run.

?   ?? ? @ ? ? ? ?!?L?!This program cannot be run in DOS mode. (This is followed with pages of characters)

Please help me with this malware and instruct me how to properly run the DDS software.

OK, since I already attempted removal before finding this forum, here are copies of MalwareBytes Anti-Malware logs.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/22/2010 8:14:25 AM
mbam-log-2010-12-22 (08-14-25).txt

Scan type: Quick scan
Objects scanned: 159223
Time elapsed: 10 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys ... Read more

Answer:Malware Removal - Security Shield?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting... Read more

2 more replies
Relevance 57.81%

XP Home Security 2013 is a rogue security software which will report that malware has been detected on your computer in an attempt to scare you into buying this malicious software.
In reality, none of the reported issues are real, and are only used to scare you into buying XP Home Security 2013 and stealing your personal financial information.

As part of its self-defense mechanism,XP Home Security 2013 has installed a rootkit on your computer,which will disable the Windows Task Manager and will block you from running any program that could lead to its removal.

XP Home Security 2013 is a scam and you should ignore any alerts that this malicious software might generate.
Under no circumstance should you buy this rogue security software as this could lead to identity theft,and if you have, you should contact your credit card company and dispute the charge stating that the program is a scam and a computer virus.
Removal instructions for XP Home Security 2013 virus​This is a self-help guide, use at your own risk.
If you experience problems completing this guide, or the problem persists after following the instructions below or would like to have one of our staff members guide you through the process, please start a new thread in our Malware Removal Assistance forum.
STEP 1 : Start your computer in Safe Mode with Networking

Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.

Press and hold the F8 key as your computer restarts.Please k... Read more

More replies
Relevance 57.4%

Hi,

Thanks in advance for any help. I will do my best to provide all the necessary info. Last week, I got the Outerinfo and Internet Speed Monitor infections. I used online tutorials to remove these items using ComboFix and AVG Anti-Spyware, etc. Yesterday I got Security Toolbar 7.1 infection that causes pop-ups (with the little yellow triangle) and slows the system down, and I cannot seem to remove it. I ran the ATF cleaner and created a system restore point. I ran an updated version of AVG Anti-Spyware (but I cannot find the log). I tried to run Super Anti-Spyware but got an install error. I ran Panda Active Scan. I have updated the security patch for XP. I still have this infection.

Here are the logs I can provide:

First is Panda scan log:'
Incident Status Location

Adware:adware/searchaid Not disinfected c:\windows\winshow.exe
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d37f2pwb.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d37f2pwb.default\cookies.txt[hc2.humanclick.com/hc/51325817]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\James\Cookies\[email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\James\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\James\Co... Read more

Answer:Solved: Malware Security Toolbar 7.1 Removal

10 more replies
Relevance 57.4%

Hi,

My computer got infected with the koobface several weeks ago. I posted in the 'Am I infected? What do I do?' section and the Hijackthis logs section and we have used malwarebytes to remove the infected files, restored windows to the last known good configuration and used the XP system restore feature and updated security.

Unfortunately none of this has worked. After using the internet (through both IE and Firefox) for around 5 mins the window freezes so I have to close it down. My computer then blue screens and I receive the ***STOP: 0x0000000A message. After logging back on I receive the following message 'loading model error. load default model?'. If I log off before internet freezes I get this message 'the instruction at 0x000f2fc0 referenced memory at 0x000f2f0. The memory could not be written. Click ok to terminate the program. Click cancel to debug the program'.

The last time my computer blue screened I received an error report after logging back on. I thought the info could be of help. Please find all of the details below:

Error Report Contents
The following files will be included in the report
C:\DOCUME~1\JAIME-~1\LOCALS~1\Temp\WERc30b.dir00\Mini100409-01.dmp
C:\DOCUME~1\JAIME-~1\LOCALS~1\Temp\WERc30b.dir00\sysdata.xm

Error signature
BCCode : 1000000a BCP1 : 0000BA33 BCP2 : 00000002 BCP3 : 00000001
BCP4 : 806E4A8E OSVer : 5_1_2600 SP : 2_0 Product : 256_1 l

I've had the problem for a couple of months now and I'm keen to get it fixed asap. Pl... Read more

Answer:Still getting BSOD after malware removal [moved from security]

'C:\DOCUME~1\JAIME-~1\LOCALS~1\Temp\WERc30b.dir00\Mini100409-01.dmp'

It made a minidump, so look for them and zip up the latest 4 and attach them.

7 more replies
Relevance 57.4%

Hi

I'm trying to remove this malware from my laptop computer but all instructions that I've read indicate to download removal spyware...but my browser won't start up! I tried burning the indicated software to a CD and then loading to the infected computer but still no luck...

Any ideas?!

Thanks!

More replies
Relevance 57.4%

Hello,I'm out of tricks to get rid of this nasty rookit infection I have. It started this past saturday 12/17 with the XP security 2012 malware. I followed instructions online and removed it (various reg edits and running MBAM etc). It had corrupted my rundll32.exe file, which I restored from my XP disk (you will see a reference to the "old" copy I made be overwriting in the DDS log). After that my applications all worked again and my computer seemed fully functional but then I realized the virus also has a rootkit attached to it that causes google redirects in Firefox. I ran TDSSkiller and it found something and cleaned it the first time. Since then it has re-surfaced many times. MBAM found something once or twice upon resurfacing, but hasn't found anything the past few scans. TDSSKiller doesn't find aynthing anymore. SuperAntiSpyware doesn't find anything. I decided to run Mcaffee anti virus, and it said it found 3 files with Downloader-BMN.gen.g(Trojan) .. This was exciting, I hoped that would be it. But alas firefox googles still redirect. I haven't done any more scans and thought its time to call in the pros. Also forgot to mention I've run defogger and disabled my CD emulators, and ran CC Cleaner multiple times and deleted all my history and temp files etc. I have NOT run comboFix yet .. Here is the DDS log:.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30Run by Bill at 21:11:18 on 2011-1... Read more

Answer:rookit won't go away after XP security 2012 malware removal

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

18 more replies
Relevance 57.4%

I have followed the suggested guide to removal the malware 'Security Tool' (Remove Security Tool and SecurityTool (Uninstall Guide)). However when I try to run the rkill file the virus shuts it down before it has a chance to act.I have tried not clicking on the pop up boxes however this does not work.I have been able to download the malwarebytes set-up however the malware is blocking me from running the program.Is there any other way I can either run the rkill program or allow the malwarebytes to open and install?(I am using a new samsung r519 laptop running windows 7. It is a week old so has no unusual software or hardware)Any help would be really appreciatedEdit: Moved topic from AntiVirus, Firewall and Privacy Products and Protection Methods to the more appropriate forum. ~ AnimalAllen

Answer:Failed Removal of 'Security Tool' Malware

Thanks Animal..Run FixExe.regFixExe.reg ....click Run when the box opensIf you get an alert that Rkill is "infected", ignore it. The alert is just a fake warning given by the rogue software which tries to terminate programs that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine. Or try running SAS first after Rkill.Download and scan with SUPERAntiSpyware Free for Home UsersDouble-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the Scanning Control tab.Under Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the... Read more

1 more replies
Relevance 57.4%

Hello all,

I have the malware Security Protection on my desktop. A quick search on google can show you what it is. Anyway, I have run MBam numerous times, each of which has removed, it seems, a portion of Security protection. However, a link of security protection still winds up residing on my decktop as well as a reloaded version of SP later on. I cant seem to fully get rid of it. any ideas?

SW
 

Answer:security protection malware complete removal

Hiya and welcome to Tech Support Guy

Can you run the tools in this thread:

http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html

And then post the following:

1. Copy and paste the HijackThis log.
2. Copy and paste the contents of the DDS.txt file.
3. Upload as an attachment the Attach.txt file. There is no need to zip it as suggested in the DDS instructions
4. Copy and paste the contents of the ark.txt file.

