Computer Support Forum

Help Pls! Can't update Malware Protect or Visit Any Malware Sites

Question: Help Pls! Can't update Malware Protect or Visit Any Malware Sites

Ok this is weird. I run Ntl netguard, and Spyware Doctor. A few days ago, SpyDoc refused to auto update. Nothing strange thought I, site must be down.

Well its been four days now. Then I noticed I couldn't connect to Microsoft to do updates either. On further investigation, I found I can't connect to ANY legit malware sites. I have run Spybot, Ntl netguard, Malware Byte's anti malware, and Norton AV, none found anything wrong.

However, I tried setting up a proxy within Firefox, and CAN connect to the sites I couldn't otherwise. (albeit incredibly slowly).

As things stand, I can't update any malware software, and assume my poor PC must have caught something new and nasty.

Please help

Hi jack this follows:-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:08, on 19/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\Engine\\ccSvcHst.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Norton AntiVirus\Engine\\ccSvcHst.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ntl\ntl Netguard\RPS.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Andy\Desktop\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) =*
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\ntl\ntl Netguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\ntl\ntl Netguard\FBHR.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ntl Netguard] "C:\Program Files\ntl\ntl Netguard\RPS.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) -
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) -
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) -
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) -
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) -
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
O23 - Service: CacheBoost Performance Optimizer and Tuner Service (CacheBoost Service) - Unknown owner - C:\Program Files\CacheBoost\cbsrv.exe (file missing)
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\\ccSvcHst.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

End of file - 8244 bytes

Relevance 100%
Preferred Solution: Help Pls! Can't update Malware Protect or Visit Any Malware Sites

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Help Pls! Can't update Malware Protect or Visit Any Malware Sites

sorry, bump

2 more replies
Relevance 94.71%

Symentec detected a virus a few days ago on my pc and I thought I was able to delete/quarantine it. However, I've noticed, like many others, that my google search links get hijacked and redirect me to various websites. If I am trying to access a security wesite like eset, mcaffee, norton, my browser won't connect at all. I've browsed through these forums and I've tried running some programs to get started fixing this myself but these programs start but get killed and won't complete.
* 'Hijack this' won't complete.
* Malwarybytes starts and then gets killed. After it gets killed, I can no longer access Malwarebytes. Also, I have changed the name of the .exe file to avoid detection but no luck.
* Rootkit repeal - doesn't ask me for the options to select which sections to scan. I can however scan and I do have a log for what it was able to scan. (I have changed the disk level to high and also renamed to tatortot.scr - with no change in behavior)
* Can't connect to eset online scanner
* Combo fix - when I try to run this I get a message that indicates Combo Fix package might have been compromised and asks that I download a fresh file from your website (which I have done several times). The same messages goes on to say that I may be infected with a 'file patching virus - virut' (I've changed the name to try to avoid detection but that didn't work) then the file is deleted from my desktop.

When I try to get to my... Read more

Answer:Can't run any Anti-Virus/Malware programs or visit Antivirus sites, please help.

Follow Up:

After trying Malwarebytes and having it stop on me, when I try to click on the .exe to run it again, I get:
'windows can not access the specified device, path or file. You may not have the appropriate permissions to access the item.'

I am the admin on the pc.

Thanks again.

7 more replies
Relevance 92.66%

There are 3 files that belong to this thing that I've identified. One of them is an exe with a randomly generated name that was in "%AppData%\Google". I did a scan of it here. This file was making bogus windows security center pop up telling me I have "Spyware.ISpynow", which would take me to a site for some software called "Perfect Defender 2009". There was also a dll in the same directory, and a bogus svchost the drivers directory. I've removed these, but I'm still infected by stuff I can't see. I can't access certain websites, system restore is deactivated, and none my malware scanners find anything in normal mode, and they've all been rendered completely useless in safe mode. I think this might be a rootkit, because when the bogus popup exe was running, it would automatically hide itself when I opened up process explorer (I could see it for a split second before it closed itself), and then it would come back after I closed process explorer. I had to use a command-line process viewer to actually get the name of it. This is like some unstoppable mutant spyware.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:53:17 PM, on 11/26/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:... Read more

Answer:Insidious malware infection. Won't let me visit certain sites (like this one), pops up bogus messages directing me to buy s...

Hello Art Benvenutti, Sorry for the dealy. We have many logs backed up. If yo still need help then d ownload and Run RSIT.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Select Files and Folders created in last 1 monthClick Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).
info.txt can also be found at c:\RSIT\info.txt

2 more replies
Relevance 77.49%

Hello,I have a Windows XP SP3 box that became infected with multiple trojans, bots, and other spyware. I have used various programs (Spybot, Malwarebytes, Superantispyware, etc) to remove them. At this point there are no visible signs of any virus other than the inability to reach windows update. GMER log below. GMER LOG:GMER - http://www.gmer.netRootkit scan 2010-06-07 02:43:46Windows 5.1.2600 Service Pack 3Running: gmer.exe; Driver: C:\DOCUME~1\STEPHA~1\LOCALS~1\Temp\kgldypob.sys---- System - GMER 1.0.15 ----SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwCreateKey [0xBA5F24D0]SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwSetValueKey [0xBA5F2520]SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/ and ZwTerminateProcess [0xB0E67620]---- Kernel code sections - GMER 1.0.15 ----.rsrc C:\WINDOWS\system32\DRIVERS\tcpip.sys entry point in ".rsrc" section [0xB0FBCA94]---- User code sections - GMER 1.0.15 ----.text C:\WINDOWS\Explorer.EXE[576] ntdll.dll!NtProtectVirtualMemory ... Read more

Answer:Unable to reach microsoft update or most malware definition update sites.

Hi stu_miller,Welcome to this forum.Looks the malware is preventing you to post the full DDS log but the logs are enough to see the infection.Please tell me if you still have the issue, if yes perform the following:Please download MBR.EXE by GMER. Save the file in your Windows directory (C:\Windows).Download and save it to your desktop.Double-click to run TDLfix.exe, type the following in the command window and press Enter:mbrA log file opens up. please post the content to your reply.

