Computer Support Forum

Unable to Run any Malware removal tools Combofix Spybot etc

Question: Unable to Run any Malware removal tools Combofix Spybot etc

Hi, apologies If I have not done this correctly.... First post.

I am unable to run Combofix in Safe Mode or Unsafe, Spybot and Malwarebytes, I can click the .exe shortcuts but nothing happens. I realised I had a problem when my google started redirecting to other sites then just crashing or going to blank screens. See my scan below, and attached unfortunatley unable to run any other screeners etc as I cant get them to startup.

Not sure how complex this problem is but it would allowme to login or register to your site on the problem pc, when I clicked agree to terms it came up you didn't agree etc. Then when I registered on the other comp I still could'nt and can't login on the problem pc....

Thanks in advance for any support
Kevin
DDS (Ver_09-02-01.01) - NTFSx86
Run by kev at 16:52:41.02 on 22/02/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.5.0_12
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.536 [GMT 0:00]
AV: AVG 7.5.552 *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\kev\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = hxxp:///
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: NoExplorer - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_12\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_12\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\kev\applic~1\mozilla\firefox\profiles\h2r5ca2b.default\
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJPI150_12.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPOJI610.dll
============= SERVICES / DRIVERS ===============
R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2007-12-27 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2007-12-27 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2007-12-27 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-12-27 10760]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.SYS [2007-12-27 2295]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2007-12-27 15360]
R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2007-12-27 418816]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2007-12-27 49664]
R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2007-12-27 406528]
R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2007-12-27 4960]
S3 {FBE1D620-5418-4aae-A0F0-316D590663A1};{FBE1D620-5418-4aae-A0F0-316D590663A1};\??\c:\windows\system32\{fbe1d620-5418-4aae-a0f0-316d590663a1} --> c:\windows\system32\{FBE1D620-5418-4aae-A0F0-316D590663A1} [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-3-16 13352]
=============== Created Last 30 ================
2009-02-09 00:05 36,864 a------- c:\windows\system32\SDDEVMGR.dll
2009-02-06 22:41 1,197,294 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-02-06 22:41 764,868 -------- c:\windows\system32\dllcache\apph_sp.sdb
2009-02-06 22:41 217,118 -------- c:\windows\system32\dllcache\apphelp.sdb
2009-02-06 22:40 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-02-06 22:34 <DIR> --d----- c:\program files\VideoLAN
==================== Find3M ====================
2009-02-05 22:01 7,304 a------- c:\windows\TMP0001.TMP
2008-12-12 17:33 3,060,224 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 11:57 333,184 a------- c:\windows\system32\dllcache\srv.sys
2008-10-15 08:57 83,544 a------- c:\docume~1\kev\applic~1\GDIPFONTCACHEV1.DAT
============= FINISH: 16:53:37.87 ===============

Relevance 100%
Preferred Solution: Unable to Run any Malware removal tools Combofix Spybot etc

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Unable to Run any Malware removal tools Combofix Spybot etc

My Combofix log after running, I got this running after changing the name.

ComboFix 09-02-21.01 - kev 2009-02-23 22:15:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.701 [GMT 0:00]
Running from: c:\documents and settings\kev\Desktop\ComboFix1.exe
AV: AVG 7.5.552 *On-access scanning enabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_006126_.tmp.dll
c:\windows\system32\_006127_.tmp.dll
c:\windows\system32\_006128_.tmp.dll
c:\windows\system32\_006129_.tmp.dll
c:\windows\system32\_006135_.tmp.dll
c:\windows\system32\_006136_.tmp.dll
c:\windows\system32\_006137_.tmp.dll
c:\windows\system32\_006138_.tmp.dll
c:\windows\system32\_006139_.tmp.dll
c:\windows\system32\_006141_.tmp.dll
c:\windows\system32\_006142_.tmp.dll
c:\windows\system32\_006145_.tmp.dll
c:\windows\system32\_006146_.tmp.dll
c:\windows\system32\_006148_.tmp.dll
c:\windows\system32\_006149_.tmp.dll
c:\windows\system32\_006150_.tmp.dll
c:\windows\system32\_006152_.tmp.dll
c:\windows\system32\_006155_.tmp.dll
c:\windows\system32\_006156_.tmp.dll
c:\windows\system32\_006160_.tmp.dll
c:\windows\system32\_006161_.tmp.dll
c:\windows\system32\_006163_.tmp.dll
c:\windows\system32\_006166_.tmp.dll
c:\windows\system32\_006168_.tmp.dll
c:\windows\system32\_006169_.tmp.dll
c:\windows\system32\_006170_.tmp.dll
c:\windows\system32\_006171_.tmp.dll
c:\windows\system32\_006172_.tmp.dll
c:\windows\system32\_006175_.tmp.dll
c:\windows\system32\_006176_.tmp.dll
c:\windows\system32\_006177_.tmp.dll
c:\windows\system32\_006178_.tmp.dll
c:\windows\system32\_006179_.tmp.dll
c:\windows\system32\_006184_.tmp.dll
c:\windows\system32\_006186_.tmp.dll
c:\windows\system32\drivers\UACnqqoedbw.sys
c:\windows\system32\UACcmalexvk.log
c:\windows\system32\UACebafmxfb.db
c:\windows\system32\UACixrohntt.log
c:\windows\system32\UAClwxidmir.dll
c:\windows\system32\UACpatneaon.dll
c:\windows\system32\UACqeexdore.dll
c:\windows\system32\UACulqpppmn.dll
c:\windows\system32\UACvpevxews.dat
c:\windows\system32\UACwwkvdjyq.dll
c:\windows\system32\UACxvbuyfbo.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_{FBE1D620-5418-4AAE-A0F0-316D590663A1}
-------\Service_{FBE1D620-5418-4aae-A0F0-316D590663A1}
((((((((((((((((((((((((( Files Created from 2009-01-23 to 2009-02-23 )))))))))))))))))))))))))))))))
.

2009-02-23 21:58 . 2009-02-23 21:59 <DIR> d-------- C:\ComboFixx
2009-02-23 21:33 . 2009-02-23 21:33 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-23 21:33 . 2009-02-23 21:33 <DIR> d-------- c:\documents and settings\kev\Application Data\Malwarebytes
2009-02-23 21:33 . 2009-02-23 21:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-23 21:33 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-23 21:33 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-23 21:25 . 2009-02-23 21:25 <DIR> d-------- c:\program files\Trend Micro
2009-02-22 19:16 . 2009-02-22 20:05 <DIR> d-------- c:\windows\system32\NtmsData
2009-02-21 19:02 . 2009-02-23 17:23 5,187 --a------ c:\windows\system32\uacinit.dll
2009-02-09 00:05 . 2009-02-09 00:05 <DIR> d-------- c:\program files\Panasonic
2009-02-09 00:05 . 2006-02-27 11:45 36,864 --a------ c:\windows\system32\SDDEVMGR.dll
2009-02-06 22:41 . 2006-10-04 14:06 1,197,294 --------- c:\windows\system32\dllcache\sysmain.sdb
2009-02-06 22:41 . 2006-10-04 14:06 764,868 --------- c:\windows\system32\dllcache\apph_sp.sdb
2009-02-06 22:41 . 2006-10-04 14:06 217,118 --------- c:\windows\system32\dllcache\apphelp.sdb
2009-02-06 22:40 . 2009-02-06 22:40 <DIR> d-------- c:\program files\Windows Media Connect 2
2009-02-06 22:37 . 2009-02-06 22:38 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-02-06 22:36 . 2009-02-06 22:38 <DIR> d-------- c:\documents and settings\kev\Application Data\vlc
2009-02-06 22:34 . 2009-02-06 22:34 <DIR> d-------- c:\program files\VideoLAN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-23 17:20 --------- d-----w c:\documents and settings\kev\Application Data\AVG7
2009-02-22 20:28 --------- d--h--r c:\documents and settings\kev\Application Data\yahoo!
2009-02-22 20:28 --------- d-----w c:\program files\Yahoo!
2009-02-22 20:28 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-02-22 15:20 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-22 15:18 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-09 00:05 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-05 22:01 7,304 ----a-w c:\windows\TMP0001.TMP
2008-10-15 08:57 83,544 ------w c:\documents and settings\kev\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-12-27 219136]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2003-04-30 05:00 315392 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-10-16 16:13 590848 c:\progra~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMMGAG]
--a------ 2003-01-17 09:32 64000 c:\progra~1\ThinkPad\UTILIT~1\PWRMONIT.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMMLREF]
--a------ 2003-01-17 09:32 20480 c:\program files\ThinkPad\Utilities\BMMLREF.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2003-01-10 11:50 106551 c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
--a------ 2002-12-24 10:01 204800 c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages]
--a------ 2003-01-07 22:52 495616 c:\program files\IBM\Messages By IBM\ibmmessages.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--------- 2007-12-27 22:30 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QCWLICON]
--a------ 2003-03-27 10:06 53248 c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2009-01-26 15:31 2144088 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
--a------ 2002-06-18 08:01 155648 c:\program files\VERITAS Software\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-05-02 04:15 75520 c:\program files\Java\jre1.5.0_12\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2003-06-24 13:33 561152 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2003-06-24 13:34 126976 c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
--a------ 2003-01-25 01:37 94208 c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKMAPMN]
--a------ 2003-02-17 08:30 32835 c:\program files\ThinkPad\Utilities\TpKmapMn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2002-10-18 19:07 87751 c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a------ 2005-03-22 18:56 25088 c:\windows\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 07:56 380416 c:\windows\system32\irprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EXSHOW95.EXE]
--a------ 2001-09-07 16:18 45056 c:\windows\system32\exshow95.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3TRAY2]
--a------ 2001-10-12 06:32 69632 c:\windows\system32\S3Tray2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
--a------ 2002-09-04 09:05 53248 c:\windows\system32\TP4EX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\William Hill Poker\\UA.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=

R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.SYS [2007-12-27 2295]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2007-12-27 15360]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-03-16 13352]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0fb395e0-b4ff-11dd-9b17-00054e41e1f6}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0fb395e2-b4ff-11dd-9b17-00054e41e1f6}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{837f8450-b7e1-11dd-9b1e-00054e41e1f6}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{837f8451-b7e1-11dd-9b1e-00054e41e1f6}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{837f8452-b7e1-11dd-9b1e-00054e41e1f6}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83ff6fc0-b751-11dd-9b1c-00054e41e1f6}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83ff6fc1-b751-11dd-9b1c-00054e41e1f6}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83ff6fc2-b751-11dd-9b1c-00054e41e1f6}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b8e3dc0-b419-11dd-9b0f-00054e41e1f6}]
\Shell\AutoRun\command - E:\AutoRun.exe
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-PostSetupCheck - c:\windows\System32\atgban.dll
MSConfigStartUp-SpywareBot - c:\program files\SpywareBot\SpywareBot.exe
MSConfigStartUp-tgcmd - c:\program files\Support.com\bin\tgcmd.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = hxxp:///
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\kev\Application Data\Mozilla\Firefox\Profiles\h2r5ca2b.default\
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPJPI150_12.dll
FF - plugin: c:\program files\Java\jre1.5.0_12\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-23 22:35:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-627446036-2653871946-2631661031-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*`%T%,%]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-627446036-2653871946-2631661031-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*`%T%,%\OpenWithList]
@Class="Shell"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-23 22:39:04 - machine was rebooted [kev]
ComboFix-quarantined-files.txt 2009-02-23 22:38:20

Pre-Run: 28,845,436,928 bytes free
Post-Run: 29,725,700,096 bytes free

234 --- E O F --- 2009-02-22 14:45:03

3 more replies
Relevance 88.97%

I want to run Combofix with expert help, but do not know how to Disable ESET Smart Security, malwarebytes,ccleaner,spybot S&D and Windows Installer Clean-up before running Combofix. I would rather not uninstall them all if possible, just disable. I didn't know Windows Install clean-up was on there until saw it listed in programs.

Thanks so much for any help.

Answer:How disable(not uninstall) antivirus/malware removal tools before running ComboFix?

I found out how to disable ESET, but not the others....Thanks in advance for help....

2 more replies
Relevance 85.28%

Hello

I've followed all instructions in "Read & Run Me First". I have the following results downloading and attempting to run the suggested tools for Windows XP operating system:

SUPERAntiSpyware: downloaded but unable to run. No log created. While attempting to run, received the following message: Windows cannot access the specified device, path or files. You many not have appropriate permission to access item. (note - I am setup as administrator).

Malwarebytes Anti-Malware: downloaded bu unable to run. No log created. While attempting to run, received the following message: Windows cannot access the specified device, path or files. You many not have appropriate permission to access item. (note - I am setup as administrator).

combofix.exe: downloaded and ran, but did not complete. No log created. When attempting to run, I got a far as the blue screen C:\ ComboFix is preparing to run. I sat in that condition for 2.5 hours. I finally closed out.

RootRepeal: downloaded and ran. It was basically a flash on the screen. Log generated but empty. See attached.