Regards

eddie
 

1 more replies
Relevance 57.4%

sir, Two computers(winXP-pro-sp3) in my office have infected with virus/malwares but of different nature. In First machine, Avira free was installed. Same machine had to be reformatted(only C-drive out of three partitions, C, D & E) a week ago after a virus removal exercise with Mcafee AV, which resulted vanishing of Desktop & start menu. Probably fresh virus infection occured due to non-formatting of other two partitions containing lot of data( mainly .doc, .pdf, .jpg, .htm & .txt). This time I tried to clean the machine with a updated Nod32(installation folder copied from another machine) kept in a flash drive. cleaning was done in safe mode when some 2000+ virus was removed by Nod32 including some conficker,autoit viruses. Before reaching safe mode, I tried TaskMgr, Msconfig, regedit & windows search, all of which were disabled. However, it was possible to view hidden files & file extentions, inluding system files. But after reboot, viruses not removed, took control of machine & reaching safe mode was blocked. One thing i noted is infection of svchost.exe & explorer.exe. First one was operated from a folder(2537452) within system32, second one was associated with a file "regsvr.exe"I read your article for removal of security tool & accordingly downloaded rkill.com, kept in desktop & wanted to run but every time virus terminated the application before starting. I could install a current version of malwarebytes' Antim... Read more

More replies
Relevance 57.4%

Hello,I'm Jon, and I have an infected PC, yadda yadda yadda. Please forgive me, but I am not as spyware savvy as many of you are, I'm sure. My computer just started getting a small white X in a circle in the tray, and a pop up window down there saying: Warning! Security Report. Your Computer is infected! It is recommended to start spyware cleaner tool. When I right click on it, it sends me to an antivirus page, and then does tab afetr tab of crap. I also am getting warnings on my normal browser pages as well, now. I am not clicking on any of them, of course, because it appears to be malware? I run a Windows XP OS. I am not sure if it is NT or not. I am in an office with six different computers on our network. It is wireless internet, with a server running cables to all of our computers. I use Internet Explorer, maybe version 7? I am not the most tech savvy out there, so forgive me if I am being too vague. I have Ad-Aware, Spy-Bot, and I believe we are running Symantec Antivirus, but I think I only have Endpoint protection. Perhaps it is installed on our server, then distributed in our small network? I also noticed that my task manager will not work, and my background photo has been disable on my desktop? Can anyone help me remove this nasty thing?Thanks for any help-Jon(Moderator edit and note: thread moved to more appropriate forum. jgw)

Answer:warning security report! malware removal??

G'day, Jon,Can you please Post into this Area and be Patient, we are having a very busy time just now?http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/Someone will come there to Help you out.

4 more replies
Relevance 57.4%

hello fellow tech heads

i've had a day from hell trying to remove the above trojan. none of the things found on the net worked for me like booting into safe mode as the virus was still active and stopping things. blocking task manager so i took things into my own hands and downloaded rkill which was the only thing that i could acctually load in safemode, killed it ran malwarebytes got rid of it well i taught i did but then when i booted into windows my programs are still missing from the start menu, malwarebytes i just installed was not there so reinstalled it and still was not lising in my programs

win update thinks its turned off when its on

accidentally turned hidden files on and found some of my movies and files which are marked as hidden OMG what the.........

so i can use my computer as per normal now and for internet i have to go through windows explorer but i am still infected and not sure how to fix it now as i cannot remove avg as its saying that its missing some reg file and therefore cannot run combofix

help pls :)

Answer:xp security 2011/ malware removal tool

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Who instructed you to run ComboFix?

As you should have read here in Step 2 of our NEW INSTRUCTIONS thread:

Why we don't ask you to run ComboFix from the onset

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

------------------------------------------------------

We first need to verify if there are any rootkits present and how they could affect our tools.

DDS & GMER are preliminary scans. We use their logs to map our strategy for attack.

With these logs we can determine the infections present and decide whether to deploy ComboFix.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. Please follow our pre-posting process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one ... Read more

19 more replies
Relevance 56.99%

I hope I am finally in the right forum. Please, please help.Mod Edit: Topic in XP forum, http://www.bleepingcomputer.com/forums/topic433359.html/page__gopid__2516139 .Following pinned instructions for 2012..Security..XP, I was able to remove a number of Trojans with Malwarebytes, restored the firewall, reran Avast, and thought all was OK. And it seemed to be for a couple days.... Then Avast informed me it couldn't protect for firewall/email. Removed a few more trojans with malwarebytes, but could not get the firewall back up. Another forum has directed me here, explaining that I probably have resident malware.At this time, my computer is hung on the "windows is shutting down" window (I was trying to restart.) Before that, I had physically unplugged from the internet. A lot of services were running huge I/O and Other while I had nothing up but the CPU usage screen. InCDsvc and lsass were the most active. Oddly, I got a message the last couple reboots, that InCD could not be started.The scary thing for me (other than that the screen hangs there) is that all these processes were running very actively, but none were identified with a user - usually, it specifies network, local, Irena - like a ghost in the machine. It got quiet when I stopped the InCD, and very quiet after I pulled the Internet plug.The message was: Windows cannot start the Firewall/Internet Connection Sharing (ICS) service. I didn't go online after that. Now it's just a hung "shutting ... Read more

More replies
Relevance 56.99%

HI
could you please help me in solving my system problem.

when i start the computer it says the following message

The path'c:\WINDOWS\o4251227.exe' does not exist or is not a directory.

Windows cannot find "'C:\WINDOWS\o4251227.exe'".Make sure you typed the name correctly, and then try again. To search for a file, click the start button, and then click search

then when i click on the browsers it open very late.

Next is if i goto for google search and when i click the result it will open the websites like

'http://goldenmango.com/fine.cfm?pt=2&rpt=1&kt=1'
http://216.133.243.28/2.php?sid=677...LaW5nZG9tCUdC&objTimStr=0.22215900+1203094488
http://www.uncoverthenet.com/search/?q=fine'

unrelated links..

After going thru these website i have installed the Hijack This and the report is

Logfile of HijackThis v1.99.1
Scan saved at 10:08:41 PM, on 2/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\C... Read more

Answer:Solved: System is in a big trouble. security and malware removal

13 more replies
Relevance 56.99%

On internet i have seen several times the advice to change the name by which a particular malware removal program is known since some malware recognizes the files
or the ---.exe and then prevents its installation onto an infected computer or its execution, even if the program was installed on the computer before the infection took place.
This was advised for TDSSKiller (tdss.exe should be renamed to e.g. whatever.com)
Malwarebytes AntiMalware should be renamed before using it on an infected computer.
See e.g.
How To Easily Remove Google Redirect Virus
http://www.usenetmessages.com/view.p...&id=476887&p=C

Can anyone say anything about this? And should this also be done routinely with other malware removal programs? If that would really be necessary/advisable then why wouldn't the providers give you the choice of renaming by asking if you want to, or simply give you no choice but rename their product? Probably not many people would ever think of doing it themselves.

Answer:Should malware removal programs be renamed for security reasons?

I'm perhaps being rather cynical, but I'm very suspicious of articles that have a link to a 'registry cleaner' or any other so-called utility that claims to clean or speed up your computer.

I'm of the opinion that some of these can easily corrupt your registry or your system.

Microsoft Security Essentials along with Malwarebytes and ignoring suspicious web pages or links has kept my computer free of viruses so far.

As for renaming Malwarebytes, I certainly wouldn't do it. If the door is already open, the undesirable alien is already in and only its removal will suffice.

The door needs to be locked, not just have its name changed.