9 more replies
Relevance 77.49%

I'm running XP SP3 and recently have been unable to update definitions to AVG8 or SuperAntiSpyware. IE has also been hijacked to other sites when trying to visit virus sites.
In, perhaps a related problem, I have seen Recycler on one of my mini drives. I erased it and it has come back. I erased it in Safe Mode and it seems to be staying erased.

I had a lot of trouble logging on or I would have posted this a while ago - kept having to type two fuzzy words and getting them wrong. simply couldn't log on until this evening. Anyway, Here is the DDS log:

DDS (Ver_09-01-07.01) - NTFSx86
Run by Jerry Gripshover at 14:34:10.93 on Sat 02/28/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2536 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\ASUS\Ai Booster\OverClk.exe
C:\WINDOW... Read more

Answer:Can't visit virus update sites

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.


One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

You can read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?


Please note that these fixes are not instantaneous. ... Read more

15 more replies
Relevance 75.44%

My PC at home has suddenly been attacked. I had been using CA Anti-trust successfully for a few years, but it appears it was overpowered. I did some research on a laptop to try to narrow the list of suspects and it looks like Conficker or Downadup are suspects, but using some online removal tools, the scans are showing up negative. I still think I'm on the right track, though. I purchased Panda Internet Security 2009, but couldn't get it to update the definitions via the update wizrd, getting an error message that I needed an open internet connection and that the server was unavailable (error msg 12007). Online Panda support attributes that to Conficker and says to go to Start/Settings/Network Connections/Properties, scroll to TCP/IP and click the "Obtain DNS settings automatically", which I've done without any success. I saw a post on this forum that a virus called DNS_Changer may impact on this. I purchased PCTools Spyware Doctor with virus protection with the intention of getting my Panda purchase refunded due to lousy support. I disable Panda, installed PCTools Spyware Doctor, updated the definitions without a problem and ran the scanner. It picked up 90 infections, mostly cookies, but 10 medium threat trojans, including DNS_Changer. I selected the remove all and re-ran the scanner (I overlooked the re-boot, accidentally) and left for work (where I remain now) and am anxious to see what progress I find on my return home.

Your forum, by far, seems... Read more

Answer:Malware sites redirected, no spyware/malware updates - Recycler

16 more replies
Relevance 75.03%

For past few weeks, I can't access Windows Update, Malicious Software Removal Tool Download or other anti-malware sites. Error message usually says Error Loading Page, or sometimes redirects to another site.

I did some research and found I had a process running called bgr.exe, which after some effort I though I was able to delete. At the same time there was also a service listed called TOY5KNQ8OC. I did a search in the Registry and found the following key: HKEY_CURRENT_USER\Software\TOY5KNQ8OC

My PC now takes forever to start and shut down, with frequent freezes, and I believe the problems are related. Any help would be much appreciated.

Here is the Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:42 AM, on 4/3/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Orb Networks\Orb\bin\Orb.exe
C:\Program Files\Orb Networks\Orb\bin\OrbIR.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\aol\1186541078\ee\aolsoftware.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Norton Utilities 14\RMTray.exe
C:\Pr... Read more

More replies
Relevance 74.21%

It seems I have may caught something. It started with a hidden process running called ezsidmv.dat which I killed with Winpatrol's "delete on reboot".
Now I am unable to update AVG and access I have now uninstalled AVG as combofix cannot run with AVG installed.
My logs are attached below (I am unable to run RootRepeal as I'm running 64bit win7)

Answer:Unable to visit, possible malware

It seems I have may caught something. It started with a hidden process running called ezsidmv.dat which I killed with Winpatrol's "delete on reboot".Click to expand...

Relates to Skype! You should be very careful about deleting files that you know nothing about. Anything else you removed?

You have many remnants of Comodo (it is not actually installed) and avg is not currently even installed either. Correct? If so we can proceed with the fix that I have ready for you. Perhaps it is the comodo remnants, some of which are still running, which is hindering avg.

10 more replies
Relevance 73.8%

Okie dokie, so I've been making a really concerted effort to get the malware off of this computer and I think I'm making headway, but it is not there yet. For a long time, I have been unable to update my Windows XP Media Center. I am not even on Service Pack 2 yet.This has made it difficult to run some new software and malware is now blocking me from even loading the page.Before the malware problem got as bad as it is, I was able to hit, but the system just died every time I attempted to install an update.I have tried downloading the exe file from for "if your update does not work automatically" on another comp and copying it on a card over to the problem one, but this does not work.In addition, I can't install the new IE 8 and I can't entirely remove the old IE 6. I have used the Control Panel uninstall Windows Components, but the files are still on my drive and iexplore.exe is often running in Task Manager, no matter how often I close it from there. I have tried manually deleting the files, yet they reappear. I have tried going through regedit and manually deleting anything which remotely referred to IE, although one key I think reappears when I do this. Regardless, the files reappear and I cannot upgrade to the current version.This week the system installed the AntiVirus 2008 infection when I was not even seated at the computer and, for some time, it has periodically started popping up adverts. It also did t... Read more

Answer:Slow Comp, Malware Blocking Sites, Ie Won't Uninstall, Microsoft Can't Update

Hello, affkatt. to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.If you would still like help, please post a new HiJack This log below, as things may have changed on your system.If you do not still need help, please let me know, so that I can move on to other users who still need help.Please take note of the following:While a HJT Team member is working with you, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Please reply using the button in the lower left hand corner of your screen.Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount o... Read more

7 more replies
Relevance 73.39%

Does anyone know how to remove a malware virus if I can not open and tools to repair online.

Answer:A malware virus close ALL sites with the name Malware

Welcome to Major Geeks!

Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work.... Read more

1 more replies
Relevance 72.57%

I started this topic earlier today and have spent some time in the virus forum trying to get it fixed.,77847.0.htmlThe problem as described in the thread is that after I click any of the user account icons to login, it goes through the welcome thingy and then seems to go to the desktop, but nothing can be menubar, tray or anything.When I do CTL,ALT DEL, task manager wont open due to an application failed error (0xc0000022)I have just run "sfc/scannow" and it is reporting corrupt files. Can anyone help me out?

Answer:Back after a visit to the virus/malware forum

Have you tried a repair installation of Vista:

5 more replies
Relevance 71.75%

My fiancee was trying to visit our wedding florist's website, when the following warning was displayed instead of the site:

I have to admit I don't know much about this sort of thing, but does anyone know how accurate these tests are? It seems odd to me that anyone would try to infect a florist's website, but I suppose anything is possible.

Visting the link to the diagnostic page shows 19 trojans and 7 exploits! If this is all accurate, "they" really hit that website hard. For now, I've told her not to visit the site until the warning goes away.

Any other suggestions?


Answer:Google malware warning when trying to visit wedding florist

Some people make it their business to infect whatever they can just because, no rhyme or reason. Since this is a business you have had contact with do them a favor and call them or send them a email explaining what message you are getting maybe their IT person can get their site back up and running virus free. they may not be aware of the problem.

2 more replies
Relevance 70.93%

I notice that Avast is notifying me of a problem everytime I visit ebay webpages.
I have also noticed this with other webpages I visit. What should I do to ensure
that my computer is seure.
See attachment to see notification.
Thank you,

More replies
Relevance 68.47%

Hi all,My dad has asked me to take a look at his computer after it's been acting odd, and it looks like he's got a doozy of something running on the system. He's been getting some pop ups advertising various programs, the desktop is changed to text reading "Your system is infected! System has been stopped due to a serious malfunction. Spyware activity has been detected" (which is not something any program that should be running would display", Task Manager is blocked from opening and a fake piece of anti-spyware has taken up residence (don't have the name off hand).Looking at the log, I found a couple of things that I'm not a fan of - batmeter16.dll, for starters. There's a couple others I don't recognize, but I am not sure if they are bad or not.Unfortunately, my attempts to fix it have been thwarted - an AVG scan said it cleared it up, but more pop ups came. I tried to run Malware Bytes, but when I download the latest update through the program, I get a nice warning message saying "The database you are using is not supported by this version of Malwarebytes' Anti-Malware. Download the latest version of the program."Additionally, this came about because I tried to start into Safe Mode to get this cleaned up. I couldn't get my keyboard to register keystrokes before Windows started, which kept me from accessing the dialogue allowing Safe Mode to be entered, so I modified boot.ini to force a safe mode boot. Unfortunately, this brought about a blue sc... Read more

Answer:Malware blocking MalwareBytes (post-update), fake anti-malware program

Hello, my name is fenzodahl512 and welcome to the forum.. Please do the following....Please download The Comedian.exe by Rorschach112 to your desktopPlease disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..Double click the program to run it. It will only take around several minutes to run.It will do a series of tasks and tell you when each one is finished.You will be prompted to press any key after each stepWhen it is done it will close and exit itself automatically.You can delete The_Comedian.exe once it is finishedSTOP! if you can't complete this step.. Tell me more about it..NEXTPlease download OTL by OldTimer and save it to your desktop.Under the Custom Scans/Fixes box paste this innetsvcs
%systemroot%\*. /mp /s
CREATERESTOREPOINTDon't change any setting... Just click on the Run Scan button.. Let it scan till finish..Then a log will pop-up at your Desktop. Post the content of the log hereNEXTWe need to scan for Rootkits with GMERPlease download GMER from one of the following locations, and save it to your desktop:Main Mirror
This version will download a randomly named file (Recomm... Read more

3 more replies
Relevance 68.47%

This thanksgiving i was download a few files from the internet.. and wha thappened next is that .. whenever i search for something on google, it redirects to a new site that are allll maliciious sites/porn sites !! I am scared to death as this is my office laptop and i am not the kind to browse for this sort of stuff, especially on my office laptop ! I am sure there is a lot of viruses/malwares infecting my laptop . I tried running sophos antivirus , avast antivirus (which did remove a few viruses)) , followed by malware-byte antimalware and spyware doctor. The problem still remains !! I have tried this on IE , Firefox and Chrome. Problem persists on ALL of them !!
Please help me ... here is the contents of the dds.txt pasted below , and the attach.txt and ark.txt are attached. Thanks !!!!

DDS.txt ---
DDS (Ver_09-11-29.01) - NTFSx86
Run by 203017980 at 12:18:36.74 on Mon 11/30/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1152 [GMT -6:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Sophos Anti-Virus *On-access scanning enabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Sophos Client Firewall *enabled* {0786E95E-326A-4524-969... Read more

Answer:Malware infected. Redirects google searches to mal-sites and porn-sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 68.06%

I have a Windows XP SP3 PC from a user who was infected with malware, I used Malware Bytes to remove the offending software, and now I am unable to open the Windows Update page. I can browse to other pages but after a few minutes, I get redirected to another random page. I also keep seeing the Just In Time debugger. Tried a Registry edit I found recommended elsewhere, to fix that issue, but that didn't last. At this point, neither SAS nor MBAM see any malware present, but I am stuck with my problem. Existing antimalware package is MS Forefront. All utilities I have used have been updated to the most recent definitions.

Answer:Malware Bytes cleaned malware, now Windows Update doesn't work, webpages randomly redirected

Hello,Please follow the instructions in ==>This Guide<== starting at Step 6.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to try to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

1 more replies
Relevance 68.06%

Hi, A suspicious SVCHOST.exe just popped into my startup list. I bet it's not the only one causing my sudden computer slowdwon. I attached my HijackThis log and I hope someone gets to help me. Thanks!

Answer:Malware. Unable to Update any Anti Virus/Malware Program

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a

Having problems with spyware and pop-ups? First Steps

link at the top of each page.