MGTools: downloaded and ran. Log attached.

My problem started 1 week ago when my Antivirus Program (F-Secure) stopped auto-updating the Antivirus and Malware components. I uninstalled and attempted to re-install (per F-secure's support) and was unable to install completely. I suspect the virus is preventing the install. I am currently do NOT have any Antiv... Read more

Answer:Virus Unable to Run Malware Removal Tools

Java(TM) 6 Update 26 <--- uninstall outdated Java.



Download and run Win32kDiag per the below instructions:

Download this Win32kDiag and save to C:\Win32kDiag.exe. You must save it here!!!!
Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please attach this log
C:\win32kdiag.exe -f -r




Now we need to scan the system with this special tool.

Please download Junction.zip and save it to your root folder (C:\Junction.zip)
Unzip it and put junction.exe in the root folder (C:\junction.exe)
Now click Start => Run... => Copy and paste the following command in the run box and click OK:
cmd /c junction -s c:\ >C:\log.txt

A command prompt window opens and also a license agreement from SysInternals will appear.
Accept the license agreement and the scan will begin.
Wait until a log file opens. Attach this C:\log.txt when it finishes (the command prompt window will close when it finishes). (How to attach items to your post)
NOTE: It scans your whole hard disk so if can take a long time. Be patient and don't do anything else while it is scanning.



Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.


Right-click OTM.exe And select " Run as administrator " to run it.
Paste the following code under the area. Do not include the word Code.

... Read more

8 more replies
Relevance 73.8%

I've followed the suggested methods for removing malware and viruses. Had vundo and a bunch of other junk. Analyzed hjt and removed everything per the hjt guide. I've attached mg log file for further suggestions. Thank you in advance for the help.
 

Answer:run removal tools / combofix - Logs for analysis help please

Hi v2ladimyr,
Welcome to Major Geeks!

Please attach the other logs requested in the READ & RUN ME FIRST. You're missing the logs for Combofix, MalwareBytes and SuperAntiSpyware.

Thanks.
abri
 

7 more replies
Relevance 72.98%

Two new malware removal tools by PC Tools just appeared on Softpedia today.
PC Tools Threat Removal Tool 2012

Fight back against malware.
PC Tools Threat Removal Tool is a handy and reliable utility designed to scan your computer for threats and remove them.

This Threat Removal Tool is designed to fight malicious code that has been known to prevent PC Tools' antivirus software from being installed. It performs a quick system scan in order to identify and neutralize the most common malware families that block, prevent, or terminate PC Tools' security software installers.

To ensure that the malware is completely eliminated, PC Tools Threat Removal Tool deletes the infected files and the registry values added by malware.

Requirements:

· Administrative rights
· If you are running Windows Me/XP, turn off System Restore.

Download
PC Tools ISO Burner 2012 1.0

Get the ability to access and delete persistent malware.
Safely remove malware from your computer with PC Tools ISO Burner. This is an advanced bootable antivirus tool that provides users with the ability to access and delete persistent malware.

When malware infects a computer, it gains control of many components that are key to the system's operations, making it very difficult to remove. Malware can use some of these system components to hide itself and prevent other software from detecting and removing it.

If you can't install or run a security application in the first place, then how a... Read more

Answer:PC Tools Releases New Malware Removal Tools

Ok what files are in the zip when you download it?
All I get is pcttFixTool.dll, no exe???
 

7 more replies
Relevance 70.52%

My computer got a nasty little bug on it.

I believe it was one of those fake antivirus trojans. I had one before and Malware Bytes took it right off, but it couldn't do it this time. The malware keeps reloading on the system regardless of what I use.

I've used PC Tools Spyware Doctor (which I paid for and it has done nothing of note); Spybot and MBAM. The program keeps redirecting my browser to google-redirect.com or something like that and giving me tons of ads.

This is the log that I got after the most recent MBAM attempt.

I've removed and rebooted, with this and spybot, but the result is the same each time.

Please help.

Thank you.

Malwarebytes' Anti-Malware 1.36
Database version: 2084
Windows 5.1.2600 Service Pack 3

5/6/2009 7:14:22 PM
mbam-log-2009-05-06 (19-14-22).txt

Scan type: Quick Scan
Objects scanned: 86122
Time elapsed: 5 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\Temp\msb.dll (Worm.Autorun) -> Delete on reboot.
C:\WINDOWS\system32\autochk.dll (Worm.Autorun) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run�... Read more

Answer:persistent malware - ran MBAM, PC Tools, SpyBot, still there

i have the same issue please help. Except I only have Usernit

3 more replies
Relevance 69.7%

I have scanned with AVG with the latest updates. On top of that insidious google redirect I get random pop ups even when I don't already have IE or Firefox running. Also getting sounds in the background like I'm clicking on a link, surfing the net when I'm not. And SYSTEM in task manager is hogging a ton of memory.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:52:42 PM, on 8/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeC:\... Read more

Answer:persistent malware undetected by virus scans and malware removal tools

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

2 more replies
Relevance 69.29%

The computer boots into it's installation and functions for the most part with programs that have been installed previously, however there are redirects happening in all three browsers installed (Firefox, Chrome and IE); an incredible delay in launching installed programs and all of my go to spyware eliminators can be downloaded; but the .exe files cannot open. An item appears in the Task Manager, but goes nowhere with no indication of failure or status.The system is also running Service Pack 2. All attempts to update 3 (actually any Windows updates) hang at a midway point and don't indicate failure or status. Microsoft Security Essentials won't install until it is updated to Service Pack 3, and the only free antivirus that has installed was Sophos. It was not able to resolve any issues. Combofix was attempted, but even in Safe Mode it does not open. This appears to be quite an interesting infection, my next thoughts are to somehow acquire a Sony Vaio (I am uncertain how to determine exactly which model this machine is) recovery disk and try to save the OS that way. Are there any other suggestions on things that can be attempted? the only reason we are fighting to save this install is there are programs critical to the business of which the install CD is not available, and it is out of support by the manufacturer anyway.Thanks,JesseEdit: Moved topic from Introductions to the more appropriate forum. ~ Animal

Answer:XP infected, cannot run combofix, spybot or malware bytes

Hello and to BleepingComputer.Let's see what we're dealing with here.Please try running Malwarebytes this way.Please download RKill by Grinler from one of the 4 links below and save it to your desktop.Link 1Link 2Link 3Link 4Before we begin, you should disable any anti-malware software you have installed so it does not interfere with RKill running. This is because some anti-malware software mistakenly detects RKill as malicious. Please refer to this page if you are not sure how to disable your security software.Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed. If nothing happens or if the tool does not run, please let me know in your next reply***************************************************Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download linkIMPORTANT!!! - when you save the file, rename it to something random, such as bubbles.exe This must be done before beginning the download!MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are conn... Read more

6 more replies
Relevance 69.29%

Since the ComboFix will not run on Vista or Windows 7 64-bit, I have to look for new malware/virus removal apps... It was good while it lasted. So what tools do people use for Vista these days when the computer says: "WARNING! YOURS COMPUTER IS AN INFECTED BY HARMFUL VIRUS!!!!"

Answer:64-Bit Virus Removal & Malware Removal Tools?

64-bit Anti-Virus:List of 64-bit Anti-Virus For VistaAnti-virus protection in 64-bit environmentsFree Anti-virus:avast! Free Antivirus Avira AntiVir Personal - Free AntivirusAVG Anti-Virus Free Edition 8.5Microsoft Security EssentialsPanda Cloud AntivirusKingsoft Free Antivirus (Cloud Scan)Paid for Anti-virus:NOD32 Anti-Virus PersonalMcAfee AntiVirus PlusTrend Micro AntiVirus plus AntiSpywareNorman Antivirus & AntispywareCA Anti-Virus Plus Anti-Spyware64-bit Anti-Malware tools:Malwarebytes Anti-MalwareSUPERAntiSpywareKaspersky Virus Removal Tool - How to install and use documentationSpyware TerminatorWindows Defender (64-bit)PrevxSpybot S&DAd-AwareNorman Malware CleanerSunbelt Counterspy (free Trial)Comodo BOClean Anti-MalwareSophos Anti-rootkitSanityCheck Advanced Rootkit and Malware DetectorESET Online Antiivirus ScannerESET SysInspectorAnVir Task Manager FreeWinPatrolStart with these:How to use Malwarebytes' Anti-Malware to scan and remove malware from your computerHow to use SUPERAntiSpyware to scan and remove malware from your computer

3 more replies
Relevance 69.29%

I must apologise in advance here, I'm not astoundingly good with computers, but I can normally remove viruses etc. myself. This is the first time I've had to post for help on a forum, so please excuse my lack of etiquette.

Okay, so I've pretty much tried everything I can think of with this one.

Any Google search link that I click on takes me to a bogus looking alternative search engine.
In addition to this Malwarebytes will not run, and neither will Spybot, so I'm having trouble disabling teatimer. ComboFix is also refusing to run.

I've run CCleaner and it has removed a few bits and pieces, bad links and what have you, but no improvement.

I've trawled through my programmes list and currently have nothing that has been f'lagged up' as Malware installed.

I've attatched my RootRepeal report and a report created by DDS if this helps.

I appologise one again for my basic knowledge.

Any help will be very much appreciated.
 

Answer:'Google Redirect' problem, plus unable to run Malwarebytes, ComboFix or Spybot

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions.
**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using a differe... Read more

1 more replies
Relevance 68.88%

Hi. I am trying to diagnose a problematic laptop for a friend. I don't know the details of what happened to cause the problems. The main problem I can detect is that the laptop is EXTREMELY slow. It seems like anything I try has a delayed response (even a simple mouse click). I followed the Malware Removal Guide, but was only able to run two of the five suggested tools as follows:

1) SUPERAntiSpyware - I ran this after manually updating the definition files on the version already installed and the scan found nothing.

2) Malwarebytes Anti-Malware - I was not able to update the definition files for the current version installed. After several attempts to uninstall this (via the Control Panel), I was able to do it via CCleaner. However, I was not able to re-install a more recent version due to problems with the Windows Installer service. After uninstalling an outdated version of Java (Update 14) via the Control Panel, I have not been able to install/uninstall any more programs.

2) combofix.exe - not compatible with 64-bit OS

3) RootRepeal - did not run on 64-bit OS

4) MGtools - did run; kept getting errors, but continued to completion

Attached are the SUPERAntiSpyware and MGTools logs:
 

Answer:Possible Malware preventing me from running malware removal tools

I am not seeing any malware in those logs. I do not know why MalwareBytes would not run, are you able to run it in safe mode? How does the PC behave when you use safe mode?

More than likely I think I will be sending you off to the software forum.

We can do this:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:



O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsM... Read more

5 more replies
Relevance 68.88%

Hi, i got infected because i was triying to run malwarebytes and it skip the part of analising the files, it ended in arount 1 minute in a full scan, and i tried to download dr web cure it, and it dont allow me, the computer seems fine, but those things are very strange, and when i was running the scan i was in safe mode...
 
thanks for the help

Answer:Malware infected, malware removal tools useless

Greetings samidelcueva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

0 more replies
Relevance 68.47%

I did a hijackthis scan and here's what I got:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:18:17 PM, on 4/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\WINDOWS\System32\00THotkey.exeC:\WINDOWS\system32\TFNF5.exeC:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynT... Read more

Answer:Malware Blocking Acess to Spybot, Microsoft Malicious Removal Tool and other anti-malware programs

Hey guys I solved my own problem. I completely reinstalled windows. (It was about that time anyway)

2 more replies
Relevance 68.47%

I have a default Yoog Search in my Search Engines, i try to remove it and set it as google but it would again default to Yoog. Next thing is I just cannot run 'sybot search & destroy' and doesnt let me open any anti-malware related sites. I cant download any anti malware apps. I am just stuck.
 

Answer:unable to run any anti-malware tools and also cant open any anit-malware related site

Re: unable to run any anti-malware tools and also cant open any anit-malware related

Welcome to Major Geeks!

Please try doing this first:
Yoog Removal

Then please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.
If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.

TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide


Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes ... Read more

6 more replies
Relevance 68.47%

I have a default Yoog Search in my Search Engines, i try to remove it and set it as google but it would again default to Yoog. Next thing is I just cannot run 'sybot search & destroy' and doesnt let me open any anti-malware related sites. I cant download any anti malware apps. I am just stuck. I saw a post " Win 2K hijack issue - unable to run malware apps!". I have exactly the same case on my system.

 

More replies
Relevance 68.06%

I have apparently received a virus that has downloaded a program onto my computer that keeps popping up that I have malicious programs on my computer and wants me to download malware protection software. I have run my McAfee and it was unable to detect the virus. I have attempted to connect to the internet, but it will not allow me to open IE and it has changed my background. It will also not allow me to run safe mode, open task manager or to do a system restore. Since I cannot get on the internet, I have not been able to download the required software or post the required logs. I cannot run RKill either....