6 more replies
Relevance 56.99%

The malwarebytes antivirus did not remove the winweb pop up security alert. When I run the scan it does not detect any malicious items. The only malware quarantined was from the vendor Adware.Zango. The item is very long. I would cut and paste it here but can't seem to do that. It starts with HKEY_CURRENT_USER. This was the only one found in the registry of malware antivirus. There are many other items in the winweb security alert like trojans and others. should I write these down in the postings? The pop up Lsas.keylogger keeps coming up too.I did switch to firefox. Before winweb was on my screen I used Internet explorer. I'm not sure if the browser matters. I've used firefox eversince winweb has been popping up. Also, I could not run kapernsky's free scan for some reason. I did download the new runtime JAva but I still couldn't get a scan.I will cut and paste the reports from RSITLogfile of random's system information tool 1.04 (written by random/random)Run by sam pratt at 2008-12-03 10:43:54Microsoft Windows XP Home Edition Service Pack 3System drive C: has 258 MB (3%) free of 8 GBTotal RAM: 254 MB (27% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:44:46 AM, on 12/3/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS&... Read more

Answer:Malware removal request( winweb security alert)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable ... Read more

3 more replies
Relevance 56.99%

I have a malware infection I can't figure out how to fix. It started with a fake Windows Security Center scan warning, which I did not allow to run and then I notice several instances of ooj.exe running in my task manager. It has blocked me from opening almost any program/.exe. Windows just asks me to select a program to open the file. I can't run mbam or Super AntiSpyware. I have tried running FixExe.reg from a USB drive, it seemed to help initially, but no longer does.

I followed your general instructions. I could not run the defogger or gmer.exe (it just hung when trying to run). I did run the DDS (log pasted below and attach log is attached).

Any help would be greatly appreciated. Thanks!

.
DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Run by Administrator at 15:42:08 on 2011-07-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.969 [GMT -6:00]
.
AV: AVG Internet Security *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TEMP\hki183.exe
C:\Documents and Settings\All Users\Application Data\gj8Be6Sx.exe
C:\WI... Read more

Answer:Help wiht Malware Removal - ooj.exe, Wndws Security Cntr

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on http://www.bleepingcomputer.com/logreply/412109 and follow the instructions there. If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following inf... Read more

34 more replies
Relevance 56.99%

Hi fellow techs

Just got d above virus and Wat a mission it was to get rid of it

However it has left some damaging things behind like win updates thinks it's not turned on when it is!!!

As well as it's made some ordinary files like movies to be marked as hidden files

And all programs is not listing a thing but they are all still present!!!!

What the&hellip;&hellip;

Can anybody help

I will try restoring to a week ago soon to see if that works

Answer:Xp security 2011 / malware removal tool virus

You are still infected. We cannot help you here with Malware removal as per forum rules. Please head over to Virus/Trojan/Spyware Help and post there for more help
NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

1 more replies
Relevance 56.99%

Hi All
I don't know where to put this request, it kind of crosses over different topics.
I had that Antivirus security pro virus which has now been removed following the method from this site (many thanks for that, it has been a huge relief), however I still get the .exe file errors and deletion when I try and download something and I cannot remove or reinstall Microsoft security essentials.  I have re run the malware program several times now and says everything is clean??
I have window 7 64bit if that helps
Cheers
DAvid

Answer:Cannot remove Microsoft Security Essentials after malware removal

G'day David, fellow aussie here.....
 
I would just about bet money that your PC is still infected mate . In fact i would probably bet the farm on it !
 
Ok...(on a more serious note)....Post a new Topic here :: http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
 
Describe what led you to know that you were infected....and what steps you have taken since.
 
Kind Regards,
 
Brian

1 more replies
Relevance 56.99%

i cant even get Hijack this to work as soon as i run it it disappears so i cant even post that here to show whats going on with my computer.. im using windows XP... i keep getting redirected when i try to search on yahoo or google... using mozilla firefox. ive also tried to run in safe mode but i keep getting a blue error screen and cant move past that.

Answer:advanced virus removal / security tools malware?

Let's see if we can get a scan to workIf this works, go ahead and repost in the HJT forum. If not, post back hereRun this application and then immediately run your scanPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer or you will have to run it again

8 more replies
Relevance 56.99%

Sirs,
My desktop was recently infected with a malware security shield.After doing some google search I used first stopzilla avm 2113 .But since It wanted a registraion for repair scanning threats that I could not afford,I uninstalled it and then of my own I ran combo-fix.After that there seems to be no problem with my system that is windows7/32bit.however I donot understand the contents of its log report and need help from a suitable helper.the log report is enclosed.
moreover I want to know how should I protect my computer from subsequent threats as I cannot afford a fully paid anti virus.
thanks
vkwd7

More replies
Relevance 56.99%

I followed the Malware removal guide top to bottom, and it successfully removed the problem I had - which was that Google searches were returning false results

Thank you!

After completing the procedure I now get error alerts on my existing Security software:

1. Norton Internet Security 2009 -
a Risks in compressed file "dc1.exe"
b Risks in compressed file "Combofix.exe"

2. Spyware Doctor -
Application.NirCmd (22 infections)

Do you know if these are false alarms related to the Malware removal process?

Should I ignore these alarms, or let the software apply a fix?

Can I now safely toggle System Restore?
 

Answer:Security threats reported after completing Malware removal

I can't see log files for Malwarebites AntiMalware or for SuperAntiSpyware

I did run the scans but I don't think they found any infections
 

5 more replies
Relevance 56.99%

Hey Guys,
 
I Follow the 

CryptoLocker Ransomware Information Guide and FAQ
http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#decrypt
and set the security policies to avoid CryptoLocker attack my computer which are these 
 
Block CryptoLocker executable in %AppData%

Path: %AppData%\*.exe Security Level: DisallowedDescription: Don't allow executables to run from %AppData%.

Block CryptoLocker executable in %LocalAppData%

Path if using Windows XP: %UserProfile%\Local Settings\*.exePath if using Windows Vista/7/8: %LocalAppData%\*.exeSecurity Level: DisallowedDescription: Don't allow executables to run from %AppData%.

Block Zbot executable in %AppData%

Path: %AppData%\*\*.exe Security Level: DisallowedDescription: Don't allow executables to run from immediate subfolders of %AppData%.

Block Zbot executable in %LocalAppData%

Path if using Windows XP: %UserProfile%\Local Settings\*\*.exePath if using Windows Vista/7/8: %LocalAppData%\*\*.exeSecurity Level: DisallowedDescription: Don't allow executables to run from immediate subfolders of %AppData%.

Block executables run from archive attachments opened with WinRAR:

Path if using Windows XP: %UserProfile%\Local Settings\Temp\Rar*\*.exePath if using Windows Vista/7/8: %LocalAppData%\Temp\Rar*\*.exe
Security Level: DisallowedDescription: Block executables run from archive atta... Read more

Answer:Security Policies doubts after Malware Removal Tools

Instead of playing with the Local Group Policy Editor manually to set these GPOs, you should just download and use the free version of CryptoPrevent that will do everything for you and also offers you various options when it comes to the "thightness" of the settings.https://www.foolishit.com/vb6-projects/cryptoprevent/This tool was created following Lawrence Abram's instructions you just followed, plus some custom made rules, so you'll be good if you use it.

1 more replies
Relevance 56.99%

Hi All and Brian
 
I have moved my issue to the correct spot as requested.
 
All of a sudden I had Antivirus Security Pro flash up and tell me a had a whole heap of virus' and that people on the net could see me via my camera (my camera light was consistently on).  I suspect I got this from a dodgy site I visited (which obviously Microsoft essential did not pick up)
 
I following the instructions from this site http://www.bleepingcomputer.com/virus-removal/remove-antivirus-security-pro which appear to have removed most of it but I still have the following issues.
 
No matter what I download the virus windows comes up and deletes the file and secondly
And I could not find Microsoft Security essentials to uninstall. 
 
I have tried a Microsoft programme to try and remove/rectify  Microsoft Sec Essentials but it seem to still be there because I cannot install any new anti virus program (I have tried reinstalling MSE and even Trend but to no avail)
When I try and install MSE I keep on getting the 0x80070643 error
 
I have been contemplating doing a complete reformat??
 