Please follow our pre-posting process outlined here:

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 68.06%

Today i updated my malware bytes anti malware database and i got this weird update version!!!:-D
Has anyone here ever had that happen??

Answer:weird malware bytes anti malware database update

Hey! I'm getting ripped off, mine is only 9111221001. See Malware Bytes thread:

2 more replies
Relevance 67.24%

How would you protect yourself from a fud?

Answer:How to protect yourself from a FUD malware?

LukeNukesEm said:

How would you protect yourself from a fud?Click to expand...

Supplement your security with something besides signatures.

34 more replies
Relevance 67.24%

i Just bought a new PC. i have a couple questions from the 'How to protect yourself from malware' thread.

My Pc is running windows 7.

In the Firewall section it doesnt say if the windows 7 firewall is sufficent? If it isnt i will download and outpost firewall and disable the windows one.

In the Antispware tools i downloaded Micrsoft security essentials for Winbdows 7. Since i also downloaded Avast as my anti Virus is it ok to run both these?

In the disable the autoruns feature there is no update for windows 7?

Answer:How to protect yourself from Malware

avilo4u said:

In the Firewall section it doesnt say if the windows 7 firewall is sufficent? If it isnt i will download and outpost firewall and disable the windows one.Click to expand...

While the Windows 7 firewall is better than what was in previous versions of Windows, it is still very inadequate.

avilo4u said:

In the Antispware tools i downloaded Micrsoft security essentials for Winbdows 7. Since i also downloaded Avast as my anti Virus is it ok to run both these?Click to expand...

No! MSE is and antivirus and antispyware. So is Avast. You can only have one of them installed.

avilo4u said:

In the disable the autoruns feature there is no update for windows 7?Click to expand...

Microsoft has never updated their info ( from here ) for Windows 7 so I'm not sure if everything that is used for Vista would apply.

You can just run this >> Autorun Eater

6 more replies
Relevance 67.24%

Make sure you get your system protected from ocurrences of malware problems. Below are some simple steps you can take to reduce the chance of infection in the future. I strongly encourage you to do them all. There is no perfect solution for totally preventing malware from getting on your PC, however, these steps will help.

Please do not make the false assumption that this thread is old or out of date based on the date the thread was started ( 10-10-04 21:52 ). Look at the Last Edited date at the bottom of this message as this procedures does evolve with time.

IMPORTANT NOTE: It is getting more and more difficult to find real true freeware these days that does not include bundleware, toolbars...etc and junk you just don't want. Make sure you pay attention during installation of anything you download and read license agreements. Be sure to uncheck check boxes for the bundleware and toolbars where you can so that you opt out because the defaults are always to opt in.

1. Visit Windows Update: Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS. For anyone who is not yet running at least Windows 7 (which you really should be running at a minimum if your PC supports it) see the below link before updating. Note: Windows XP is not longer supported by Microsoft and is hence a security risk.

Windows 7 Upgrade Advisor
You should check for Windows Updates at least once a ... Read more

More replies
Relevance 67.24%

Something (Malware ? ?) locked up my PC (Windows XP). I got a pop up message that my PC was infected and click "yes" to buy an AV program. I did not click "Yes", but every program I tried to run came up with the same message. I took it where I bought it and they fixed it by cleaning my hard drive and re-loading my OS. Fortunately, I had BU'd my personal files. They called the problem an "intercept". Norton AV did not catch it. They also loaded "Malwarebytes" for me.

What is the best way to protect for this kind of problem ?

Answer:How to protect against Malware ?

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide

and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using... Read more

1 more replies
Relevance 67.24%

Well, I have an extra PC which I would like to fix so I can make use of it.
Well, it happened when out of no where, I received those weird progams on my PC which are those fake Virus scanners and such. i then deleted it from the source, and ran my Nortan scan and my spysweeper, and they found nothing wrong with my pc.
Now, the PC will NOT let me go to "important" sites. For example, Bank of America, Paypal, anti-virus sites, Ebay, etc. But will let me go to sites like Myspace or forums. I had my favs on my toolbar as tiles so its easier to access them, i had about 10 of them, and now only 5 remain after the whole thing happened, and the 5 that were removed were "important" sites. Almost every thing on my tool bar was removed, including File, Edit, View, Tools, and such. My search engine is still displayed though.
Also, when I go on my search engine, each link leads to a ad site. What happened to my pc?
What can I do to get it up and running like before?

Answer:My PC won't let me go to certain sites like paypal or anti-virus sites, Malware?

It sounds like something "nasty" has infected your computer. I wouldn't advise accessing bank sites and other confidential sites right now.

Go here and click the green icon to download Malwarebytes Anti-Malware 1.39. After it's installed, run its update function to insure that the latest definition files are installed. Run a "quick scan" with it. When it's finished, select and allow it to fix everything it found. Restart your computer if prompted to. Return here to your thread, then copy-and-paste the scan log here.


3 more replies
Relevance 66.42%


Is there any thread for "How to protect yourself from malware (for vista)" as the one written by chaslang for windows xp.

Another question plz. Is there any site to give ranking for antivirus softwares like matousec for pro-active internet security softwares.

Also kindly tell me plz that avast antivirus is better or comodo internet security with antivirus is better.


Answer:How to protect yourself from malware (for Vista)

ablaze said:

Is there any thread for "How to protect yourself from malware (for vista)" as the one written by chaslang for windows xp.Click to expand...

It was not written for Win XP. It is for all versions of Windows althoough obviously there is more in there that relates to WinXP and older since they have been around longer.

ablaze said:

Another question plz. Is there any site to give ranking for antivirus softwares like matousec for pro-active internet security softwares.Click to expand...

You should ask in the Software Forum. But reviews of AVs are typically out of date by the time they are published. This happens because many programs update 3 to 5 times per day and even just one update can drastically improve or reduce an AVs test score.

ablaze said:

Also kindly tell me plz that avast antivirus is better or comodo internet security with antivirus is better.Click to expand...