Attempted to run rkill from a disk and a pop-up came up saying "file rkill is infected by w32/blaster.worm please activate Malware Protection to protect your computer". there is also a pop-up constantly saying "security warning!" "Malicious program has been detected. Click here to protect your computer". I also have boxes popping up: 1 says, "Malware protection has found 58 useless and UNWANTED files on your computer!" and has a button to activate now. 2: Firewall warning with malware detection warning.
 

Answer:Virus- unable to run removal tools/IE

Try to download this app. ( you may need to download to a different computer and transfer via thumb or CD):
Trend Micro Fake AV Tool.

Then if it runs, try doing all the instructions here:
READ & RUN ME FIRST. Malware Removal Guide
 

1 more replies
Relevance 68.06%

Hello,

My computer (also used by roommates) appears to be infected with something that?s keeping me from running any number of anti-virus programs. I use Windows Vista SP2, BTW, on a Gateway machine that?s about 2 ˝ to 3 years old.

To the best of my knowledge, here?s what has happened. As I mentioned, I'm not the only user, but everyone else swears not to know anything.

Here goes:

For the past 2-3 weeks, anytime I had multiple windows or tabs opened in IE, there started becoming a delay anytime I?d try to close them. Sometimes it would just be a second or two, and eventually it would get to where I?d tell it to close a tab and IE would hang for 5-7 seconds before it finally closed.

I figured it was just a new Windows/IE update that was buggy and a new update would come along soon enough to fix it. But after putting up with it for a few weeks, it finally got annoying enough that yesterday I tried finding a solution.

First, I ran AdAware, thinking maybe one of the roommates got onto a bad site and got some spyware on the computer. But it came up clean. So I started doing searches to find a solution.

I didn?t find anything specific, but I saw some suggestions to disable browser add-ons and see if that made any difference. That advice was actually for a delay when first opening a tab, not closing them, but I tried anyway.

I don?t have many add-ons, but I attempted some trial and error with those I do have. I use the free version of AVG ... Read more

Answer:Unable to run multiple removal tools

Let's see if this helps.

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




O4 - HKLM\..\Run: [Win Messenger] messenger.exe
O4 - HKLM\..\RunServices: [Win Messenger] messenger.exeClick to expand...

After clicking Fix, exit HJT.

Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.





REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"Win Messenger"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\RunServices]
"Win Messenger"=-

Click to expand...

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on ... Read more

7 more replies
Relevance 68.06%

I have worked as a PC tech for 3 years, and i have come up against a problem that i am unable to solve on my wife's computer. She has a piece of spyware that is disabling any scan software i run, and making it a hidden, read-only file that even the admin account of the machine does not have access to. It has disabled:
Spybot S&D
Symantec Corporate Edition
Windows Defender
Lavasoft Ad-Aware
and HijackThis

I have found braviax.exe on the machine and got rid of that in addition to a group of processes that call themselves debug.exe, win.exe, notepad.exe, login.exe, lsass.exe, amd csrss.exe. manually deleting all of these files in safe mode has had little effect. in addition there is a dns hijack that causes all google search results to go to other pages. finally, it disables viewing of hidden files, and registry editing, though i have found ways around those restrictions.

Any help would be greatly appreciated.

ps. smitfraudfix has been slightly effective. (it does not shut down and lock up), but it says that the process list and the dns fix tools are access denied.

Answer:Unable to run any spyware removal tools

pps. DDS.scr that this site uses as a scanning tool just hangs when it should scan. i let it run for over 10 mins and it did nothing.
i actually had to use cmd in order to open it because it would only open in notepad otherwise.

2 more replies
Relevance 67.65%

Hi all, 
 
Recently on Chrome browsing on a site a received a web site popup saying "Your browser contains MALWARE. You have to install Chrome Malware Removal Tool". Confirming with OK opens an extension page:
 
https://chrome.google.com/webstore/detail/chrome-malware-removal-to/mbdoonnjlifcmakklcaembokjhjikank
 
I have a strong suspect this is a malware!!!
 
What I'm trying to understand if what kind of malware infected the web site I visited. Some technical specs could be useful . The web site is of a my friend and I'd like to help them to identify the malware infected their web site...
 
 

More replies
Relevance 67.65%

Hi. Thanks for this. I need to first tell you that I don't even know how to generate the logs everyone posts here for troubleshooting. I'm sorry. Maybe someone could tell me how, then I will.

Because my laptop wouldn't even boot to the O/S last week, DELL's tech support helped me move files, reformat and reinstall the OS. I reinstalled McAfee. A security tool warning popped up. I knew it was rogue; I came here and got rid of using mbam and process explorer - very easy. Or I thought I did. On my daughter's desktop this morning, there were 3 porn shortcut links ON HER DESKTOP!!!! There was also a link to "Active Security" - trying to figure out wtf this was it turns out it was another rogue. Awesome. It at least had an uninstall on Add/Remove programs... but obviously it is not gone, if that is even the cause of all this... Thinking MBAM would be a logical quick fix, I figured I would try that. My Mbam won't load - I have reinstalled and it - it reinstalls and then when I try to quicksccan it says I don't have permissions and then I can't even open it again. I can reinstall, then it is hijacked when I try to scan. My McAfee won't scan either so both are being hijacked and I also am having the same browser redirects as others when clicking on sites from search results. McAfee can't even fix itself. In safemode, McAfee tells me the truth at least that it is not working (in regular mode it poses like everything is... Read more

Answer:Ugh - Malware Removal Tools Disbled by Malware

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Relevance 67.65%

I ran through as much of the readme as I could, but only MGtools worked. Please look at the attached logs and advise me on what to do next. Thanks.
 

Answer:Can't run malware removal tools

Welcome to Major Geeks!

Your log shows that you were in safe boot mode. You should be in normal boot mode unless that is not possible and you did not say you could not boot in normal mode.

A few of your Windows system files (ndis.sys and beep.sys) are infected and will need to be replaced by clean copies. It will be much easier to do this once we can get ComboFix to work. So let's start with the below fix and see if we can get other tools to run afterwards.


Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F2 - REG:system.ini: UserInit=userinit.exe
O4 - Startup: zqosys32.exe
O23 - Service: Dhcp server (DhcpSrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe (file missing)

After clicking Fix, exit HJT.

Now copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.




REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"Click to expand...

Make sure that you tell me if you receive a success message abou... Read more

1 more replies
Relevance 67.65%

I have aToshiba M105 laptop. I have CCleaner and Avast Home installed. I ran Avast - no issues, ran CC and Registry cleaner. I have something on this that when I do a google search will look like legitimate results but when I click on a link will send me somewhere else, usually redirect me to an ad or the info.com.I also can not access certain websites -MajorGeeks being one of them or any of the sites that contain the malware removal tools listed in the MJ procedures. Si I tried to access MJ from another computer and save the tools to a usb stick then transfer to the infected computer. Worked OK until I tried to run the various apps. SAS I get "encountered error needs to close" Spybot - "connection w/sever could not be established" Malwarebytes just wouldn't install. Don't know what to do now ---HELP!!!!!
 

Answer:Can not run MALware removal tools

For MBAM, just run it without updating.

Have you tried running the other scans in safe mode?

The Read and Run First instructions have links to manual updates for both SAS and MBAM.

Did you run the MGTools.exe? Were there any issues with that? Can you attach the C:\MGLogs.zip?
 

3 more replies
Relevance 67.65%

Hello All,
I have tried all possible tools
SpySweeper,Kaspersky,Spypot,Spyware Doctor,Adaware
SuperAntiSpyware,MalwareBytes,CCleaner,RogueRemover

I think its the virtumonde...The thing is I have a couple of registry entries pointing to Dlls that do not exist but even if i remove them they keep coming back.I have tried booting into safe mode and deleting them but it does not help.I am posting my HijackThis log.I have disabled system restore as well

I keep getting random Ad-Websites and messages that my computer has been affected.

I have highlighted the susicious registry entries.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:56:00 PM, on 03-Dec-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system3... Read more

More replies
Relevance 67.65%

Hi Guys,

Thanks for a great website, and many good tools you have put together.

I have a problem getting rid of what I think is Spyware on my wife's laptop.

She is currently unable to do Google searches properly, and all results seem to end in being re-directed to a 'Coupon Mountain' website, we can browse to some websites manually, but all those of the major malware removal companies (including yours) just result in the standard IE website unavailable error message.

I have tried downloading all the tools in your READ AND RUN ME FIRST section to a CD, and then copying them to the laptop to run, unfortunately none of them install (even if I change the names.)

I'm getting to the point where I'm considering a repair install, but would like to know if there's anything else I can do to get things fixed without such drastic action.

TIA

Neil
 

Answer:Can't Run Malware Removal Tools.

Welcome to Major Geeks!


Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.
If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.

TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide


Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
To avoid addtional delay in gettin... Read more

1 more replies
Relevance 67.65%

I am trying to follow clean up procedures, http://forums.majorgeeks.com/showthread.php?t=35407 and have 2 questions;
1. when I run Microsoft Windows Malicious Software removal tool, does it clean/fix automatically or do I have to click on something? I tried to go to the help section and I get "page cannot be displayed".
2. when I run Spybot Search & Destroy, I click immunize but i don't see S&D helper.

ty
 

Answer:Using malware removal tools

1. Just run teh tool there is nothig else you have to do.

2. When you Immunize; Spybot is making changes to the Registry.
 

3 more replies
Relevance 67.65%

Hi Geeks,
I'm pretty sure I have a malware issue on my PC. I can't access any security websites, like malwarebytes.org and more. In fact, I am surprised I can access the Geeks website! I can download removal tools, but they won't run and I've tried quite a few.. I can't boot into safe mode -The dreaded Windows blue screen error message comes up-"Windows has detected a problem and needs to shut down". I followed your "Read me first" and did everything I could, including remove the old Java versions. When I tried to install Java again, it said the program is not digitally signed and shut down. This has happened a few times with other installs as well. My browsers shut down frequently on their own as well. Ihave a recent hijack this log, but not sure whether to attach it or not, as it was mentioned it may be filtered as spam. Anyway, hope you can suggest something. Thanks!
Bobby
 

Answer:malware won't let me run any removal tools and more

If you can't boot into safe mode and normal mode will not allow you to run any of the scans, there isn't much we can do to help you. Have you tried running all the requested scans? Have you tried renaming them as per the Read and Run First instructions? Will MGTools.exe not run?

You can try using a different computer to create this disc and then boot to it with the infected machine. ( You will need to first go into the bios and change the boot up order to make the cd drive the first boot device.)

Kaspersky Rescue Disk.
 

11 more replies
Relevance 67.65%

Hello all,

This is my second go-round through your instructions. The first in 04/2009 was successful. Presently, I cannot get any recommended tools to run --even if I rename an exe. I cannot locate the exe for Malwarebytes; I get an "exception unknown software exception (0xc0000409) occurred in application at location 0x77f7c60b" error message when attempting to open SuperAntiSpyWare. I attempted both in system mode and normal mode. (I have run them successfully in the past.) I see the Security Tool shortcut on my desktop and I bet its the culprit.

I am attaching two logs below. Your help is very appreciated.
Dawna G.
 

Answer:Malware removal tools won't run

Welcome to Major Geeks!

You MGlogs.zip file is not as useful as we need for two main reasons:

You don't have the current version. You are 7 months out of date.
You ran it in safe boot mode and normal boot mode is the preferred method.
Is all of the software you have that far out of date?

I will give you something to try below but the malware may have additional things hiding that we cannot see with this outdated version of MGtools.



Uninstall the below old versions of Java:
Java(TM) 6 Update 13

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Shared\_lib.dll
O4 - HKLM\..\Run: [tijidekel] Rundll32.exe "c:\windows\system32\jetebemi.dll",a
O4 - HKUS\S-1-5-19\..\Run: [wadahetuju] Rundll32.exe "C:\WINDOWS\system32\yikujode.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [wadahetuju] Rundll32.exe "C:\WINDOWS\system32\yikujode.dll",s (User 'NETWORK SERVICE')
O20 - AppInit_DLLs: c:\windows\system32\jisasiti.dll C:\WINDOWS\system32\gitoribo.dll c:\windows\system32\juduwuho.dll c:\windows\system32\jetebemi.dll,mapopabe.dll
O21 ... Read more

7 more replies
Relevance 66.83%

My Windows 7 x64 machine is presenting Antivirus 360 malware. I am looking for tools that will work with Windows 7. I tried combofix and some others but I am finding out they are not made for Windows 7. Please help. I am not even sure what to use to collect logs to submit here.

--M


Submitted DDS log in log submit forum but I would still like suggestions on Windows 7 compatible removal tools.