 

Answer:Cannot remove Microsoft Security Essentials after malware removal

You are probably infectec with ZeroAccess rootkit.Open your topic here --> http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/Follow this guide --> http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

2 more replies
Relevance 56.58%

I use a Toshiba Satellite, XP home SP3. I disabled the wireless and am posting this on another terminal. I've used this forum before for other malware removal on others' computers, but "XP Home Security" is one I'm not seeing a solution to. I hope the information I have here is enough to clear it out, or at least go a good way to starting that process.By using firefox and only connecting when directly browsing, I've tried to minimize the chances of an infection, but today I was hit with "XP Home Security - Unregistered Version". Avast! Antivirus had always done the job very well, but it's not finding this one.The DDS log:DDS (Ver_11-05-19.01) - NTFSx86 Internet Explorer: 8.0.6001.18702Run by toshiba a100 at 11:53:45 on 2011-05-23Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1279 [GMT -7:00].AV: avast! antivirus 4.8.1368 [VPS 110523-1] *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}.============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exesvchost.exesvchost.exeC:\Alwil Software\Avast4\aswUpdSv.exeC:\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\Pro... Read more

Answer:XP Home Security malware

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
If I instruct you to download a specific tool in which you already have, please delete the copy that you hav... Read more

2 more replies
Relevance 56.58%

I have a maiware that mimicks security center title bar states "XP Home Security - Unregistered Version", it is designed to look like security center and pops up upon start-up and does a scan, says the computer is infected / has been hijacked / has a stealth intrusion / Malware detected. It then says to buy a "registered" version to remove the infection.

The mock security center opens when I try to access windows firewall and says that the Firewall is disabled and I need to register to turn it on. The computer is an Acer Aspire One netbook, I have disabled the WiFi to prevent access to the internet, this posting is being uploaded from another computer

DDS Log :
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Sandy at 19:04:45.40 on Fri 03/04/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.508 [GMT -5:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\... Read more

Answer:XP Home Security Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

2 more replies
Relevance 56.17%

Didn't have Spybot.Step 1: House Cleaning with CCleaner Slim was done, however, I didn't back up my registry because those instructions were at the bottom of the CCleaner Slim instructions.   Step 2: AdwCleaner (NOTE: there is no DELETE to click on--clicked on SCAN instead, and then Uninstall/or/Remove.  Logfile that was printed immediately after reboot follows:# AdwCleaner v3.216 - Report created 23/07/2014 at 01:31:40# Updated 17/07/2014 by Xplode# Operating System : Windows Vista (TM) Business Service Pack 2 (32 bits)# Username : SallyK - SALLYK-PC# Running from : C:\Users\SallyK\Downloads\adwcleaner_3.216(1).exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\Program Files\ConduitFolder Deleted : C:\Program Files\SearchProtectFolder Deleted : C:\Users\SallyK\AppData\Local\ConduitFolder Deleted : C:\Users\SallyK\AppData\Local\SearchProtectFolder Deleted : C:\Users\SallyK\AppData\LocalLow\ConduitFolder Deleted : C:\Users\SallyK\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedhFile Deleted : C:\END***** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedhKey Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298573Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}Key D... Read more

Answer:Logs for Malware Removal (Firefox tabs not opening to home (Google)

Running the various fixes seems to have fixed the problem.  Now when I click on a new tab, I get a Google search bar, with the 9 most recently visited sites displayed.  Please let me know if I should still do something else.Computer Hope site/forum is AWESOME!!!  Thank you very much!!

2 more replies
Relevance 56.17%

Didn't have Spybot.Step 1: House Cleaning with CCleaner Slim was done, however, I didn't back up my registry because those instructions were at the bottom of the CCleaner Slim instructions.   Step 2: AdwCleaner (NOTE: there is no DELETE to click on--clicked on SCAN instead, and then Uninstall/or/Remove.  Logfile that was printed immediately after reboot follows:# AdwCleaner v3.216 - Report created 23/07/2014 at 01:31:40# Updated 17/07/2014 by Xplode# Operating System : Windows Vista (TM) Business Service Pack 2 (32 bits)# Username : SallyK - SALLYK-PC# Running from : C:\Users\SallyK\Downloads\adwcleaner_3.216(1).exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\Program Files\ConduitFolder Deleted : C:\Program Files\SearchProtectFolder Deleted : C:\Users\SallyK\AppData\Local\ConduitFolder Deleted : C:\Users\SallyK\AppData\Local\SearchProtectFolder Deleted : C:\Users\SallyK\AppData\LocalLow\ConduitFolder Deleted : C:\Users\SallyK\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedhFile Deleted : C:\END***** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedhKey Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298573Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}Key D... Read more

Answer:Logs for Malware Removal (Firefox tabs not opening to home (Google)

Running the various fixes seems to have fixed the problem.  Now when I click on a new tab, I get a Google search bar, with the 9 most recently visited sites displayed.  Please let me know if I should still do something else.Computer Hope site/forum is AWESOME!!!  Thank you very much!!

2 more replies
Relevance 56.17%

Below is my hjt log. XP Home Security 2011 installed itself on my computer and is redirecting my google searches. let me know which one of these to remove. thanks

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:18:49 PM, on 5/9/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\run... Read more

Answer:XP Home Security 2011 Malware Help!

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
If I instruct you to download a specific tool in which you already have, please delete the copy that you hav... Read more

2 more replies
Relevance 55.76%

this was my original topic that describes my problems: http://www.bleepingcomputer.com/forums/t/260661/please-help-me-with-advanced-virus-removal-software-cannot-even-load-windows/ i was told at the end to post this log:Running from: H:\Documents\Win32kDiag.exeLog file at : C:\Documents and Settings\Administrator\Desktop\Win32kDiag.txtWARNING: Could not get backup privileges!Searching 'C:\WINDOWS'...Found mount point : C:\WINDOWS\$hf_mig$\KB890046\KB890046Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\addins\addinsMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP176.tmp\ZAP176.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP21D.tmp\ZAP21D.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP300.tmp\ZAP300.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\temp\tempMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\tmp\tmpMount point destination : \Device\__max++>\^Found mou... Read more

Answer:advanced virus removal/total security malware problem on my laptop

excuse me, i know you guys are busy, but it's been 3 days and i havent gotten a reply yet. i thought i read somewhere that topics that dont get activity after 3 days get locked or deleted, so was just wondering about that.

even if you may not answer my question immediately, a response would be appreciated.

4 more replies
Relevance 55.35%

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: AMD Athlon(tm) XP 2100+, x86 Family 6 Model 8 Stepping 1
Processor Count: 1
RAM: 1023 Mb
Graphics Card: NVIDIA GeForce 7600 GS, 1 Mb
Hard Drives: C: Total - 114439 MB, Free - 48872 MB;
Motherboard: ASUSTeK Computer INC., A7N8X2.0, REV 2.xx, xxxxxxxxxxx
Antivirus: AVG Anti-Virus Free Edition 2011, Updated: Yes, On-Demand Scanner: Enabled

I have run into the XP home security malware again, only this time there is a different twist. It has changed settings to where any Icon/service/.exe file I attempt to run, it causes the "Open With" popup to display and asks which program I want to use to open the file.

I can boot in safe mode and can operate ok, except, a lot of my programs have been either hidden or deleted. I cannot find things like, any Virus/malware programs, any browsers, etc. I have had to reinstall these in order to use them.

I have tried these things: SUPERAntispyware, Malwarebytes, SuperCombofix, Smitfraudfix, and a restore. When boot into safe mode and log into the Admin. I don't get the popup. But if I log into my user account the "Open With" popup still appears.

Logfile of HijackThis v1.99.1
Scan saved at 11:42:27, on 5/23/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\W... Read more

Answer:Open With popup from XP home security Malware

16 more replies
Relevance 55.35%

I have somehow gotten malware on my computer - XP Home Security 2012. Another site told me I needed to download "rkill" to get rid of it and said to come here, but I have not found rkill here or in search. Can someone please help!!