You are not comparing apples to apples. Avast is just an antivirus. Comodo Internet Security includes all of the below:

Host Intrusion Protection System (HIPS)
BOClean Anti-Malware is not being included in CIS


3 more replies
Relevance 66.42%

I continue to get the "SysProtect" download window on both I.E. and Mozilla. Followed your steps listed to clean my system, but same "Virtumonde" files appear each time I run Ad-Aware. Here is the Hi-Jack this log (after running Ad-Aware, see end of log for HijackThis log generated after restarting computer w/o running Ad-Aware):Logfile of HijackThis v1.99.1Scan saved at 9:48:28 PM, on 5/18/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\System3... Read more

Answer:Malware - Virtumonde & Sys Protect?

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.Step #1Scan again with HijackThis and check the following items:R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\system32\jkhhe.dllO20 - Winlogon Notify: jkhhe - C:\WINDOWS\system32\jkhhe.dllAfter checking these items, close all browser windows except HijackThis and click "Fix checked".Step #2Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Put a check next to Run VundoFix as a task.You will receive a message saying vundofix will close and re-open in a minute or less. Click OKWhen VundoFix re-opens, click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will shutdown your computer, click OK.Turn your computer back on.Please go HERE to run Panda's ActiveScanOnce you are on the Panda site click the ... Read more

7 more replies
Relevance 66.42%

We maintain several PCs from a library, a research lab for students in a university. Just recently bunch of malwares swarm inside the lab and nearly affected all the machines. Most of these malwares are being imported from student's flash drives in which they're freely allowed to plug on the PC's. So cleaning the infections was really tedious. We cloned the drives and some were fixed using anti-malware softwares. 
Each computer is running a Microsoft Security Essentials for virus protection, and that's it.

Our main problem is, how should we setup each PCs so that we can prevent those viruses from porting inside the system? Is there any particular software or windows configurations that can offer such functionality? MSE merely detects all these viruses and most of it already infiltrated the system and removing each as I said is very tedious and time consuming.
Maybe you guys got some efficient workarounds with this type of predicament.NOTE:
All PCs have the same hardware and uses Windows 7 32bit.

Answer:How to protect PCs from USB-malware carriers?

Simple, look at:
Have a great day!


11 more replies
Relevance 66.42%

Hello - First, let me say thank you for helping me rectify a really poor choicesof opening software I wasn't 100% certain was verifiable. As a result I have the Virust Protect Pro problem (at a miniumum) which seems to tie up my machine a lot and causes problems with my wireless network adapter. I have used Spybot and Adware to no avail. I've copied and pasted the Hijack This log below and won't make any changes until I hear from you.
With great thanks for your help!

Logfile of HijackThis v1.99.1
Scan saved at 3:52:29 PM, on 8/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program F... Read more

More replies
Relevance 66.42%

I have read this thread and i am paying particular attention to #5 AntiSpyWare Tools, and it states ONLY USE 1 REALTIME BLOCKER So my question is, i use ESET'S nod32 Antivirus to protect my machine, but it has antispyware protection included. I also have Malwarebytes Pro providing real time blocking, so am i in effect useing more then 1 realtime blocker? If so what do i do about that? I paid for Malwarebytes Pro, not using it will defeat it's purpose and be considered a waste of money!

Answer:How to Protect yourself from malware Thread

You;re fine. One AV only, but you can have more than one AS (Anti-spyware ).

3 more replies
Relevance 66.42%

Hi. I am rather a person with basic knowledge about computers so don?t be surprised if my question will sound stupid to you.
I have a Windows PC and I often use my thumb drive to print some documents in my university. I?m afraid that it will become infected someday so I thought it would be a good idea to use it only with Puppy Linux when I'm at home. This is why I made my thumb drive a bootable one with Puppy on board. What I want to do is to boot to Puppy, copy the files I need to print or use at the university to the USB drive, then close the system and disconnect the USB drive. To be clear, only one USB stick is involved in this process (Puppy and data are on the same USB stick). Would that prevent infecting my Windows PC? If not then how can I avoid viruses spreading through USB? Can malware do any harm to Windows OS when Puppy is booting?

Answer:Can puppy protect me from malware?

Good idea if I understood correctly

7 more replies
Relevance 66.42%

Hello from Overman
Running Windows XP w/ SP2... Inspiron 2200 laptop from Dell

I've got something (virus/trojan/malware I don't know) that's been messing around with me

I can't defrag, do system restore, run chkdsk, run disk cleanup, or any of that. It's blocking all my malware software from updating, so perhaps that's why nothing's finding it (see below). Also when I click on a search result, I get taken to a completely random page. I found out that my tcp/ip nameservers have been changed to and whenever I change it to "Obtain DNS server address automatically" it gets changed back!! I mean, WHAT??!

I've done EVERYTHING. I've ran every program I could find - malware scanners, registry cleaners, anti-virus, and more. Some of it found trojans and got rid of em, but nothing's helping the actual situation. I've looked through all my processes and tried disabling each one and either I'm completely stupid or this thing was programmed by some kind of destructive evil genius For pete's sake, my friend was in safe mode for three hours and couldn't fix the darn thing.

Any help? Yes I am crying. Oh and if it helps, I disabled windows update a long time ago because I don't trust it

Answer:[malware] Can't defrag or update malware software

welcom to avoid duplication fo scanning tools can you tell us EXACTLY which scanners you have run?Hopefully comboFix is not among them so can you let us see any reports from those scans so someone can check them for you?I disabled windows update a long time ago because I don't trust itYou have XP SP2 installed (?) but at this point in time when DID you last go TO the Microsoft windows update site FOR updates ?Your ONE installed antivirus program is ?what?

9 more replies
Relevance 66.01%

I am a web designer and I just got permission to work from home for the next week. I am allowed to take my work laptop home for it. I would like some advice regarding the security concerns before I start the work.
I have heard about spyware and malware attacks that can cause severe loss of data. I don't want such things happening to me in my work system. As of now it's clean and no malicious files are present in the system. It's installed with Kaspersky Internet Security and ExpressVPN when connecting to the Internet. Will it help in protection from spyware and malware? I have seen articles mentioning not clicking on emails and installing antivirus softwares will help, but still I have heard a lot about such attacks. What else can I do to ensure nothing harmful will happen?