More replies
Relevance 66.83%

Hello Geek Saviors

Am trying to run the Malware Removal Tools for my Acer 2012 Laptop, Windows 7, IE 11, AVG antivirus, Comodo Firewall. Have downloaded the Tools to desktop and followed the Win 7 malware removal directions. Have following problems despite lowering Internet security settings, trying with Comodo Firewall disabled (also Comodo in safe mode) with all tools software entered as safe applications, running in Windows Normal Ops:
1 - Defogger, after clicking DISABLE and YES get immediate red X message "Unable to Create Log"
2 - RogueKiller, right click "run as admin", depending on Comodo settings noted above variably got Alert Triangle "Software is Not Available" or once setup opened and started abruptly disappeared with message "Download Manager has stopped working. A problem caused the program to stop working correctly. Windows will Close and notify you if a solution is available". Tried renaming to "RK.exe" with same result.
3 - Malwarebytes - tried after RogueKiller failure, right click "run as admin", and got exact same response as for RogueKiller.

Did not try other tools. Any idea what I can do to get tools to run? Have not tried computer Safe Mode - would this help?
Thanks for any suggestions and guidance.
 

Answer:Malware Removal Tools not Opening

Yes, you can try safe mode, but be sure to first disable your AV software.
 

6 more replies
Relevance 66.83%

can anyone tell me if there ar any bootable malware removal programs other than avg

thanks in advance

ray

Answer:bootable malware removal tools

Here are a couple:http://www.free-av.com/en/products/12/avir...cue_system.htmlhttp://www.freedrweb.com/livecd/

2 more replies
Relevance 66.83%

I am getting an error "unable to connect to the proxy server" while opening chrome, firefox or IE.
 
I have unchecked the proxy setting and it still reverts back when I try to open a browser.
 
I am pasting the results from the mini tool box. below -
 
I also ran  ADW Cleaner , TDSSkiller and malwarebytes.
 
 
 
 
 
MiniToolBox by Farbar  Version: 30-11-2014
Ran by jints1234 (administrator) on 02-02-2015 at 23:43:08
Running from "D:\adware"
Microsoft Windows 8  (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Qualcomm Atheros AR9485 Wireless Network Adapter = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
 
 
# -----... Read more

Answer:tried several malware removal tools and still cant connect

Sorry, not at home, report's too long to read -- what firewall, anti-virus, anti-malware are you using?  One thing I can recommend is you "sneaker-net" [via usb stsick or CD/DVD] Tweaking.com's Windows Repair (All in One), install & run it.  Accept defaults checkmarks, add #26 & 27 [if memory serves me], ones that indicate normalizing Windows operations.

2 more replies
Relevance 66.83%

When I go to download ie:  RKILL or malwarebytes they do not download.  I am running firefox.  I have tried explorer.  I have an HP windows XP. 

Answer:cannot download any malware removal tools

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/518053 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 66.83%

Help! My daughters laptop seems to be infected with browser hijacker I can't get rid of it. I can't download windows updates and all different browsers aren't working right, sending me to wrong sites and preventing download of AV and malware removal tools. Super anti spyware was installed and wouldnt work, have tried to install windows malicious software removal tool via USB but it won't install or run, have also tried to install spybot via USB but it wont install, error message when it try's to connect to download some of installation files I think. Any advice you guys can offer would be very gratefully recieved, many thanks
 

Answer:Can't install malware removal tools

Welcome to Major Geeks!





TomPo said:





and all different browsers aren't working right, sending me to wrong sites and preventing download of AV and malware removal tools.Click to expand...

Has a proxy server been inserted in the browser? See the below:

Proxy Server - Changing Settings



TomPo said:





Super anti spyware was installed and wouldnt work,Click to expand...

You need to be more specific. Exactly what happens.





TomPo said:





have tried to install windows malicious software removal tool via USB but it won't install or run,Click to expand...

Exactly what happens? Any error messages.

Have you tried to install and run tools in safe boot mode as suggested in our cleaning procedures?





TomPo said:





have also tried to install spybot via USBClick to expand...

Waste of time anyway as it is ineffective against most of todays malware.


Also try the below to see if you can get anywhere.


Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Administrator


You only need to get one of them to run, not all of them. You may get warnings from y... Read more

12 more replies
Relevance 66.83%

Running windows xp media edition on e machine. Will not run any spyware programs. Will not run HJT. Found BRAVIAX.EXE in sys 32. Ran killbox to delete. Could not delete braviax sys32.exe. Had killbox replace file with dummy file then marked read only to stop the red x
trying to sell me its programs. Tried to down load several other spyware removal programs. Get message Access Denied no matter what.
Browser has been taken over by redirect program. HELP! WARNING I am NOT computer literate.

Answer:Nasty Malware. Can't run any removal tools.

Hello fxstc1340 and to BleepingComputer.WARNING I am NOT computer literate.Not a problem. If you don't understand something, feel free to ask questions and I'll explain it better. The same holds true for any helper you work with here.Now. . . let's see what we're looking at here.Please install RootRepealNote: Vista users ,, right click on desktop icon and select "Run as Administrator."Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorDisconnect from the Internet or physically unplug your Internet cable connection.Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver. Temporarily disable your anti-virus and real-time anti-spyware protection.After starting the scan, do not use the computer until the scan has completed.When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.Extract RootRepeal.exe from the zip archive.Open on your desktop.Click the "Drivers" tab, and then click the button.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the... Read more

6 more replies
Relevance 66.83%

I can't download anything at all and I suspect it is a malware issue. And yes, I've tried removing firewalls, anti-virus, pop-up blocker, etc...
If i try to download something on firefox i get this message: "C:\Documents and Settings\HP_Administrator\Desktop\XXXXXXX could not be saved, because you cannot change the contents of that folder.
Change the folder properties and try again, or try saving in a different location."

If I try to download something on IE i get this: "The requested site is either unavailable or can not be found.Please try again later "

Some symptoms that might be unrelated, I tried running a disk check, but it stops at step 2/3, and an old malware that i deleted left autorun, but i got rid of that as well.

I would download malwarebytes or something to try and get rid of the problem, but i can't :\
 

Answer:Can't even download malware removal tools

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions.
**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using a differe... Read more

3 more replies
Relevance 66.42%

Toshiba Laptop with Vista.
 
I have the zeroaccess trojan and have read through some possible fixes but have not been successful in getting rid of it. I have tries to download Kaspersky TDSSkiller, Combo Fix and Roguekiller but just as it finishes the download a message comes up and says "... contained a virus and was deleted"
 
I guess I could download to disc on my PC and try loading through the cd drive...
 
What steps should I take from here?
Thanks,
Kevin

Answer:Zeroaccess Trojan, Unable to download any removal tools

Hi Harvestsmiles, sorry about the delay.
You're infected with ZeroAccess rootkit.
It'll require elevated help.
 
Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.
Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.
If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.
It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
xXToffeeXx~

2 more replies
Relevance 66.42%

Hi,
I was infected by the Win 7 Antivirus 2012 malware virus. It prevented me from using explorer or make any changes to my PC. I tried the SuperAnti Spyware and it removed several treats and viruses, but not all. So I followed the instructions and used the ComboFix. Attached is the log file it generated. It appears to have worked.

Regards,
DJB

More replies
Relevance 66.42%

Hello.

I recently came upon an issue i have never experienced in all my many years in computing: I got audio adverts running even if my browser was closed.
I also note a very large number of attempted hacks reported by MacAfee relating to arin and in some cases Amazon. It seems to have happened as coincidence or may be connected?

Anyway, i run Kaspersky remover but it found nothing. I also tried deleting all cookies via Google Chrome. So i run ComboFix after the log showed up i tried to click on a file to delete it and was told the operation could not happen because of something about a registry entry (Or file) being deleted (Or about to be deleted) i do not recall the exact wording but i could not execute anything for the same message. I re booted and it was fine again. Not sure if that information is needed or not but i let you know in case.

Anyway, i have no idea what allowed these adverts or how to remove them but as stated i run ComboFix and have a Log file. Rather than ask if i should post it and wait, i will post it all the same.

Any help would really be appreciated ..

ComboFix 12-10-15.01 - Heatseeqerz 16/10/2012 1:32.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4079.2494 [GMT 1:00]
Running from: c:\users\Heatseeqerz\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee ... Read more

Answer:ComboFix Log Malware removal

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

3 more replies
Relevance 66.42%

ComboFix 08-09-01.03 - Owner 2008-09-02 10:20:51.2 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.186 [GMT -5:00]Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exeCommand switches used :: C:\Documents and Settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe * Created a new restore point.((((((((((((((((((((((((( Files Created from 2008-08-02 to 2008-09-02 ))))))))))))))))))))))))))))))).2008-09-02 09:59 . 2008-09-02 09:59 81,920 --a------ C:\WINDOWS\system32\bunwbkfo.exe2008-08-31 15:37 . 2008-08-31 16:46 <DIR> d-------- C:\Program Files\Crawler2008-08-31 14:23 . 2008-08-31 14:23 94,208 --a------ C:\WINDOWS\system32\nulwdaba.exe2008-08-30 09:52 . 2008-08-31 10:01 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.62008-08-30 09:51 . 2008-08-30 09:51 <DIR> d-------- C:\WINDOWS\Sun2008-08-30 09:17 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl2008-08-30 09:12 . 2008-08-30 09:17 <DIR> d-------- C:\Program Files\Java2008-08-30 09:11 . 2008-08-30 09:11 <DIR> d-------- C:\Program Files\Common Files\Java2008-08-30 09:08 . 2008-08-30 09:08 86,016 --a------ C:\WINDOWS\system32\gzmrktor.exe2008-08-29 17:06 . 2008-08-31 14:26 <DIR> d-------- C:\Program Files\Spyware Terminator2008-08-29 17:06 . 2008... Read more

Answer:Combofix Log - Malware Removal

ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.If needed, we will direct you to our HJT Preparation Guide.Thank you for using BleepingComputer as your malware removal source.This topic is now closed. The BC Staff

1 more replies
Relevance 66.01%

Hi,
I have a problem where I cannot run any virus or malware removal tools. I have tried them in safe mode and I have tried renaming them. I am able to load them and update them and I can start them momentarily. Then they stop and I can not restart them. I get an error that they are not available or that I do not have permission. I have tried to run online scans and they also fail to load. I also have a problem with iexplorer and firefox being hijacked and loading various web sites I am not intending on going to. Not bad sites just not the ones I am trying to get to. Let me know what you want me to try. I work on computers daily and have not run into anything like this. Thanks in advance for you help.
 

Answer:Cannot load any virus or malware removal tools

I am able to run MGtools.exe and I have attached the log.
 

29 more replies
Relevance 65.6%

I have the security system 2009 virus (or is it system security?) and I can't run any of the anti-spyware fixes I've seen in various blogs and at various sites (Malware Bytes, Spyhunter, etc). I can do limited things in safe mode but nothing at all in regular mode. Firefox is almost useless even in safe mode, as anything I download using it generally won't run or install. I'd downloaded 3.5 right before getting the virus and was having some issues with the program right before and after the update. IE has seemingly random pop-ups in safe mode and sometimes will totally ignore commands and do its own thing. I did the hijack scan but upon reading the blog found that there is another process to follow. I'm hoping since the hijack program directed me to this blog that I may have enough information in the log because I have to leave for work so I can't at the moment. I also had some issues on the computer from prior viruses that I could never seem to get rid of completely so some of that may be in the log. I don't know what other information is needed but I hope I've given something of use. I've been up all night so I'm pretty discombobulated so I apologize for the scattered message. Thanks for any and all help and advice!

Answer:System Security 2009 Virus - unable to run removal tools

Hi My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.If you do not make a reply in 5 days, we will need to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we... Read more

8 more replies
Relevance 65.6%

What should I do????
I have not run an OTL log as my laptop is not the problem.
my older tower has the problem. When I figure out what to do with the current problem will run an OTL and send in the log.
Thanks!
 

Answer:malware removal combofix seems frozen

Hi and welcome to MalwareTips!

I'm Fiery and I would gladly assist you in removing the malware on your computer.

PLEASE NOTE: The first 3 posts of ALL new members require approval by mods/admins. Please be patient if you don't see your post immediately after submitting it.

Before we start:

Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
The absence of symptoms does not mean your PC is fully disinfected.
If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
Just to clarify, which stage is Combofix stuck on? what does it say on the screen?
 

1 more replies
Relevance 65.19%

i cant even get Hijack this to work as soon as i run it it disappears so i cant even post that here to show whats going on with my computer.. im using windows XP... i keep getting redirected when i try to search on yahoo or google... using mozilla firefox. ive also tried to run in safe mode but i keep getting a blue error screen and cant move past that.

Answer:advanced virus removal / security tools malware?