Thanks,
Susan

Answer:Malware Problem XP Home Security 2012

Follow the instructions in link below.
Remove XP Home Security 2012 (Uninstall Guide)

http://www.bleepingcomputer.com/virus-removal/remove-xp-home-security-2012

4 more replies
Relevance 55.35%

Yesterday my desktop went blank when i was working with some software, reboot would start and I could access programs while loading, for about 2 minutes, then windows explorer would shut down and my desktop would go blank. After much cleaning with adaware and regclean I found had malware on my computer. I still cannot boot windows normally, the same thing happens. I can only start my computer in special recovery mode now. After reading in these forums I decided that my problem was similar to others and ran a report through combofix. Of course I have no idea how to read it. Here it is though:

ComboFix 09-01-13.04 - Witte 2009-01-15 6:25:08.1 - NTFSx86 DSREPAIR
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.893.163 [GMT -6:00]
Running from: c:\users\Witte\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Witte\AppData\Roaming\QNVW601P.dll
c:\windows\system32\ddcBuuRJ.dll
c:\windows\system32\efcBrSJy.dll
c:\windows\system32\rQhHxWmk.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15 )))))))))))))))))))))))))))))))
.

2009-01-15 03:05 . 2009-01-15 04:36 <DIR> d-------- c:\program files\InstallShield Installation Information
2009-01-15 03:05 . 2009-01-15 03:11 <DIR> d-------- c:\program files\Common Files\Panda Security
2009-01-15 01:45 . 2009-01-15 01:45 <DIR> d-------- c:\windows\System32\Pr... Read more

Answer:Malware? removal vista please help

ok my advice is to ask the folks on here http://www.techsupportforum.com/f50/ you do have some things on your drive that is not worked with on this forum i would ask you to read the rules and stickys as to how the forum works goodluck

1 more replies
Relevance 55.35%

I've been trying to remove a virus called Vista Total Security from my computer for a while now I have tried googling some removal guides but I cannot follow them as even in Safe Mode with Networking I cannot run a downloaded program, I'm locked out of pretty much all my programs I cant use CMD. The only process in task manager that I know is the virus is nyt.exe and after ending it as soon as try and open something or run something it doesn't want me to it appears back on task manager again straight away. Can anyone help I really don't know what to do with this Thanks Jordan.

Answer:Vista Total Security removal help

physically remove your drive and slave it to another PC and do your virus and spyware scans that way.Some HELP in posting on Computing.net plus free progs and instructions Cheers

3 more replies
Relevance 55.35%

I am currently running Windows Vista and inadvertantly downloaded the Vista Security 2011 malware file yesterday. I had a malware issue before, and BleepingComputer.com was very helpful. So I'm hoping you can help me out this time! As soon as the Malware hit, I restarted my computer in "safe mode with networking" mode. After doing that, I ran rkill. It did not report that it stopped any process. So I ran Malwarebytes and performed a full scan on my C: and D: drive. It detected 2 files and quarantined them. I deleted the files and restarted my computer.When I logged into my user profile, I noticed two problems.1. The program icons that normally appear in the lower right hand corner of my screen, such as McAfee Security Center, Secunia PSI, Dell Touchpad, and Dell Support were no longer there.2. When I tried to run any of my normal executable programs, such as Mozilla, nothing would happen. If I clicked on an icon there would be no response. However, if I right-clicked on an icon, then "Start" would be among the options listed. If I clicked on "Start" the program would run.I tried logging into a different user profile on my computer, and noticed that the icons missing from my personal profile were present and accounted for. They were just missing form my personal profile.I did a search on "bleepingcomputer.com" for instructions on removing the Vista Security 2011 Removal malware, and noticed there was one step I did no... Read more

Answer:Vista Security 2011 Removal

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

2 more replies
Relevance 55.35%

how do you remove vista security 2012

Answer:vista security 2012 removal

Hello and welcome.Please follow our Removal Guide here (Uninstall Guide) .After reading how the malware is misleading you ...You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

1 more replies
Relevance 55.35%

Hi,I have a machine infected with the Vista Security 2012 virus. I followed the directions posted on your forum and downloaded "fixNCR" onto a flash drive on a clean computer. I then ran "fixNCR" on my infected computer. I am still not able to access internet explorer although some other executables are available. When I attempt to log on to Internet Explorer I still get the "Vista Security 2012 Firewall Alert" screen. When I close that and attempt to go to the Rkill website to download I am unable to do so.Edit: Moved topic from Vista to the more appropriate forum. ~ Animal

Answer:Vista Security 2012 removal

check proxy settings in IE in tools/internet options/connections/Lan settings. make sure use proxy is unchecked !

1 more replies
Relevance 54.94%

I just ran the Remove Vista Internet Security 2012 (Uninstall Guide) tutorial and it seems to taken car of the malware in safe-mode. But now an issue is happening when I get to the end of tutorial after rebooting from Malwarebytes and booting back to the normal boot mode. And the system seems to give give the following error then lock up not allowing other programs to run. A dialog box titled MalwareBytes, with the following message:"[Open Event] failed to perform desired action. Error Code : 2"A search on the error points to basically reinstalling Malwarebytes, but that does not solve it, even just removing malwarebytes all together doesn't solve it. After normal startup then the error the system gets lock up.Is there something else going on here that needs to be looked at, I was trying to find registry entries tied to malwarebytes or Run Once that might be causing it to run and error, but no luck yet? HiJackThis does not show any weird programs in the Run keys either?Any Further Ideas?

Answer:Vista System Locks Up After Malware Reboot - Remove Vista Internet Security 2012 (Uninstall Guide)

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/432088 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 54.94%

Hi Bleeping Computers:

I appear to be having the same problems that a user named mrmastodon was having in removing the XP Home Security 2011 malware from his computer (see http://www.bleepingcomputer.com/forums/topic388832.html) However, my computer seems more debilitated than his. While I can get into "safe mode with networking," I cannot get into plain "safe mode."

Even worse, I can't seem to install any of the programs that could fix the problem. Any .exe file I attempt to start up is killed by the XP malware.

Dare I run a ComboFix program? I'm having all the same problems running Rkill that mrmastodon had in the aforementioned topic. Please help!

Answer:Many, Many Problems Removing XP Home Security 2011 Malware

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. Please take note: If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic and do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the '... Read more

3 more replies
Relevance 54.94%

Hi,

It seems my machine is heavily infected with malware (trojans, rootkits probably)

The symptoms are as follows-

1) I cannot open any program from the Start menu like firefox, Antivirus, MS Office, MSPaint, regedit It keeps prompting the Open with Dialog Box and when I click ok it downloads a local exe file for the program in question say for example firefox.exe.

2) I cannot open anything in the Control Panel, say Display Option etc. It says C:\Windows\System32\rundll.exe- Application Not Found

3) I cannot update Antivirus (Miscrosoft Security Essentials, it fails to connect to the internet though I can connect on IE

4) Web addresses get redirected.

5) Cannot run GMER.exe

****************
DDS log
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by ranit_banerjee at 15:56:27 on 2011-12-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1362 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Fil... Read more

Answer:XP Home Security Malware attack- Multiple problems

9 more replies
Relevance 54.94%

I recently became infected with a version of the av soft virus, which I removed with Malwarebytes... and I thought everything would be fine.
Now, I'm having several problems... I can't access most programs, Itunes tries to reinstall but then says the operation cannot be performed.
I can't open any download link in IE, it says there is a .exe error, and the page could not be found. Other problems include not being able to print at all from the internet, and not being able to open/view any .pdf, or video. The internet is extremely slow, compared to before....
I honestly have no idea where to start, or what to do... any ideas?
Thanks!

Answer:Problem with Vista after malware removal

Probably still infected. We need a deeper look. Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If Gmer won't run,skip it and move on.Let me know if that went well.

1 more replies
Relevance 54.94%

Hi,

I have just finished a lengthy malware removal process with great help and guidance from Thisisu at this forum, but now my pc is still quite slow and running internet causes script problems.

Can you guys check the attached files and advice me what to do?

Thanks!
Elmer
 

Answer:Vista slow after malware removal

It would appear that there is a problem with a component of your network drivers built into Windows.

I have moved this post to the networking forum so you get more appropriate responses.
 