Answer:Will Kaspersky and VPN protect from malware attacks?

It being a work laptop, you shouldn't replace any of the pre-installed software, correct?

3 more replies
Relevance 66.01%

Will Ad-Aware only detect the malware in its definitions during a scan, or does it also prevent it from being installed on your computer in the first place? What about A2? Many thanks. - Tye

Answer:Does Ad-Aware protect your computer from malware?

No on both counts. Try Spywareblaster click here

3 more replies
Relevance 66.01%

I am getting three screens that come up when ever I try to do work on any program. (1) Windows Security alert (2) Spyware Protect 2009 alert (3) Spyware Alert

DDS (Ver_09-02-01.01) - NTFSx86
Run by Kim at 10:54:20.07 on Thu 02/19/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2430.1853 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)

============== Running Processes ===============

J:\WINDOWS\system32\svchost -k DcomLaunch
J:\WINDOWS\System32\svchost.exe -k netsvcs
J:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
J:\Program Files\\Agent\mcagent.exe
J:\Program Files\AIM6\aim6.exe
J:\Program Files\Windows Live\Messenger\msnmsgr.exe
J:\Program Files\Messenger\msmsgs.exe
J:\Program Files\AIM6\aolsoftware.exe
J:\Program Files&... Read more

Answer:Spyware Protect 2009 malware


Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

2 more replies
Relevance 66.01%

Hello,I recently managed to aquire a virus that seems to have taken over my computer. There's a bar that appears right below the address bar for internet explorer telling me to download the latest antispyware to protect my computer. I cannot pull up my Task Manager, my computer prompts me that it has been disabled by my administrator. My desktop background has been changed to a message stating the computer has several fatal errors. and occasionally music will play at random that i've never heard is my log:Deckard's System Scanner v20071014.68Run by Josh UWL on 2008-04-09 16:35:51Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --49: 2008-04-09 21:36:32 UTC - RP521 - Deckard's System Scanner Restore Point48: 2008-04-08 16:12:26 UTC - RP520 - Restore Operation47: 2008-04-08 16:08:59 UTC - RP519 - Last known good configuration46: 2008-04-08 16:08:42 UTC - RP518 - Restore Operation45: 2008-04-08 16:08:41 UTC - RP517 - Last known good configuration-- First Restore Point -- 1: 2008-04-08 16:08:11 UTC - RP473 - System CheckpointBacked up registry hives.Performed disk cleanup.Percentage of Memory in Use: 85% (more than 75%).Total Physical Memory: 447 MiB (512 MiB recommended).-- HijackThis Clone --------------------------------------------------... Read more

Answer:Protect.antivirus Malware Infection

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

10 more replies
Relevance 66.01%

If I visit a malware site with latest version of Firefox with the NoScript extension without allowing any scripts, whats the chance of me getting infected if I don't download anything?
Also, I hope this is the right place to post this.

Answer:Will using NoScript protect you from a malware site if..?

The NoScript Firefox extension provides extra protection for Firefox, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank).
NoScript also provides the most powerful anti-XSS and anti-Clickjacking protection ever available in a browser.
NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not known yet!) with no loss of functionality...
You can enable JavaScript, Java and plugin execution for sites you trust with a simple left-click on the NoScript status bar icon (look at the picture), or using the contextual menu, for easier operation in popup statusbar-less windows.Watch the "Block scripts in Firefox" video by cnet.
If I were using Windows and could only have one security program/ would be NoScript. I use it in Ubuntu, too.
There is a learning curve. It is not just install and forget. Install it and go to a popular site and then view all the scripts you never knew
were active on that site and are now blocked from running. You can click to allow just the site's scripting and still block all the others.
The ones that you want to play videos on will be one that you will spend the most time learning which script to allow only the videos to play.

11 more replies
Relevance 66.01%

I have somehow acquired some malware titled system tool protect your pc. It comes up randomly, asks if I want to scan, says I have over 800 Infections, and constantly prompts me to sign up for it to erase my viruses. I know this is malware, and I aquired it after my Norton expired. How can I remove it? Thank you!

I am using a Hp Pavilion Vista.

Answer:System Tool Protect your pc (malware)

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide

and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using... Read more

1 more replies
Relevance 66.01%

If you know about security in website and computer then tell me how to secure Website from Malware Attack. And what is the role of Google Webmaster in security purpose?

More replies
Relevance 66.01%

Microsoft said:

A view of the current landscape
Criminal attacks continue to evolve and malware has become their standard weapon against anyone who uses the Internet?on traditional form-factor devices, as well as on mobile devices like tablets and phones. Malware targets all operating systems and browsers, and in recent years, criminal attacks against applications have increased substantially.

Criminals also use social engineering to trick you into performing actions that put you at risk. An increasingly common social engineering strategy uses online advertising campaigns to lure you to a site that installs malware on your computer.

An economy has developed around building reliable vulnerability exploits, which criminals buy to help distribute their malware. Criminals make money from their malware, so they invest in ways to keep it alive such as producing a higher quantity of malware, updating it more frequently?e.g. multiples times each day?and increasing its size and complexity. Some malware is as complex as commercial applications.

Secure by design
We use the Security Development Lifecycle (SDL) to build Windows with the best security design, development and testing practices available. Some highlights include:
Threat modeling and security design reviews. During the design process we consider how criminals might seek to attack features and scenarios, and incorporate this analysis into our designs.
Writing secure code. Training and code quality tools help to pre... Read more

Answer:Windows 8 will better protect users from malware

Well its like malware writers would take time to discuss how they will bypass those features. Its like Windows 8 were built in security and could led to few vulnerability probably.