Let's see if we can get a scan to workIf this works, go ahead and repost in the HJT forum. If not, post back hereRun this application and then immediately run your scanPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer or you will have to run it again

8 more replies
Relevance 65.19%

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Hi and welcome to the Bleeping Computer malware removal forum. If you are reading this article, then you are most likely looking for a solution to a possible malware infection on your computer. Please follow these steps in order to provide information that we can use to analyze your computer's configuration. Please note that these steps may appear to be long and daunting. In reality, though, they are very simple and are only so many steps as we wanted to be as detailed as possible in the instructions.
Before you perform these steps, it is suggested that you first check to see if there is a self-help guide for infection here:
Virus, Spyware, and Malware Removal Self-Help Guides
If there is one, then you can attempt to use the self-help guide first and then continue with these steps if you feel that you are still infected.
- Backup your data!
Regardless of whether or not you have a malware infection, routinely backing up your data should be an important part of every computer users life. Whether it be a hard drive that has failed or malware that has caused your computer to become inoperable, not having your files, pictures, email, and music can be a disaster. We therefore suggest that before we move forward with this cleaning process, you first backup your data to a secure location. That secure location could be a burnable DVD, an external backup drive, or another... Read more

Answer:Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Bump to reset order.

1 more replies
Relevance 65.19%

all info stated above I think. Appreciate your help.
 

Answer:Removing Edeals (multiple malware removal tools used)

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 65.19%

I've followed the Prep Guide but have been unable to get DDS to run despite repeated attempts. I've also tried to run Root Repeal several times without success. I then downloaded RSIT. Here's the log file:
"Logfile of random's system information tool 1.06 (written by random/random)
Run by GREG GOODFELLOW at 2010-01-04 15:32:45
Microsoft Windows XP Professional Service Pack 3
System drive C: has 52 GB (34%) free of 153 GB
Total RAM: 1015 MB (28% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\OGADaily.job
C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\... Read more

Answer:Infection Preventing Malware Removal Tools from Running

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

15 more replies
Relevance 65.19%

Malicious Code has become increasingly complex and infections involve more system elements than ever before. Sometimes, when your antivirus software is not able to remove virus from your computer, you may need to download and use these free specialized tools which are released by well-known security companies like Symantec, Eset, Kaspersky, etc. Malware & Virus Removal Tools
Here is a list of some Malware & Virus Removal Tools: Security Response Removal Tools - Symantec Corp. Stand-alone malware removal tools - ESET Knowledgebase Virus-fighting utilities Free Virus Removal Tools - Bitdefender How To - Remove threats - Removal Tools | F-Secure Avira AntiVir Removal Tool - Download How to Use Stinger | McAfee Free Tools
If you know of any other links, please do share here.

Answer:Free Standalone Malware & Virus Removal Tools

Hi Andy ! Emsisoft Emergency Kit: http://www.emsisoft.com/en/software/eek/

1 more replies
Relevance 65.19%

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Hi and welcome to the Bleeping Computer malware removal forum. If you are reading this article, then you are most likely looking for a solution to a possible malware infection on your computer. Please follow these steps in order to provide information that we can use to analyze your computer's configuration. Please note that these steps may appear to be long and daunting. In reality, though, they are very simple and are only so many steps as we wanted to be as detailed as possible in the instructions.
Before you perform these steps, it is suggested that you first check to see if there is a self-help guide for infection here:
Virus, Spyware, and Malware Removal Self-Help Guides
If there is one, then you can attempt to use the self-help guide first and then continue with these steps if you feel that you are still infected.
- Backup your data!
Regardless of whether or not you have a malware infection, routinely backing up your data should be an important part of every computer users life. Whether it be a hard drive that has failed or malware that has caused your computer to become inoperable, not having your files, pictures, email, and music can be a disaster. We therefore suggest that before we move forward with this cleaning process, you first backup your data to a secure location. That secure location could be a burnable DVD, an external backup drive, or another... Read more

Answer:Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Bump to reset order.

1 more replies
Relevance 65.19%

Hey Guys,
 
I Follow the 

CryptoLocker Ransomware Information Guide and FAQ
http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#decrypt
and set the security policies to avoid CryptoLocker attack my computer which are these 
 
Block CryptoLocker executable in %AppData%

Path: %AppData%\*.exe Security Level: DisallowedDescription: Don't allow executables to run from %AppData%.

Block CryptoLocker executable in %LocalAppData%

Path if using Windows XP: %UserProfile%\Local Settings\*.exePath if using Windows Vista/7/8: %LocalAppData%\*.exeSecurity Level: DisallowedDescription: Don't allow executables to run from %AppData%.

Block Zbot executable in %AppData%

Path: %AppData%\*\*.exe Security Level: DisallowedDescription: Don't allow executables to run from immediate subfolders of %AppData%.

Block Zbot executable in %LocalAppData%

Path if using Windows XP: %UserProfile%\Local Settings\*\*.exePath if using Windows Vista/7/8: %LocalAppData%\*\*.exeSecurity Level: DisallowedDescription: Don't allow executables to run from immediate subfolders of %AppData%.

Block executables run from archive attachments opened with WinRAR:

Path if using Windows XP: %UserProfile%\Local Settings\Temp\Rar*\*.exePath if using Windows Vista/7/8: %LocalAppData%\Temp\Rar*\*.exe
Security Level: DisallowedDescription: Block executables run from archive atta... Read more

Answer:Security Policies doubts after Malware Removal Tools

Instead of playing with the Local Group Policy Editor manually to set these GPOs, you should just download and use the free version of CryptoPrevent that will do everything for you and also offers you various options when it comes to the "thightness" of the settings.https://www.foolishit.com/vb6-projects/cryptoprevent/This tool was created following Lawrence Abram's instructions you just followed, plus some custom made rules, so you'll be good if you use it.

1 more replies
Relevance 65.19%

Hey I am just really interested in PC security and repair and I was just wondering if you guys had any good resources for my own personal research. If you could tell what you would want to look for when examining these files created by the programs listed below and even what the purpose is for these programs that would be very helpful in helping me understand the process better. I got this from your malware removal procedure forum. Very insightful by the way

? BitDefender
? PandaActiveScan.
? GetRunKey
? ShowNew

Thanks
 

Answer:Examing logs created by malware removal tools

Your best resource is the thousands of posts in this forum.

BitDefender and Panda are rather self explanatory in most case however you still need to know the difference between valid detections and false detections and that comes with significant experience over a period of time.

We don't have time to really explain GetRunKey and ShowNew to you. In short GetRunKey shows lots of registry keys (not necessarily bad) and potentially bad files associated with certain infections. ShowNew dumps out important areas of the file system that may be used by malware. ShowNew also prints and uninstall program list so you can see if any malware is installed. You need to have a good understanding of ALL Windows OS's, the file systems, and the registry to understand what they are being used for. Also you need to again be able to distinguish between what is valid and what is not valid and that also comes with significant experience.

Reading the threads and reading the logs and seeing what is fixed and not fixed will teach you a lot.
 

1 more replies
Relevance 65.19%

I have attempted to run the following programs:MalwarebytesNorton Power EraserMcAfee StingerI am able to install them and get them up and running. They run for 30 seconds or so then the programs get killed. When I try to restart the programs, I get the following message: Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.This problem occurs whether I run Windows XP Home SP3 as a regular user, or as an administrator in Safe Mode.

Answer:Malware Removal and AV Tools get killed when attempting to scan

Hello,This infection changes settings on your computer so that when you launch an executable, a file ending with .exe, it will instead launch the infection rather than the desired program. To fix this we must first download a Registry file that will fix these changes. From a clean computer, please download the following file and save it to a removable media such as a CD/DVD, external Drive, or USB flash drive.FixNCR.reginsert the removable device into the infected computer and open the folder the drive letter associated with it. You should now see the FixNCR.reg file that you had downloaded onto it. Double-click on the FixNCR.reg file to fix the Registry on your infected computer.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes'... Read more

1 more replies
Relevance 65.19%

My computer experienced Police Pro and/or Antivirus 2010 which disabled AVG 8.5 along with Malwarebytes, Norman Malware remover, spy doctor and Hijack This ... I have manually removed all registry items and files that I could locate and the computer does not show any sign of the virus while in safe mode, however it still will not run AVG scans or any other malware removal tools, so my assumption is that there is something still running that I am not seeing.

I tried to run RootRepeal, but it crashes if I request Files to be scanned. I then ran Win32kDiag and it appears to have run below is the log. Any help in getting AVG and a Malware removal tool running would be greatly appreciated!!!!!
Running from: C:\Documents and Settings\Owner\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Owner\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINNT'...

Found mount point : C:\WINNT\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\$hf_mig$\KB944533\KB944533

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\$hf_mig$\KB956390\KB956390

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\&... Read more

Answer:Anti-virus and malware removal tools disabled

Hello vjc,Please refrain from making any changes to your system (updating, installing, removing, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) "%userprofile%\desktop\win32kdiag.exe" -f -r into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

55 more replies
Relevance 65.19%

Hi..

When i try to run the spyware removal tools, nothing comes .. I think my system is deeply affected by spywares. I renamed mbam.exe to mb.exe and ran. Still it didn't run. so please tell me to run these anti spywares. PLease help !!
I am attatching the Mlogs.zip which i got when i ran MGtools :cry


http://citycricketers.wordpress.com The IPL Team
 

Answer:Cannot run malware antibytes or super antispyware like removal tools

Welcome to MajorGeeks!

Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First. If TDSSserv is not found, just continue on with the READ & RUN ME.
TDSSserv Non-Plug & Play Driver Disable

READ & RUN ME FIRST. Malware Removal Guide

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip... Read more

1 more replies
Relevance 65.19%

So I had a virus that I thought I had gotten rid of a month ago, but it seems to have returned last night while I was asleep. It now freezes or shuts down anytime I start the computer normally, so I have to start it in Safe Mode to get anything running. It won't let me install Malwarebytes or SUPERspyware removal or anything like that. Ad-aware removed a few things but when I rebooted I couldnt start my computer normally. I have McAfree, but I can no longer start it. Most removal programs I try to install don't work. And when I start a firefox browser, even in safe mode, it tells me "The procedure entry point [email protected]@Z could not be located in the dynamic link library msvcrt.dll." So here is my HijackThis log from Safe Mode:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:21:53 PM, on 5/4/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wbem\unsecapp.exeC:\WINDOWS... Read more

Answer:Virus that prevents malware removal tools (malwarebytes, etc.)

Sorry, here is my dds file

3 more replies
Relevance 64.78%

I appear to have some sort of virus/malware that is redirecting me everytime i click a google link. It is a very annoying problem, but is there any danger with this kind of infection?

I began following the 'Read this now' post and downloaded the 4 malware removal processes. I ran the 1st two and got up to using Combofix, however that would not run without disabling my AVG free.... i cannot see any way of disabling AVG, how can i do this?

It is worth noting that SUPERantispyware removed 1 trojan horse and the malware removal tool picked up about 11 infections. The original problem with the google links was then fixed so i decided not to continue my PC cleaning because Combofix sounded like a major program!
Using the laptop tonight seemed fine with google working as per normal, however it just started doing the redirect thing again!!!!!

Any help appreciated, i am sure i will get the usual response, but before i can do the full PC clean, i need to disable AVG.

Thanks
 

Answer:Malware removal. How do i disable AVG free to run Combofix?

Here are logs for the first 2 stages of the 'readme' which i have just done.

SAS removed 26 items!
wheras anti-malware found nothing.

thanks in advance.
 

11 more replies
Relevance 64.78%

So... I am completely clueless about computers. I got this virus by downloading a torrent grr.
I cant follow any of the removal steps because it won't let me open up anything, any programs or the internet, and it keeps on sending me to this website, "antiviruspower."
I can't open task manager or open Remove/uninstall programs, open command prompt, go on the internet, open microsoft word or anything of the sort.

"Application cannot be executed. The file ___ is infected. Do you want to activate your antivirus software?"
(if you say yes it takes you to the 'antiviruspower' website...)

I am on a mac right now, since I cant go onto the internet on my other computer.
I downloaded the virus removal stuff (from the removal steps) onto a USB so I could try to install it on my infected computer but when i try to it gives me that error message, above.
I can access task manager by taping down the control alt delete buttons so it will keep on opening new ones but I don't know if deleting processes from the task manager will help anything, I'm completely clueless. Before, I deleted some random processes that I thought sounded weird... i hope I didn't ruin anything.
It helped once though. I deleted something (dont remember the name) and after that the virus seemed to be gone, except I couldn't go on the internet. then, since I could open things again, I followed Step 1 (I installed TFC) and when I rebooted like it ... Read more

Answer:Virus - unable to run any malware tools! Help!

You need to try to run all the scans from the READ & RUN ME FIRST. Malware Removal Guide in safe mode if necessary.
Also, you could try creating this cd and booting to it on the infected machine:
BitDefender Rescue Disk-with-auto-update.
 

1 more replies
Relevance 64.78%

Hey there,

I'm working on my dad's computer and am having a helluva time trying to fix whatever is wrong with it.

Its not letting me run and malware programs. For example, if I run Malwarebytes (or TDSSkiller, Spybot, GMER) I get: Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item. I am logged in as Admin and get the same result if I right click > run as admin.