2 more replies
Relevance 54.94%

Please help me!I have an infection that redirects search results when I click on them. It doesn't matter if I'm using IE, Firefox or Chrome, it still does it. I have tried several programs to remove it, but to no avail. Please help me as soon as you can!I was reading other logs with similar problems and tried to follow some of the scans they suggested. I have done an scan with rootkit unhooker for drivers and stealth code, as well as a scan with OTL. The subsequent reports are below.Thanks,Stranded without a computerROOT KIT UNHOOKER REPORTRkU Version: 3.8.388.590, Type LE (SR2)==============================================OS Name: Windows VistaVersion 6.0.6001 (Service Pack 1)Number of processors #2==============================================>Drivers==============================================0x8F40C000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7565312 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 156.09 )0x8204E000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)0x8204E000 PnpManager 3903488 bytes0x8204E000 RAW 3903488 bytes0x8204E000 WMIxWDM 3903488 bytes0x9A840000 Win32k 2109440 bytes0x9A840000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)0xAFA06000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\Vir... Read more

Answer:Removal of malware on Windows Vista

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

2 more replies
Relevance 54.94%

Ok this Total Vista Security has somehow infected me, not sure how because im very careful not to click the popups etc about virus's i supposedly have but idk anyway ive found this http://www.bleepingcomputer.com/virus-remo...-total-security of how to remove, but it says to look for tsc.exe BUT i dont have it there :|Also says look for something else with a SHIELD or PADLOCK but again.. i got nothing!Someone please help me find out which i need to remove or give me a different method of removal, i need this removed asap! Thankyou

Answer:Help Asap! Total Vista Security Removal

Hello logue92 and good evening,Have you tried running any programs such as MBAM or SAS?Before running them, use TFC by Old Timer which can be found here. Make sure you close and save all your work before running TFC since it will more than likely need to reboot your computer.Are you pretty sure that you are dealing with the correct name rogue program? They tend to look alike and one word can change the removal process.

2 more replies
Relevance 54.94%

hey, i need help removing this total security malware off my computer, i tried some of the given spyware deletion programs from this website nd they wouldnt work for windows stupid vista so i need help plz!

Answer:total security removal!! need help [Moved from Vista]

Moving to the Am I Infected forum for you.

3 more replies
Relevance 54.94%

Yesterday while reading a pop up of Vista Internet Security pops up, It looked fake so I know I picked up something. I'm using a public network if that makes a difference since these are places I never had a problem with before.

When I did the Gmer.exe I tried to follow the instructions but when to scan the section was already checked and the rest were grayed out.

Checked sections: Services/Registry/Files/C:/ADS

So I've added what it did with the attach.txt file. At the moment I don't have a boot disk but I am still able to use this laptop with the infection. I'm either saying no to "fix the problem" or closing the pop ups when they occur.

Here's my stuff:


DDS (Ver_09-12-01.01) - NTFSX64
Run by Arlene at 7:47:03.44 on Tue 03/09/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_15
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.1914.919 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\RtkAudioService... Read more

Answer:Vista Internet Security 2010 malware x64 Vista

I fell asleep and left the wireless on I think but the windows update decided to update and restart my computer, now I have lost my task manager saying it is not there. I also no longer see the fake vista logo my start up and the popups are gone. Since I didn't get help yet I decided to let my Mcafee do its weekly scan.

Now something has happened and I don't know what it is. I knew as long as I kept the computer on, the malware couldn't do anything but I am asking really for help since it Friday and I don't have a backup plan if I need to wait three more days into the weekend.

2 more replies
Relevance 54.53%

hello, a friend has droped off a broken windows xp computer with me for repair. The followed http://www.bleepingcomputer.com/virus-remo...-security-suite this guide section 'automated removal section and now the PC bluescreen's on both normal and safemode. Looking for guidance as to what they might have broken. Thoughts? The BSOD is a stop c000021a - windows logon process system process terminated unexpectedly with a status of 0xc00000005 (0x00000000 0x00000000).

Answer:BSOD after following "automated removal instructions for security suite using malwarebytes anti-malware guide

Hi .The majority of references I see for this...are for Win 2K. XP users who have this error...don't really seem to get a resolution of any sort that I can see.From looking at the Win 2K references, I'd say that the registry is jumbled. A repair install effort would be worth a try...but I suspect that a clean install will be the ultimate resolution.Some Google Links.Louis

1 more replies
Relevance 54.53%

When the fake XP 2012 Security Center popped up, it's activity and nonstop fake threat pop ups scared the crap out of me, but I knew I had aquired a virus. I noted down some key behaviors and turned to my only other internet connection: My old Moto Q smartphone to begin web searching for information. I have spent literally hours on the search from my phone, viewing webpages and forums most in a single column a few words wide. I read everything I could find on tis site, without printing capabilities I hand copied tutorials and guides. This started nearly two weeks ago.
I had a brief opportunity at a clean computer with a USB, and a list of every tool I might need, I can't even save tools to the miniI followed given directions for this specific .malware removal, san disk this thing uses.
After days at it, I think I am at the light at the end of the tunnel, but I need help with the most annoying, and ddifficult hurdle: I cannot get my PC back online. I followed the prep and I have my logs and Ive got them on the mini sandisk to hopefully be able to post them through my crappy old phone. this has been a nightmae, but this site and all the volunteers are my new heros! Im crossing my fingers now, as Im about to get these logs up and not lose all this that Ive typed.

Answer:Nightmare battle with the rouge trojan XP Home Security 2012, possible complete removal but with loss of Internet connectivity

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/433968 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 54.12%

I am at the end of my rope and running XP on a cheap Dell Mini, so I am *this* close to throwing the computer away and buying a new one. But I thought I would try posting here as a last resort.

My computer has become infected with the XP Home Security 2011 Malware. I knew I had it when it browser windows started randomly redirecting and SystemTool appeared in my start menu, but it laid fairly dormant for some time before fully taking over my oomputer. When I first became aware of its presence and before it took control, I ran the newest version of MalwareBytes several times but it never tagged anything malicious for removal. Now that the virus has taken over my computer, I can no longer run MalwareBytes. So... I have tried rebooting in "safe mode with networking." Problem is, the Malware is STILL active while the computer is running in safe mode, so it continues to block the MalwareBytes process. I have even tried backing out to complete bare bones, "safe mode with command prompt" -- no dice. The stupid malware STILL runs and STILL blocks my attempts to open MalwareBytes.

I downloaded rkill and attempted to use it the way others have to pave the way for MalwareBytes to run, but rkill has its own set of problems. When I lauch the program, it takes a good five minutes to bring up the black command screen and run. In these five minutes, if I have the task manager open, I can watch it battling with the XP Home Security 2011 Malware, whose process will keep p... Read more

Answer:Many Problems Removing XP Home Security 2011 Malware - Am I The Only One Experiencing This?

Hello mrmastadon, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.Lets boot into Safemode with Networking and see if we can get some tools to run. Download the following scanners and then boot into Safemode to run them.1. 1. Please download OTL from one of the following mirrors: This is THE Mirror
2. Save it to your desktop.
3. Double click on the icon on your desktop.
4. Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxsc... Read more

10 more replies
Relevance 54.12%

I am fixing a PC for a friend who had a bunch of viruses on his machine. Some of these viruses were AV8 Rogue Anti Virus and Whitesmoke. I followed the malware removal guide and ran CCCleaner, SAS, MB Bytes, Combo Fix, and MG tools. I have also tried the "Repair" option(F8 on startup) and that just asks for a user/password screen and wont let me by. I also tried Last know good Config and that keeps rebooting as well.

The log for Combofix said it found a rootkit (Bootkit TDL4) I beleive. Now when I reboot the machine into normal mode, it displays the log in for a few seconds and the reboots. It keeps doing this unless I boot into Safemode.

I can boot into "Safe mode w/Networking" and everything seems to be fine, but obviuosly I would like to boot into normal mode. Also, when it does boot into Safe mode it always pops up the "System properties" window and Help for Safe mode.