6 more replies
Relevance 66.01%

My son went to an untrusted site and the computer was infected with the conduit searchprotect.  I tried removing it with Eset Home Security.
However, my PC is still acting strange. I think the internet is a bit slower. As well, when I try to run some .exe files, such as Eset's ERARemover tool, windows gives me an error "this app can't run on your PC".  I have windows 8.1 64-bit and have tried both 32bit and 64bit programs.
I can't attach a DDS log because it's now win8.1 compatible.

Answer:Conduit Search Protect and other malware?

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===These tools are compatible with your operating system.Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by click... Read more

8 more replies
Relevance 66.01%

Topic title pretty much says it all. How can i prevent hijacking of my browser or even worse my entire computer? Last night i made a stupid move and attempted to download something off Pirate Bay, i read the comments and it looked legit. Since i didn't have a software that downloads the torrent i clicked on whichever one Pirate Bay offered me. The software was successfully installed and was downloading the program but it froze the halfway and my google chrome completely stopped working, Later on i found out that Conduit is a malware that sometimes installs itself without the user's permission and takes over the browser. Now i'm paranoid about downloading anything. By the way i have a supposedly good anti-virus : Bitdefender for which i paid good money! Very disappointed that it pretty much welcomed the bad malware with open hands and allowed it install itself. 

Answer:How to protect your computer from malware like CONDUIT??

attempted to download something off Pirate Bay : < Anything off these Torrents sites is 50 to 90% infected and not usually legalWinPatrol Free is one of the better programs to warn you if there is going to be an attempt to change your Home Page. This may help after you do a full scan with your Antivirus -Please download AdwCleaner by Xplode onto your desktop.*Close all open programs and internet browsers.*Double click on adwcleaner.exe to run the tool.*Click on Delete.*Confirm each time with Ok.*Your computer will be rebooted automatically. A text file will open after the restart.*Please post the contents of that logfile with your next reply.*You can find the logfile at C:\AdwCleaner[S1].txt as well.  Thank You -  

1 more replies
Relevance 66.01%

hello friends-i hope my title makes some sense. i wanted it to convey what i was asking about so people browsing could tell. cuz i couldn't find a question like mine.

i have a new hd completely installed and setup. my old hard drive is now the secondary master and although i still have the OS and programs installed, i never use it. lately i have been actively file-sharing via lime wire. i am behind a zone alarm firewall and running spyware blaster and AVG free. i also regularly scan with spybot S&D. i also scan each file with AVG b4 opening (thanks to majorgeeks for advising me on security)
however, i've been warned the limewire is notoriously risky as far as spyware etc. so my question is:

If i choose to open my secondary OS at start up, and browse and download these risky files to my secondary HD. will that protect my primary HD from infection?

if not, any other advice u have regarding the risks of file sharing are appreciated.

one thing i look out for is files that are too small to contain what they say they do. for example 100kb song files. i just dont download these.

Answer:2nd HD for dwnlds/protect primary from malware?

IMHO, I keep an operating system and a backup drive, without an operating system. Just put it on the same cable as primary slave. Frankly, if you are not dual booting 2 operating systems, theres no need to keep them both installed. That said, no any files on a second drive can, and probably will, affect the main drive, in your case, probably infect both drives. A drive formatted without an operating system for backup should be safe from virus and spyware infections, but can affect the other drive, in other words. Having that second drive is great for backups of important data in case of a need to format. I love having my spare drive. Your also correct about Limewire, but it is not specific to Limewire. Any file sharing application is a risk.

Did I answer what you needed?

2 more replies
Relevance 66.01%

Malware Protection is a rogue anti-virus application that runs a fake system scan and then concludes that your computer has a malware infection or serious security/privacy issues. To fix the malware infection you must pay a fee, about $50. The rogue program copies user interface elements from real programs and it looks like a legitimate application. Plenty of people shell out $50 to register this fraud and that's a big problem because if you're transacting with these guys online you're offering them your credit card details. Cyber criminals can later user that information to their benefit. You should protect yourself with common sense and legitimate anti-virus software because such fake anti-virus applications as Malware Protection now represent about 20% of all malware in circulation. If you made a mistake and purchased it, please contact your credit card company and dispute the charges. And if you still have this fake AV on your computer, please follow the removal instructions below to remove Malware Protection and related malware for free.

Manual Malware Protection removal instructions:

1. Right click on the "Malware Protection" icon, click Properties in the drop-down menu, then click the Shortcut tab.

The location of the malware is in the Target box.

NOTE: by default, Application Data folder is hidden. Malware files are hidden as well. To see hidden files and folders, please read Show Hidden Files and Folders in Windows.

Under the Hidden f... Read more

Answer:How to protect and clean your computer from malware

Is this a removal guide for this rogue or ?


1 more replies
Relevance 66.01%

QUESTION _Sticky:" How to Protect yourself from malware! "

In the below instructions, Is it necessary if I *NEVER* use IE, only Firefox?


"6) Adjust Active X security settings

* In Internet Explorer, click Tools, Internet Options, Security. Click on the Internet globe. Then select Default Level, then click OK. Now select Custom Level and scroll down to the ActiveX controls and plug-ins section (some may already be set correctly):
o Set Download signed Active X controls to Prompt
o Set Download unsigned Active X controls to Disable
o Set Initialize and Script ActiveX controls not marked as safe to Disable
o Set Installation of desktop items to Prompt
o Set Launching programs and files in an IFRAME to Prompt
o Set Navigate sub-frames across different domains to Prompt
o Set Allow paste operations via script to Disable (see: )
o Click OK and OK again. "

Answer:QUESTION _Sticky: How to Protect yourself from malware!

Re: QUESTION _Sticky:" How to Protect yourself from malware! "

jilter said:

In the below instructions, Is it necessary if I *NEVER* use IE, only Firefox?Click to expand...

Yes! Some applications will automatically launch IE sessions since that may be all the can use. Also you need to use IE to be able to get all of your Windows Updates. And some websites (just like some applications) do require IE.