I was able to get DDS to run and heres the log:
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
Run by <removed> at 8:21:53 on 2011-07-28
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2557.1192 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
"\\.\globalroot\Device\svchost.exe\svchost.exe"
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Window... Read more

Answer:Redirect and Unable to run malware tools

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on http://www.bleepingcomputer.com/logreply/411710 and follow the instructions there. If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following inf... Read more

30 more replies
Relevance 64.78%

My problem sounds similar to other threads,  mostly like this one:  http://www.computerhope.com/forum/index.php/topic,76406.0.html " But it seems as if nobody was sucessfull with removing this beast yet. My issue all started with WINLOGON asking my firewall for web access, which I let go through because Google adviced if the file is in the system32  folder it should be fine. Since then IE pops up sites by random;  forced reboots occured and  Windows keeps saying "Appl. cannot be executed, the file is infected, please activate your antivirus software". The virus pretends as if itself was a malware removal tool. It claimed that NetSky32 took over the system and wanted the user to donwload security tools (a fake regestry defender window poped open). SuperAntiSpy cannot see anything, Malwarebytes is far better, but still not succesfull . The virus kind of panics as I donwloaded MalWareBytes and after the first scan the virus deleted the Malwarebytes executable. At one point of time it seemed as if I would be fine (the regedit and taskmanager were usable again,  the Virus-warning desktop background was gone, but: I could never boot into a savemode to perform a full system scan and completely get rid of this. When trying to boot in save mode I still get a blue screen of death. Part of the virus is residing in C:\Windows\temp. The files seem to be rewritten at each boot time: gnserv.dat, spserv.dat, fla6.tmp,  Perflib_prefdata_44c.da... Read more

Answer:Malware in C-Windows-temp and maybe in the MBR. All common removal tools failed

Hello. Welcome to CH!  Are you able to boot to Windows?These two files: C:\WINDOWS\system32\serauth1.dll and C:\WINDOWS\system32\serauth2.dll -- will continually be restored while their backup is in place. These are not necessarily bad.If you are able to boot, please do the following:Please open Notepad and enter in the following:[email protected] offecho DMJ Find > findSUBawf.txtecho. >> findSUBawf.txtif exist "%SystemRoot%\System32\clauth1.dll" echo Found clauth1.dll >> findSUBawf.txtif exist "%SystemRoot%\System32\clauth2.dll" echo Found clauth2.dll >> findSUBawf.txtif exist "%SystemRoot%\System32\lsprst7.dll" echo Found lsprst7.dll >> findSUBawf.txtif exist "%SystemRoot%\System32\nsprs.dll" echo Found nsprs.dll >> findSUBawf.txtif exist "%SystemRoot%\System32\serauth1.dll" echo Found serauth1.dll >> findSUBawf.txtif exist "%SystemRoot%\System32\serauth2.dll" echo Found serauth2.dll >> findSUBawf.txtif exist "%SystemRoot%\System32\servdat.slm" echo Found servdat.slm >> findSUBawf.txtif exist "%SystemRoot%\System32\ssprs.dll" echo Found ssprs.dll >> findSUBawf.txtif exist "%SystemRoot%\System32\sysprs7.dll" echo Found sysprs7.dll >> findSUBawf.txtif exist "%system%\bak" echo AWF-POSSIBLE >> findSUBawf.txtecho. >> findSUBawf.txtecho EOF >> findSUBawf.txtStart findSUBawf.txtexitThen, click File > ... Read more

14 more replies
Relevance 64.78%

I have 2 problems, the malware(Guard Online) and the google redirect problem so I look at the steps in "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help". I followed the steps until I got to step 8. I have a problem with thePart of Step 8 that says "Please double-click on the gmer.exe program. Once you double-click the icon a Windows security warning may appear asking if you are sure you would like to run the program. If this warning appears, please click on the Run button to allow GMER to start. If no warning appeared then you should just continue with the guide". When I click gmer.exe, an error pops up and says "Windows cannot access the specified device,path,or file. You may not have the appropiate permissions to access the item.". This error pops up when I try to use malwarebytes and SuperAntiSpyware as well. What do I do?

Answer:Problem with---> Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Hello,Forget about GMER for now and please post the DDS logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

6 more replies
Relevance 64.78%

Hello and Thanks in advance. I ran all tools to get a chance to ask someone how to repair the registry in my windows 7 64 bit system. It's new but has crashed multiple times. I was tired of restoring to factory settings.

It seems that someone with physical access during the 3 months I've owned it has changed settings so they can receive reports from this computer. Help!
 

Answer:Registry repair after running all suggested malware removal tools.

eMachines EL1352G-41w, AMD Anthon IIx2 220 Processor 2.8 GHz, 2.00 GB (1.75 usable), 64-bit operating system, Windows 7 Home Premium Service Pack 1, ZyXEL EQ-660R-F1 ADSL Router on single phone line 1.5 max (out in the sticks), No wireless connections, HP OfficeJet 5610v All-in-One (won't print), NVIDIA nForce 10/100/1000 Ethernet, worked fine till I left town. Have restored to factory 5 times. Some registry files are missing, and I don't have permission to change them. Files from Malware scans attached.

Hope this is all correct. Poke me in the eye if not! ~G
 

4 more replies
Relevance 64.78%

Hi,

My son's Laptop has a nasty redirect virus that also prevents the execution of malware removal programs and also prevents the logging tool from working. The icons for both Malwarebytes and the dds tool have a colored "shield" that is imposed on top. Any help would be greatly appreciated. OS is Vista Home edition.
Appreciatively,

A

Answer:Malware with redirect prevents removal tools and logs from executing

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

2 more replies
Relevance 64.78%

Still having problems accessing files and folders on C drive; no access or access denied to open or view Docs and Settings folders, App Data, etc. Access is even denied to my user Documents\MyMusic, MyPictures, and MyVideo files.

Read and followed instructions in the Read & Run Me First removal guide. Downloaded SuperAntiSpyware, Malwarebytes, ComboFix, and MGTools.

Looked for log from SAS but couldn't find anything saved anywhere. If I right-click on the .exe saved to my desktop, properties show it as "SAS.exe.exe" Is that normal??

Also, I noticed after running Malwarebytes or Combofix (I don't remember which-sorry), a new folder was created - "C:\$RECYCLE.BIN" which, of course, is locked.

A little more history here: I knew I had this trojan a couple of months ago and, without reading up on anything, thought I could do a system recovery from a recovery disk I had. Unfortunately, that didn't work, and I ended up with a black screen that kept saying, "No operating system installed". A friend took my laptop and said he "wiped it down as deep as he could go", then installed Windows 7 (I previously ran Vista). Got the laptop back recently and found out the trojan is still here, living large in the background on my laptop.

So, I am assuming the logs will show a pretty bare bones system here, and that's why.

I've attachd the logs I can find.... HOWEVER, when I try to attach MGTools.zip fi... Read more

Answer:Ran all suggested malware removal tools and ZeroAccess trojan still installed.

ZeroAccess trojan still present after all removal tools used

I've had this trojan on my laptop for almost 4 months. Before doing any research, i tried to do a system recovery from a disc I had made last year, but ended up with a black screen telling me that "no operating system installed". Gave my laptop to a friend to "fix". He "wiped the hard drive down as deep as poosible", installed Windows 7 (I previously had Vista), and gave it back to me. I assumed he knew the extent of this trojan, but obviously he didn't. I have a 64-bit operating system, running Windows 7. Everything else was installed or re-installed by my friend after he "wiped the hard drive".

I read the Read & Run me guide, installed and ran all the tools, etc. Here's the issues:

I am denied access to common doc files, my start menu folder, my templates folder, etc. I have two program files, one of which has "(86x)" behind it; after running the removal tools, i found a new folder on my hard drive: "$RECYCLE.BIN" which of course, is locked. When I right-click on the SAS.exe file on my desktop, the properties show this: "SAS.exe.exe", same with "mb.exe.exe" (is this normal??).

There is nothing in the SAS folder on the C drive, but SAS didn't show anything anyway; I've attached the combofix log; inside the MGLogs.zip file is another folder called "Qoobox" along with the text ... Read more

4 more replies
Relevance 64.78%

Hello. I was visiting a few websites and all of a sudden my computer blue screened and started doing a "file dump" it then reset itself.

I tried to go on and fix it, but it wouldn't let me access any antivirus/spyware/malware downloads. Norton, mcafee, spydoctor, malwarebytes anti malware.

I started getting popups stating "this site is unsafe download this.." it was a windows/microsoft grey box message. It seemed legit, but I did not actually download it. I cancelled. I got it every few websites I went to. Mostly from the antivirus sites.

I restored my computer to factory settings (didn't need anything on it).

I have since been able to run several virus scans and download several malware softwares. I have malwarebytes anti malware, norton, and spydoctor. They all have run and found nothing.

I just want to make sure I have gotten rid of everything.

I downloaded hijackthis and this is the log it just returned.

I don't know what to do with all this, but it has been suggested I find a help forum for some advice.. Anything anyone can tell me is much appreciated. Thanks in advance.

Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:26 PM, on 8/7/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.... Read more

More replies
Relevance 64.37%

I have read READ ME FIRST and I was running through the malware removal procedure and had got to the combofix stage (malware problems: numerous it seems, SAS and MB found numerous infections; 'njc.exe' running, and various windows keep popping up including 'winlogin', 'hello4', and others). Previously I had uninstalled AVG using the removal tool advised in the READ ME FIRST. When I double clicked the combofix it warned me that AVG was running: I double checked that no AVG was running/installed, and since there wasn't I went ahead with the combofix (even though it warned me that it was at my own risk...). At that point the Dreamweaver and Internet Explorer programs both started running. The combofix program then asked to download the recovery console. It started the download, but the computer crashed, saying that there was a 'fatal error' and 'system shutdown'. I forced a shutdown (turning off power) and on rebooting, the computer would not boot. On second attempt when pressing F12 it booted and is currently on (I'm currently using a different computer). Please let me know what I should do next. Thanks,
 

Answer:Error when running combofix stage of malware removal

killian said:





On second attempt when pressing F12 it booted and is currently on (I'm currently using a different computer). Please let me know what I should do next. Thanks,Click to expand...

Skip ComboFix and continue thru to MGtools. Then attach logs from the below:

SUPERAntiSpyware
Malwarebytes
RootRepeal
MGtools

 

22 more replies
Relevance 63.96%

Hello,Today my computer was affected by a malware which redirects me to a search website which makes me install malicious programs, I manager to get rid of those programs by Spybot. But google searching sometimes redirect me to those website (about 1 out of 5 clicks). I scan my computer with Malwarebyte/Spybot in Safe Mode but I couldn't find anything. In addition, I cannot do windows updates, it keeps lagging and it doesn't response. Please help me fix this, I really need my computer to be safe soon before my school project presentation. I only have DDS report, GMER doesn't work for me (keep crashing with blue screen). Thanks in advance. UPDATE 1: I get redirected even not using google! Sometimes I browse around websites and then bring me to those malicious sites!Update 2: Here's what I got from AVG virus scan:"C:\Windows\System32\wuauclt.exe (5388):\memory_00010000";"Trojan horse Agent_r.XJ";"Object is inaccessible.""C:\Windows\System32\wuauclt.exe (5388)";"Trojan horse Agent_r.XJ";"""C:\Windows\explorer.exe (1060):\memory_00010000";"Trojan horse Agent_r.XJ";"Object is inaccessible.""C:\Windows\explorer.exe (1060)";"Trojan horse Agent_r.XJ";""DDS (Ver_11-03-05.01) - NTFSx86 Run by Kenny Tang at 14:41:17.71 on 22/03/2011Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: ... Read more

Answer:Google redirect malware residual after Spybot removal

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not d... Read more

17 more replies
Relevance 63.96%

Hi

I was just wanting to know the reason why Spybot S&D was removed from the "How to Protect yourself from malware!" sticky.

I am using version 1.6.2 since I found the newer v2 to be quite bloated and annoying. Should I still be using 1.6.2 since it still downloads the lastest malware signatures? Or is there an important reason why it was removed as a recommended antispyware tool?

Cheers
Sam
 

Answer:Reason for Spybot S&D removal from How to Protect yourself from malware thread?

Just not that useful anymore and as you noted V2 is too bloated. We also never liked Teatimer.

You can still use the old version and make use of the bad download blocker and hosts file protection if you wish but I would not use Teatimer. Modern antivirus programs already included antispyware too.
 

1 more replies
Relevance 63.96%

I'm semi-tech literate but mostly illiterate. Thank you for your time!I'm using Windows Vista Home Premium; SP2 on Dell Studio 1737.Using IE8. I didn't download any file, but by searching for videos, I suddenly got messages popping up telling me that my computer had been infected. The most unbelievable one including this sentence "Click here for the scan you computer." It also had pop ups asking me to activate my anti-virus software which I did not accept. It also started to do some type of scan which I X'd out. After that when I tried to open any files, such as Spybot, Task Manager... I'd get a taskbar bubble saying that the file was infected and it wouldn't open. For some reason Norton was able to open, but the scan found nothing. It also periodically opened webpages in IE.I restarted in Safe Mode and ran SpyBot. It removed 4 "Malware" files (Sys.Guard) among some tracking cookies. I also ran ad-aware which found nothing and norton again, finding nothing. I ran AVG from safe mode and it found nothing. I restarted in Normal mode. All the pop ups had disappeared. Everything seems to be working normally, except that now it appears like I'm not the admin of my own computer. For example, when I used HiJack This, I got a box saying there were some files it could not open because I didn't have admin rights. When I right click on icons it has the option to run as "administrator". Through HiJack This I got a report wh... Read more

Answer:Trojan/Malware; Spybot Removal but Admin change?