I am attaching the latest log files from SAS. MBBytes, Combofix and MGtools as well.

Any help would be appreciated. Thanks
 

Answer:Vista machine keeps rebooting after malware removal

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




O4 - HKUS\S-1-5-18\..\Run: [MqmPab] C:\Windows\TEMP\ckf4ud.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [jaryxnfl] C:\Windows\TEMP\wwwodmrvf\snfmrhflajb.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MqmPab] C:\Windows\TEMP\ckf4ud.exe (User 'Default user')Click to expand...

After clicking Fix, exit HJT.

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.
* Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
* If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
* Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::

Files::
C:\Windows\TEMP\wwwodmrvf\snfmrhflajb.exe
C:\Wi... Read more

36 more replies
Relevance 54.12%

Haven't posted in a while...here it goes. I recently had malwarebytes remove some program that hid all the desktop icons and several other folders within the C: drive. Once I removed the malware, the folders showed up, but they are now checked as "hidden", so they show up dimmed/faded out. I have my settings to be able to view hidden files.

I can individually right-click every folder and uncheck the box that reads "hidden", but this could potentially take hours or days.

Is there a way in Vista to uncheck "Hidden" on all folders at once? I tried folder options in control panel, but the best I could find was "show hidden files" which I already have activated. There has to be a more efficient way than going through each folder one-by-one.

Thanks
 

Answer:Dimmed icons in Vista after malware removal

Hello, looks like you got an infection that changed the attributes of the files on the machine to hidden (+H). Probably you're shortcuts as well. If I understand the shortcuts are backed up to a temp folder so don't run a temp cleaning app.

Please head over to The Read & Run Me:

Once you have the logs that are requested, please start a thread in, Malware Removal:

Attach the requested logs, please.

Cheers..
 

1 more replies
Relevance 54.12%

Hi, thanks in advance.
 
I have the Windows Activation window pop up immediately after logging into Windows Vista in normal mode and also when starting in Safe Mode with Networking.  I can log into Safe Mode without networking.
 
The window is the one that gives 4 options and reboots if you don't select Activate online now.
 
I have run Malwarebytes from Safe Mode with no luck but that is only with old definitions. I've also run SUPERAntiSpyware and SpeedyPC Pro.
 
Please help.
 
Alistair

Answer:Vista Windows Activation malware removal

That window may be actually real. If you use some registry tools like SpeedyPC Pro it's easy to mess things up.Registry cleaners/optimizers are not recommended for several reasons: Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still ano... Read more

1 more replies
Relevance 54.12%

Hi,

New to the forum, apologies if this isn't posted in quite the right place

Wanted to put a message on here mainly in thanks for the details on the main site on removing this extremely aggressive one! Largely this site saved my pc! Excellent work.

For information i'm running vista business edition

However, couple of points I have to add from my experience that i think will be helpful for others:

1. The instructions of the fixreg.exe could be amended to make it clearer as to what will happen - i.e. just a short note to say that you'll need to choose 'start' from the right click menu

2. upon completion of the exercise and malware bytes has removed everything you will find the pc still having the temporary .exe fix and programs not being able to start unless through this 'start' option
This aspect and how to fix it should maybe put in this area?

I tried to find a reverse for altering the registry key, but only really found help with regards to XP.

Eventually i did find one that was from a site with various file extension fixes, but it didn't work - comments on the site did suggest a lower success rate with this

I managed to resolve the problem via a system restore. This scrubbed malware bytes, but of course this will be going back onto the pc!

I hope this information will be helpful to anyone else who gets this horrible one

Thanks once again for the help!

More replies
Relevance 54.12%

I caught the nasties, Virtumone and New.NET last week and I removed them... but every since, Security Center won't start and I get Security-related errors all the time... sometimes even when just trying to start Task Manager. I have looked all over the Web for a solution and can find none. Has anyne else experienced this problem or can provide any insight?

My HiJackThis Log (it seems clean to me):
 

Answer:Vista Security Center Cannot Start After Infection Removal

Sorry for the delay ...we are scratching our heads over this....let me quote Chas




I'm really wondering if it is somehow related to the Security Center Service that Spybot is installing. I'm not sure what the real fix is. This may be something to get help on in the Software Forum. You need input from people actually running Vista. I remember reading some references to doing something with the Service and login on as LocalService with the admin account and password (or the user account & password ..... ) I don't remember all the particulars right now. I also don't remember anything that seemed like it worked reliably.Click to expand...

In the meantime:
Run HJT and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXEClick to expand...

NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

After clicking Fix, exit HJT.
 

6 more replies
Relevance 54.12%

I'm not sure if this goes in here or the logs forum (or somewhere else?), so I apologize if I've stuck this in the wrong spot.
The computer is a Toshiba Satellite A205-S5859 laptop running Windows Vista Service Pack 2. It has a very deep-rooted and self-protecting bit of malware that is known as Web Protect or MyOSProtect. It could not be removed with the Add and Remove Programs feature because until the main executable was eradicated, the computer would blue screen (0x7F I think) before anything had a chance to come up (typically a 3 or so minute wait). It was partially removed with the help of MalwareBytes Anti-Malware (1.5ish version, using newest offline rules downloadable), but the rest of it is preventing me from being able to fix a separate problem it caused: because it made itself part of the LSP stack and the relevant DLL is gone, it can't properly interact with any network. But I can probably get that back in order as long as I am able to get rid of the malware that's protecting the registry entries and file handles in its Program Files folder. How do I go about doing this?
Things I've tried:
-> AVG Rescue CD - I wound up having to do a system restore since its healing process made it unable to boot normally or in safe mode.
-> MalwareBytes Anti-Malware - It got rid of some of the main DLLs in the Program Files folder as well as the MyOSProtect executable, but the rest of the DLLs in the folder are untouchable due to "invalid file handles."
-> SysInternals ... Read more

Answer:Windows Vista Home Premium: MyOSProtect faulty removal

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scr... Read more

8 more replies
Relevance 54.12%

I'm currently not on the computer that is having the issues, so I need to know what information to post in my next reply. I'm waiting on the computer to finish the windows updates that snuck in while I was running my virus scanner before it restarts.
--edit--
In my haste I didnt read the pinned topics.

Ok, I'm working with an emachines model EL1200, running windows vista home basic. When I got the computer, I ran malwarebytes, and it came up with a laundrylist of things that were wrong with it. I will post that log when i have access to it. I asked malwarebytes to clean the computer, and it did so. However, there were still some things that weren't working. Remove Programs, any Internet access, All of the icons on the taskbar, the accessorys file in the start menu had disappeared, All the user data (documents, pictures, and music) had been set to read only-hidden, and it was still very sluggish.

So I moved the user data to a flash drive, and did the only thing that I knew to do. Re-image the computer. I only had a copy of windows xp pro 64bit and so I researched the computer specs and was under the impression that it was compatable with the hardware. I deleted all four partitions, and installed the xp. It surely was not compatable. The LAN drivers proved to be impossible to find.. So I got a Vista disk from my tech friend and restarted the computer, booting to the disk. it didnt ask me if I wanted to format, so I'm thinking that's where i got sc... Read more

Answer:Windows Vista home basic win32\Alureon removal

DownloadTDSSkillerLaunch it Click on "Scan".Please post the LOG report Please download GMER from herehttp://www2.gmer.net/download.phpTemporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply. DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here

3 more replies
Relevance 53.71%

On my other computer, I received the popup for the Vista Home Security virus. It has turned off Live Essentials and will not let me open it. It won't let me access the internet. I have been to other forums and followed their instructions, but to no avail. I do not know what to do. I am not very computer literate, that could be part of the problem. What can I do?

Answer:Vista Home Security

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.

You have a bad infection.

Removal instructions are explained on the following link.

Remove XP Anti-Spyware 2011, Vista Security 2011, and Win 7 Internet Security 2011 (Uninstall Guide)

Print the instructions and follow them in the order given.

If at any time you need advice on how to proceed feel free to ask for help.

===

When all is done please post the result of this DDS scan.