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

21 more replies
Relevance 63.55%

I had a key logger in my machine and in order to remove it, I ran several anti-malware/spyware programs. As a last resort I had to run combofix (no, that was not the wisest decision to be taken). After a reboot the key-logger was gone, now my computer won't access the internet wired connection on the inbuilt motherboard's network card. I went looking for answers on the web and read this on a thread at bleepingcomputer forums from someone that had the same OS and issue:

"please delete the copy of ComboFix that you have from your desktop and download a fresh copy and run it,

now run the uninstall routine:

Press the WinKey +R to open a run box > copy/paste the following into the run box >press OK

ComboFix /uninstall

your connection should now remain in tact

please let me know how that goes

thanks"

So I did that, but it still won't work.

I need some serious help here...

Thanks you for your patience and time in advance!
 

Answer:Solved: Wired connedction issues after malware removal with combofix!

Does it get a local connection?

If you load cmd and type "ping www.google.com" goes it get a reply?

Also what anti virus are you running?
 

3 more replies
Relevance 63.55%

I have a Dell Studio 15 laptop on which I am running Vista 32-bit. I suspected malware on my system and followed your Malware Removal Guide. But when I reached the Combofix step, everything went to hell. Here?s the full story:

A few weeks ago, I was cleaning the house and found a stack of old cds from many years ago. I figured I?d put the files on the laptop, sort through them, and get rid of the cds. In retrospect, I learned that one of the cds from a friend had a cracked version of Age of Empires on it, but I didn?t know that at the time. I unwittingly copied that file onto the laptop twice because it was on two different cds.

I didn?t realize there was a problem until last week. Spybot picked up a bunch of tracking cookies during a routine scan, which was odd because I am pretty vigilant about cookies. I removed them and moved on. Later, I checked the cookies list in Firefox, and I saw that the tracking cookies were still there. I tried deleting them, but they remained. I clicked delete again, and they appeared to be deleted. However, when I reopened the Firefox cookie viewer, they reappeared. I tried to delete all cookies, and all cookies were deleted except the offenders. This was the only symptom of malware I noticed.

I ran Spybot again, and it didn?t pick up anything. I ran AdAware, and it didn?t pick up anything either. I booted in safe mode and got some results. Spybot picked up the tracking cookies, and AdAware picked up two ins... Read more

Answer:Combofix deleted system files during Malware Removal Guide?

It may be possible that Combo found infected registry keys, but without the log to look at, I can't say for sure.

Have you tried doing a system restore?
 

15 more replies
Relevance 63.55%

Hey Guys,

Sorry to be bothering you all, but I've been having issues lately with some virus/malware. I've been reading the forums on similar cases and trying to remove some myself (probably doing it wrong), but they still seem to be appearing in my computer when I do my scans in different areas. Any advice would be appreciated.

HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:53 AM, on 8/3/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Norton 360\Engine\3.8.0.41... Read more

Answer:Virus/Malware Removal Help - w/ HJT Log, Combofix Log & Kaspersky Online Scan

ComboFix Log

ComboFix 10-07-31.01 - Dave.xD 08/03/2010 9:05.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3070.2027 [GMT -4:00]
Running from: c:\documents and settings\Dave.xD\Desktop\wCFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2010-07-03 to 2010-08-03 )))))))))))))))))))))))))))))))
.

2010-08-03 12:59 . 2010-08-03 13:03 -------- d-----w- C:\ComboFix
2010-07-25 21:18 . 2010-07-25 21:18 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-07-25 21:18 . 2010-07-25 21:24 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-25 21:18 . 2010-07-25 21:18 -------- d-----w- c:\program files\Symantec
2010-07-25 21:18 . 2010-07-25 21:18 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-07-25 21:18 . 2010-07-25 21:18 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-07-25 21:17 . 2010-07-26 15:04 -------- d-----w- c:\windows\system32\drivers\N360
2010-07-25 21:17 . 2010-07-25 21:17 -------- d-----w- c:\program files\Norton 360
2010-07-25 21:17 . 2010-07-25 21:17 -------- d-----w- c:\program files\Windows Sidebar
2010-07-25 21:12 . 2010-07-25 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2010-07-22 03:57 . 2010-07-22 03:57 -------- d-----w- c:\documents and settings\Dave.xD\Local Settings\Application Data\fyupfjibl... Read more

2 more replies
Relevance 63.14%

google search is often hijacked when clicking on links. Happens on firefox or msie. The page is redirected through several other domains before taking me to a final destination remotely related to the original search term. Some of the sites seen in the middle are cs10275.com and ffinddirect.com, but there is no viable info on those online.

Neither spybot, avg or malwarebytes have removed the problem, and i see nothing odd in my hosts file or running processes.

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:19:38 PM, on 1/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WIN... Read more

Answer:google search hijack, can't find the prob in hosts or with malware removal tools

16 more replies
Relevance 62.73%

Hi,
 
I am unable to install updates for Windows Defender, Windows itself and various anti-virus and anti-malware tools.
Sometimes the anti-virus and anti-malware tools even refuse to download and/or install at all.
 
When I do succeed in installing them, something is blocking the virus definition updates.
The programs do run, but can never update them after the initial installation. Result: I'm running with massively outdated virus definitions.
 
I'd like to avoid having to wipe the disk and re-install windows from scratch.
 
 
contents of the FRST.txt file:
 
Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 27-11-2016
Gestart door Minke (Beheerder) op PC-MINKE (30-11-2016 12:24:58)
Gestart vanaf D:\
Geladen Profielen: Minke (Beschikbare Profielen: Minke)
Platform: Windows 10 Pro Versie 1511 (X64) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: Edge)
Boot Modus: Normal
Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processen (gefilterd) =================
 
(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)
 
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Malwarebyte... Read more

More replies
Relevance 62.73%

Hi,
 
I am unable to install updates for Windows Defender, Windows itself and various anti-virus and anti-malware tools.
Sometimes the anti-virus and anti-malware tools even refuse to download and/or install at all.
 
When I do succeed in installing them, something is blocking the virus definition updates.
The programs do run, but can never update them after the initial installation. Result: I'm running with massively outdated virus definitions.
 
I'd like to avoid having to wipe the disk and re-install windows from scratch.
 
 
contents of the FRST.txt file:
 
Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 27-11-2016
Gestart door Minke (Beheerder) op PC-MINKE (30-11-2016 12:24:58)
Gestart vanaf D:\
Geladen Profielen: Minke (Beschikbare Profielen: Minke)
Platform: Windows 10 Pro Versie 1511 (X64) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: Edge)
Boot Modus: Normal
Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processen (gefilterd) =================
 
(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)
 
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Malwarebyte... Read more

More replies
Relevance 62.32%

Really bad Malware and possible virus - unable to uninstall Can't run ComboFix or any other program

What ever this is it will not allow gmer, combofix, Search and Destroy, or Malwarebytes to run properly. I can get tdsskiller to run but everytime I reboot the redirect comes back.

Frustrated

Answer:Really bad Malware and possible virus - unable to uninstall Can't run ComboFix or any other program

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

3 more replies
Relevance 62.32%

I've got a really strange problem, that makes it really difficult to post any diagnostic information about the problem. I've tried running HiJackThis, MalwareBytes anti-malware, Trendnet housecall online scanner, GMER, ad-aware, Spybot S&D, RootRepeal and dds.scr. The results are pretty much the same for all of these programs. The scan/analysis starts, sometimes it gets partway through scanning, and then the application window gets closed. After this happens, in the case of .exe files, the resulting program is rendered useless, in that further attempts to launch it result in a "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item." and you also cannot rename, or delete the file.

Trend-net housecall is also pretty interesting, in that it runs inside the browser, and after it was terminated (part way through the scan) iexplore.exe now exhibits the same error in not being able to launch. This not being able to launch persists across reboots also. I then installed firefox.exe on the system, was using it for a brief period, tried trend-net housecall and now it too is showing the error in not being able to launch.

dds.scr is able to be to be re-launched, and it brings up the black command window type screen, but never brings up the notepad windows. It seems unaffected by the termination behaviour, and is able to be re-launched.

I was able to run A2 anti-trojan, and do have a log of what it... Read more

Answer:Strange malware issue - unable to use detection tools or virus scanners

Hi Thomas Lovie,Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.I share your academic interest. So let's have a go at it.Download and run Win32kDiag: Download Win32kDiag from any of the following locations and save it to your Desktop. Download Win32kDiag (Win32kDiag.exe) - #1 Download Win32kDiag (Win32kDiag.exe) - #2 Download Win32kDiag (Win32kDiag.exe) - #3 Double-click Win32kDiag.exe to run Win32kDiag and let it finish. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.Next......

Also post the A2 anti-trojan log.

30 more replies
Relevance 61.91%

Hello i believe i have some sort of malware.... spybot keeps finding this "Netpumper" thing nd cannot get rid of it even after scannin on reboots.... it says its in C:\Program Files\Anti-Leech or somethingand here is my HijackThis log... if someone could let me know w/ their expert advice if i have a problem nd how i should tackel it?Thanks for all ur help!!! P.S. i've also attached what i found in the spybot S&D window.... thanks!!!----------------------------------------------------------------------------------------------------------------------------------------------------------------Netpumper(SBI $A74F6AD8) Program groupC:\Program Files\Anti-Leech*******************************************************Company: WakeNet ABProduct: NetpumperThreat: AdwareFunctionalityNetpumper is a download accelerator which comes bundled with adware in the 'demo version'.DescriptionNetpumper 'demo' comes bundled with WhenU.Clocksync, WhenU.Save and Cydoor. It only runs with these bundled adware components installed. There are reports of stealth installs by Netpumper. Netpumper's domain is registered via DomainsByProxy which is used to hide ones identity. Legal companies should refrain from registering domains through such means.----------------------------------------------------------------------------------------------------------------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Sc... Read more

Answer:Spybot S&d Found Netpumper... Unable To Remove Malware?

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

1 more replies
Relevance 61.91%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:07:11 PM, on 4/3/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18372)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\dldtcoms.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\DellTPad\Apoint.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\WINDOWS\system32\WLTRAY.exeC:\Program Files\... Read more

Answer:Unable to Run Spybot and cannot install Superspyaware or Malware bites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Relevance 61.09%

Got some sort of trojan virus. Downloaded an anti virus program which caught the virus and quarantined it. Then deleted the anti virus program because it was a process hogger.

The reason I downloaded the anti virus program was because spybot was not updating and I was getting weird internet activity such as redirects to verizon.net search page, 404 errors when I tried to install spybot (after de-installing it).

I believe the virus is still in the computer. BECAUSE i cannot even download antimalware programs from major geeks and any web site i go to related to spybot downloading get 404 error or "Internet Explorer cannot display the webpage
Most likely causes:
You are not connected to the Internet.
The website is encountering problems.
There might be a typing error in the address.

What you can try:
Diagnose Connection Problems

More information"

SO THIS IS MY PROBLEM. I have run cc cleaner, but am out of luck with spyware programs running, because either cannot download them, or once they are downloaded, they wont update. It seems the virus knows spybot and refuses to even let me go to spybots web site.
 

Answer:cannot update spybot or download major geeks malware removal programs - virus trojan

Re: cannot update spybot or download major geeks malware removal programs - virus tro

Welcome to Major Geeks!





mpurchases said:





Then deleted the anti virus program because it was a process hogger.Click to expand...

Very bad idea!


Please read ALL of this message including the notes before doing anything.

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.
After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:
If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip ge... Read more

1 more replies
Relevance 59.86%

I have removed (uninstalled) Norton 360 and use Bit Defender now as my antivirus. I have used Norton exclusively in the past and have had numerous issues with them mainly speed and crashing issues. When I try to defrag now with windows disk defrag I get this result:

Volume (C
Volume size = 69.83 GB
Cluster size = 4 KB
Used space = 43.20 GB
Free space = 26.64 GB
Percent free space = 38 %
Volume fragmentation
Total fragmentation = 18 %
File fragmentation = 37 %
Free space fragmentation = 0 %
File fragmentation
Total files = 113,880
Average file size = 633 KB
Total fragmented files = 7
Total excess fragments = 7,663
Average fragments per file = 1.06
Pagefile fragmentation
Pagefile size = 876 MB
Total fragments = 2
Folder fragmentation
Total folders = 11,232
Fragmented folders = 1
Excess folder fragments = 0
Master File Table (MFT) fragmentation
Total MFT size = 153 MB
MFT record count = 127,703
Percent MFT in use = 81 %
Total MFT fragments = 3
--------------------------------------------------------------------------------
Fragments File Size Files that cannot be defragmented
7,636 18.11 GB \RECYCLER\NPROTECT\00158776.

I have tried to remove Norton using uninstall programs by Norton and by physically searching for files on my computer but never seem to get a hold of the offending files.

Please help.
 

Answer:Unable to remove fragmented Norton files, have tried Norton removal tools

8 more replies
Relevance 58.63%

Hello,

the company that supports our computers have spend hours trying to fix this and they are not sure why it is not working. They ran hijackthis (they said that the have had lots of experience with this) and found svchost.exe in the temp directory and said they deleted it. They also ran spybot, avg, kaspry [online version](sp?) and maybe sophos rootkit. Here is the problem. They still can't get the computer to connect to the domain and find any of the network resources but it does access the internet through IE. Not sure what is going on. Any ideas?

Jeff
 

Answer:Unable to repair after removal of malware

I used SDFix

This is the logfile:

DFix: Version 1.112

Run by Msadmin on Thu 10/25/2007 at 04:07 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...
Normal Mode:
Checking Files:

Trojan Files Found:

C:\DOCUME~1\Msadmin\LOCALS~1\Temp\svchost.dll - Deleted

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*isabled:Microsoft Management Console"
"C:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"="C:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9"
"C:\\Documents and Settings\\Jeffrey.Turner\\Local Settings\\Temp\\svchost.exe"="C:\\Documents and Settings\\Jeffrey.Turner\\Local Settings\\Temp\\svchost.exe:*:Enabled:svchost"
"C:\\Program Files\\Grisoft\\AV... Read more

1 more replies
Relevance 58.63%

HI, I am helping a friend to fix his computer. (windows 7 32bits) It was infected with NationZoom, spy hunter 4, and many others.
I use "spybot search and destroy" and "malwarebytes" to clean the infection.
 
But now I can't open any web pages. and Microsoft security essentials can't download any updates.
the most peculiar thing is that I can browse https pages but not http.
I have IE, Firefox and Chrome, the same thing happens in all the browsers.
 
Any help will be appreciated
 
ps. sorry for my bad English.

Answer:Unable to navigate after malware removal

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Click the button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.at the cursor type:ipconfig /flushdns <-- (A space between g and / is needed)repeat withipconfig /renewThen hit Enter, type Exit, hit the Enter key.You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilegehttp://www.mydigitallife.info/2007/02/17/how-to-open-elevated-command-prompt-with-administrator-privileges-in-windows-vista/<<<>>>Launch Notepad, and copy and paste the Bolded text below into a new text file.Save it as file name: fixme.reg. Save as file type: All files (*.*) and save it on your Desktop.Just save the file do not run it yet. I will tell you when later.Windows Registry Editor Version 5.00[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]@="http://"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]"ftp"="ftp://""gopher"="gopher://""home"="http://""mosaic"="http://""www"="http://"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]@="""http"=dword:00000003... Read more

8 more replies
Relevance 58.63%

I am trying to heal a laptop running XP (SP3) with 2GB RAM. Before booting, I get an error message that CMOS settings are wrong/CMOS date/time not set. I'm instructed to press F1 to run setup, but it does not respond. F2 loads default values and continues the bootup. Though the machine will boot to Windows, I can not get anything to run, not even the start button.

I am able to boot in safe mode, and began the "read & run me first" procedures. In safe mode the computer is so slow that it is almost disabled, but I was able to open and launch CCleaner. However, it has been running for some 4 hours now, and is still showing that it is 0% complete, though it has moved through a number of IE temp internet files.

I have downloaded SuperAntiSpyware onto a flash drive using a functioning computer, but the sick laptop does not recognize the USB drive. It recognizes the flash drive as "new hardware," but not as drive with files.

Any advice would be appreciated.
 

Answer:Unable to run malware removal procedures

I suspect that your error message about the CMOS not being set may mean your CMOS battery is dead or dying. You might want to try replacing that.

I suggest that you try transferring the scanning tools to a cd and see if you can't then move them over while in safe mode.

Let me know what you can do.
 

13 more replies
Relevance 58.63%

First, let me give you all at BleepingComputer major, major props. I appreciate all the work you all do an everyone should be very thankful to have such a great resource & community available. Can't thank you enough.I don't know if my computer is infected with any type of malware, but based on the symptoms I believe it probably is.Today I was playing around with my TV Tuner & Orb software (allows me to access my TV Tuner when traveling, similar to a slingbox), and while configuring the TV Tuner I downloaded a couple of driver versions and had to update and install different versions of Adobe Flash Player, VLC Video Player, and the TV Tuner Drivers from various sources and visit unknown websites to get info on some details of my cable service/ Tv Tuner and things like that.Symptoms (I have included screenshots help explian what's happening):-Malwarebytes Free Version freezes on both Full & Quick Scans after a very short period of time- (usually on: ?currently scanning: c\windows\system32\zipfldr.dll? )-Microsoft Security Essentials Freezes freezes when scan the starts:-SuperAntiSpyware's scanning interface never pops up (when I click "scan your computer" nothing happens)-Spybot Search & Destroy does not start at all-Unable to use VLC Video Player (The first 'problem' I noticed today)Browsing Status:-Normal Web-browsing in IE, Firefox (default browser), Chrome. No redirections or pop-ups noticedAnti-Malware Progr... Read more

Answer:Unable to use various Malware-Removal Programs

I noticed the Microsoft Security Essentials animated system tray icon still moving so I thought I'd take a look-So although when I initially started the scan nothing happened, I guess it's working a little bit at leastInteresting that the "Time Elapsed" is 27:11 when in reality I started the scan at 10:36 (so it should show around 53minutes).The program appears to be frozen/stuck on this screen for now...Not sure what to make of this, but I thought I should keep this updated.Thanks again

2 more replies
Relevance 58.63%

I think this relates to my primary problem which is, no matter what I download or try to install, either from diskette or from internet, I get a similar error message.

C:\Users\Larry\Desktop\ccsetup207_slim.exe The directory name is invalid.

I got as far as using Add\Delete Hardware getting rid of Java updates, etc. but when I attempted to d/l and install jre-6u6.......... I got the same error as above.

How can I run these programs if my computer will not let me install them?

Help please. Thanks in advance.
 

Answer:Unable to run Malware removal proggys

Think I solved my own problem.

In checking systems, etc., I went to permissions and disabled the UAC permission.

Now I can open downloaded programs from desktop and am able to install disks, and programs, etc.

Don't know why?????
 

2 more replies
Relevance 58.63%

Hi folks,

I had Internet Security 2013 malware on a laptop that my nephew uses. Despite apparenlty removing all of the junk on the machine, it refuses to connect to the internet.
I had posted on another forum, but the helper seems to have given up. I'm wondering now if its a hardware fault rather than a software,or has the OS been so corrupted? I'm not sure. I've not attached logs as quite a fair amount of work has already been done by the helper in another forum.. I will post the link ... If anyone could help, I would be really thankful.

http://www.bleepingcomputer.com/for...security-2013-no-access-to-internet-demented/

The thread details work already asked of me by the previous helper.

Thanks.
 

Answer:Unable to access net after Malware removal.

I will do my best, I may however refer you to the software forum if we do not find any malware/or I cannot repair things for you myself.

You will also have to follow OUR procedures:

READ & RUN ME FIRST - Malware Removal Guide
 

5 more replies
Relevance 58.63%

Hi,I need some help with the guide titled, "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help".http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/I'm up to step 8.I already downloaded GMER and when I double click it. It would automatically do a scan without prompting me (lasting less than 10 seconds) and then I continue with the instructions in the guide: I unchecked 'Sections', 'IAT/EAT', Drives/Partition other than Systemdrive, which is typically C:\, and 'Show All'.When I clicked "scan" the program just froze on me. I waited for about 5 minutes to see if it was just a lag but then I noticed the clock on the bottom of my computer screen also froze. I had to force the computer to shutdown by holding the power button. I tried GMER again about 2 more times and it froze both times the moment I clicked "scan". Then on the 3rd and 4th try, it scanned but I walked away for about half an hour and when I returned, it appeared to have self terminated. Then my final attempt. The scan finished and I clicked the "save..." button and the program froze on me and again, the clock on my desktop has froze again and I was not able to save the scan report.Is there an alternative program I can use rather than GMER?Thanks

Answer:I need help in the guide titled, "Preparation Guide For... Malware Removal Tools..."

If you cannot get GMER to just just post the other logs asked for and explain the problem you had trying to run GMER.

3 more replies
Relevance 58.22%

I noticed AVsecurity running on my computer I ran processexp and suspended the infected exe. I wanted to run malware bytes but i was unable to get to an website. I downloaded malwarebytes on my second pc and transfered via usb to the infected box. it removed 2exe's and reg files. I rebooted the comuter and am still unable to get to any webpage. attached are logs from dds.

Answer:Unable to open webpages after malware removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 58.22%

Okay so I ended up getting antispyware 2009 on my computer. I ran 2 scans with AVG which picked up some of it. Then 2 scans with Super Anti Spyware pro, which seems to have got rid of the rest. The program was still in the registry when I checked it. Nothing else really jumps out at me of why I cant change my background other than part of the virus being on my computer still. I have enclosed my hijackthis text log as an attachment. Thanks for the help in advance!

Answer:unable to change background after malware removal

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please do not attach logs unless requested. Post them directly into the Reply to Thread window. Thanks.

------------------------------------------------------

On... Read more

2 more replies
Relevance 58.22%

ISSUE: Unable to connect to internet via different browsers although wireless network connection indicates it is connected.

After being infected with Antivirus 2010
Removed with Malwarebyte’s Antimalware

Dell Inspirion 9300 laptop
· Processor Intel(R) Pentium(R) M processor 1.73GHz
· Processor Speed 1.69 GHz
· Memory (RAM) 1536 MB
· Operating System Microsoft Windows XP Professional
· Operating System Version 5.1.2600
Windows xp sp3
Ie8

Some of what I have done so far:
Network connections indicates connected to unsecure wireless network
Verified all connection settings, lan not selected everything else in place
At first ipconfig/all failed

Removed all network drivers rebooted and got the correct info for ipconfig/all
System restore fails at all dates
Reinstalled drivers
Ran TCP/IP repair, Winsockxpfix.exe
Reloaded network drivers
Reset winsock
Reset tcp/ip
Ping fails

One part I do not understand: I can connect with a proxy generator (JAP), if I return ie8 to proxy settings it goes online and will surf, slow but it goes?

***************************************************
COMMAND PROMPT
Microsoft(R) Windows DOS
(C)Copyright Microsoft Corp 1990-2001.

C:\DOCUME~1\MARK>ipconfig/all
Windows IP Configuration
Host Name . . . . . . . . . . . . : Mark
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : rochester.rr.com

Etherne... Read more

Answer:Connected but unable to surf after malware removal

Also tried LSP-Fix but did not show anything either?? any clues would really help. Still confused as to why it connects over the proxy but not without. Probably a simple answer to that but I don't know it. Tying to find CD to run scannow to see if it will correct something. Any other ideas would help. Thanks
 

2 more replies
Relevance 58.22%

Hi everyone!

My com was very messed up when i detected my com was infected by 2fiji.com virus. Fortunately i managed to remove it (thank you guys oh so much).

Now, i've cleaned up my com but for some unknown reason (unknown to me at least) i am unable to connect to a few sites.

I've run combofix and MGtools and my logs are attached.

Any assistance is gladly and very much appreciated!
 

Answer:Unable to connect to various sites after malware removal!

Let's start with this:

Please use add/remove programs to uninstall:
J2SE Runtime Environment 5.0 Update 6"
ava(TM) 6 Update 11"
Java(TM) 6 Update 7

Now let's use ComboFix to remove a bunch of malware files.

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
o If it is not on your Desktop, the below will not work.
* Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::

Drivers::
cpzsjsz

NetSvc::
cpzsjsz

File::
c:\windows\system32\xzxemnpv.dll
Registry::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cpzsjsz]
"ServiceDll"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1108db1a-bb1f-11dd-86f7-001f3b4d211b}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38f4cbc8-d16f-11dd-8763-001f3b4d211b}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bc8eb94-b0bb-11dd-86af-001f3b4d211b}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffd2421c-d0ab-11dd-875e-001f3b4d211b}]
* Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
* At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
* You should have... Read more

7 more replies
Relevance 58.22%

I've gone through the whole process of removing malware.
I was having particular problem with "Guard Online".
The malware is not appearing as a frequent pop up like it was before -
no sign of it. But now I can't upgrade windows.
 

Answer:Unable to Upgrade Windows after Malware Removal

There are still traces of malware in your logs.





I've gone through the whole process of removing malware.Click to expand...

Please also attach the logs from running MalwareByte's Anti-Malware and SUPERAntiSpyware.
 

11 more replies