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about yo... Read more

13 more replies
Relevance 53.71%

I have the vista home security virus. It will not let me on the internet, removed all of previous restore points so can't restore and blocks all virus scans by shutting off the computer, does this in safe mode also. I have another computer that I have been trying to use to get virus removal stuff, but it wont let it in and scan. I did get spy doctor and registry mechanic in. Spy doctor would scan if i gave it a shot first, now it just shuts down at 60%. Please help. How do I get rid of this thing?
 

Answer:vista home security

I got it off. For those that need help with this one. I downloaded Microsoft Security Essentials. It found and removed it with a quick scan that took 45 minutes.
 

1 more replies
Relevance 53.71%

Vista Home Security alerts keep popping up. Says I am infected with several virus and being attacked by something, that I need to registar my version. I connect to internet. I have tried safe mode with networking to no avail. Please help me before I shoot my computer!

Answer:Vista Home Security

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

2 more replies
Relevance 53.71%

Referred from here: http://www.bleepingcomputer.com/forums/topic393685.html/ ~ OBDDS (Ver_11-03-05.01) - NTFSx86 Run by Maggio at 17:47:47.23 on Tue 05/03/2011Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3070.1232 [GMT -5:00].SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\NVIDIA Corporation\Display\NvXDSync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\System32\spoolsv.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\svchost.exe -k LocalServiceNoN... Read more

Answer:Vista Home Security

I skipped GMER, what do I do now? Also MBAM Scanned.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6523

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

5/6/2011 8:31:28 PM
mbam-log-2011-05-06 (20-31-28).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 569302
Time elapsed: 1 hour(s), 49 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Backdoor.Cycbot.Gen) -> Value: conhost -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hN06509McAjK06509 (Trojan.FakeAlert) -> Value: hN06509McAjK06509 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quar... Read more

3 more replies
Relevance 53.71%

My pc is very slow, "Just-In-Time" debugger window pops up ever minute and have an XP home security 2012 icon on my task bar which I came to find out was Malware. I've tried scanning with a couple different malware softwares but no luck in getting rid of these two. I'm posting this Hijack this log in hopes that I can get help with this. Thanks in advance!


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:33:43 PM, on 1/23/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\sv... Read more

Answer:Hijack this log to remove >>> Just In Time Debuger and XP Home Security 2012 Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

3 more replies
Relevance 53.71%

still have problems. I followed the procedures (http://forums.majorgeeks.com/showthread.php?t=139681) to a tee.

During the process, Malwarebytes found four Trojans. I removed them once, restarted, and ran Malwarebytes again just to be sure, and the four Trojans were still there. So I went into registry and removed one of them remaining manually (it was the second one in the log ... DhcpNameServer), restarted the computer, and ran Malwarebytes again. This time I could no longer find any problems.

However, I still can't do any of the followings.

*I can't access Spybot and the other antimalware websites (so can't download and run Spybot)
*I can't update Adaware, Malwarebytes (19 days old --- btw, I could not update the definitions using the download from MajorGeeks, so I used the old definition -- it is the old definition that found four Trojans.), A-squared, SuperAntispyware ... none of those.
*during webbrowsing using Firefox, a new window pops up and direct me to various websites, some malicious and some harmless (according to WOT that I have installed).

BTW the reason I don't have SuperAntiSpyware attached is because the program did not detect anything. It was Malwarebytes that found four Trojans.

Thanks so much for your help. I'm longingly waiting for your response. Thank you.

UPDATE: For the heck of it, I ran Malwarebytes again, and I found the same Four Trojans Back on my computer!!!! I don't understand!! Please HELP!
 

Answer:Pls. Help -- folllowed all the procedures listed on Vista Malware Removal but

PS: Prior to trying the procedures, I also tried running scans in Safe Mode --(Symantec Endpoint, outdated miscellaneous antimalware programs) -- found nothing. Thank you!
 

28 more replies
Relevance 53.71%

Got kicked after i typed up a very long post and now its gone.. Followed windows Vista fix guide got nowhere Tried windows 7 malware removal. The issue is with my laptop shut down the primary problems but still getting google redirects empty start bar and hidden files all over the place System is very much still infected.

1.SAS failed to install, Portable crashes after 5000 scans (2 threats) Skipped
2.MBAM installed updated crashes after 25 seconds no scans made (afterwards it seems to be deleted as i have to install it and update it again to re run it) Skipped
3.Combofx Get an alert about a Virut possible and contaminated file, deleted downloaded from place it mentioned same thing, try launching again it launches but hangs on scanning (let go for over an hour) Deleted redownloaded same results.
4. Skipped rootrepeal as i'm running vista 64 bit
5. Running MGTOOLS After getting an error about a missing file it continues to search for different things will post when it finishes or fails...Shortly after agreeing to the hijackthis acceptance Something kept opening a compose mail Window, as nothing in the guide refers to this i would close to, never got a scan completed finish on MGTOOLS it simply close and no log file exists where it should be.. Attempting to run it again but i believe this is enough information to get the ball rolling, Again no log files exist for any of the scans as they couldnt finish. Hoping for help in a big way ~Menace
 

Answer:Windows Vista Malware Removal Complete Failure

Have you tried running the scans in safe mode?

Please download and save the below tool from Grinler @ bleepingcomputer to your Desktop or anywhere else you can find it ( if the Desktop is not showing )

http://download.bleepingcomputer.com/grinler/unhide.exe

Now run it. Now see if you can find the items that seemed to be missing?

Now try to run this:
TDSSkiller - How to run

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Administrator


You only need to get one of them to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif
* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.

If you are having problems running Rkill, you can download iExplore.exe or eXplorer.exe, which are renamed copies of Rkil... Read more

26 more replies
Relevance 53.71%

Hello all, let me thank you in advance for your time on this.
I am working on my mother's computer (Aspire 6gig ram, 1T HD, Pentium)
She has been unable to access her email for a while now, and I took an initial run at the issue with HighjackThis. (I'll attach the logs)
HJT recommended a series of fixes, which I checked, only to find that they didn't go away.
I then turned to this faithful site.
I have run the Vista, Win 7 and Win 8 Malware Removal/Cleaning Procedure.
Attached are those logs.
As always, all advice and attention is greatly appreciated.
Thanks.
-Dave.
 

Answer:Working through Vista, Win 7 and Win 8 Malware Removal/Cleaning Procedure

Added the log files.
Thanks.
-Dave.
 

2 more replies
Relevance 53.71%

Vista Total Security 2013 is a rogue security software which will report that malware has been detected on your computer in an attempt to scare you into buying this malicious software.
In reality, none of the reported issues are real, and are only used to scare you into buying Vista Total Security 2013 and stealing your personal financial information.

As part of its self-defense mechanism,Vista Total Security 2013 has installed a rootkit on your computer,which will disable the Windows Task Manager and will block you from running any program that could lead to its removal.

Vista Total Security 2013 is a scam and you should ignore any alerts that this malicious software might generate.
Under no circumstance should you buy this rogue security software as this could lead to identity theft,and if you have, you should contact your credit card company and dispute the charge stating that the program is a scam and a computer virus.
Removal instructions for Vista Total Security 2013 virus​This is a self-help guide, use at your own risk.
If you experience problems completing this guide, or the problem persists after following the instructions below or would like to have one of our staff members guide you through the process, please start a new thread in our Malware Removal Assistance forum.
STEP 1 : Start your computer in Safe Mode with Networking

Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.

Press and hold the F8 key as your comput... Read more

More replies
Relevance 53.71%

I got the 2012 Vista Security Virus yesterday, and I followed these removal instructions:
http://www.bleepingcomputer.com/virus-removal/remove-vista-security-2012

I finished all the steps, and today I can access the internet, but some programs (Spotify, MestReNova) will not open. I checked the task manager and Firefox, MBAM, and the previous programs have become .exe *32. Their icons also include the Vista Security Virus Logo.

Thanks in advance for the help!!

Answer:2012 Vista Security Virus Post Removal Issues

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

3 more replies