1 more replies
Relevance 66.01%

I just got my degree and have not been able to find work so I can only thank all the people at MajorGeeks.
I am 'Gunk Free' but was reading the chaslang's post "dated 10-10-04, 21:52, How to Protect yourself from malware! - MajorGeeks Support Forums"; and under the firewalls to use "Outpost Firewall Free" is listed when I went to download it, it is Dated: 2009-05-08 is it still a good firewall to use?
Thank you in advance for your help.

At a point in time I was 01 of them that understood some binary.

Answer:How to Protect yourself from malware! post question

Yes, it is still a good firewall. Just make sure you keep it updated as you would with all other protection software.

1 more replies
Relevance 65.19%

I finally found a fix to the malware the the Virus Protect Pro created and it cleaned out everything. The free software (to use and clean) is called Super AntiSpyware (that's quite some name) and you can download the free home version at
I'm going over there now to donate some money as it was my stupidity that had me lose about 6 hours trying to fix what I did. It's always nice to find a hero.

With blessings for a great day.

More replies
Relevance 65.19%

Hello. My kid's PC -- an HP (Model M7567C, with 2, 260 GB hard disks and 2 GB RAM) is infected by "Spyware Protect 2009" malware. The malware repeatedly displays at least 3 different pop-ups saying there's a spyware infection and offers to sell a fix; the program also prevents Explorer from working properly. There are no obvious programs/processes to shut down from the control panel. The machine has Zone Alarm Security Suite installed - I'm not sure if my kids ignored a warning or if the software mistakenly let something in. Zone Alarm technical support said to try running Malwarebytes' Anti-Malware automated removal tool, but the program doesn't seem to run (nothing happens after the program is downloaded and launched). I tried running Zone Alarm virus and spyware scans, but the program runs slowly and eventually hangs (I think I ran the Zone Alarm scan in the Windows Safe mode). I can boot the PC in Windows Safe mode, but unfortunately there is no useful restore point. I can boot the PC in the normal Windows mode but it takes 2 or 3 cold starts. I can use Microsoft Explorer (through a wireless LAN connection), but in the normal Windows mode Spyware keeps hi-jacking Explorer and displaying its rouge messages.

Before I give up and reformat the hard disk and re-imaging the disk from the backup system disks, I would like to try a less time consuming solution. Any suggestions are welcome! Thanks!

I ran the DSS scan as instructed. Here are the res... Read more

Answer:"Spyware Protect 2009" malware problem

I wanted to add some new information to my original posting that seems to be related to my problem.

When my spyware infected PC boots, I get the following messages:

"The application or DLL c:\windows\system32\digeste.dll is not a valid windows image."

"View Manager has encountered a problem and needs to close."

"Error loading c:\windows\griwapaxim.dll. The specified module could not be found."

I noticed that there was a Windows update available today (the February update of Microsoft's anti-spyware program). I installed this application; after this, Zone Alarm Suite was then able to run (up to now, it just hung up), and 2 items were quarintined: WIN32.SYSGUARD adn WIN32.TROJAN.FAKEALERT.IEH

However, there are still problems with my PC. I still can't get Malwarebytes' program to run, even when I rename the *.exe file to *.bat. It seems like whatever is still injecting my PC interferes with any anti-spyware/malware program from running properly and interferes with the operation of Explorer.


4 more replies
Relevance 65.19%

> I am using sify ISP with limited data tarnsfer package.
>My ISP is showing that i have downloaded 1200 MB which is not true.
>I did'nt turned on the PC on the date prescribed by ISP but it showing i have downloaded 1200 MB and has cut down 20 valid days
>I think some one has hacked my system.
So i am requesting you to tell the best way to protect my system from malware and internet
Thanks in advace.

Answer:Best way and best software to protect my system from malware and Internet?

Security is a wide topic. If you browse aound on this forum, you will find recomendations on Anti Virus and Anti Spyware and Firewalls.
If you have Windows XP Professional, MS published an XP Security Guide v2 and tells you how to harden XP Pro. It is available here:

If you have Vista, there is a Vista version of the Security Guide:

Hardening an OS gives the attacker a smaller attack surface by disabling unnecessary features. XP after a fresh install is quite bloated and has a lot of places for an attacker to poke at.

Also you should consider running it daily using a limited user account, as that prevents some malware from working and prevents malware from making system wide changes. In the Unix world, nobody runs a machine daily using the admin account. MS acknowledges that and has made UAC for Vista to achieve the same end.

Here's more details about that:

Also along the lines of protection and prevention, use Mcafee's Site Advisor, available here:

It places a site rating besides every google result and tells you about malware infested sites before you go clicking on them and instantly infecting your machine.

3 more replies
Relevance 65.19%

How does comodo firewall protects against signed malware at cruelsister's settings? Also i can disable its processes via task manager. How its self protection?
I am going to use it on my system with cruelsister's settings but these issues are my main concern which do not let me believe in comodo's power.
So,help me out and give the required info.

More replies
Relevance 65.19%

I would really appreciate some assistance with "Internet secruity designed to portect" malware and/or virus.  I have attempted to remove this with no luck.  I did install and run Malware Bytes.  Initially it listed several virus which I removed.  However, I still have a problem.  Anytime I try to run/download anything it is blocked by this annoying virus.  What can I do? Any and all help would be greatly appreciated.

Answer:Internet Secruity Designed to Protect Malware Help Please

Hello, I moved you from WIN7 to the Am I Infected forum for now.
Please try following this GUIDE.

1 more replies
Relevance 65.19%

To start let me thank you for putting all these great programs in one easy to download area! Just following this guide has cleaned out several items from my supposedly secure system.

I did find one broken link however and got lost going through the giant comodo forum trying to find another thread with a similar ease of use allure.

This one: Configuring CIS for Maximum Security with ZERO Alerts for Novices

If you could give me an updated link it would be much appreciated.

Answer:Broken link in: Sticky How to Protect yourself from malware!

Thank you for bringing it to our attention. We will see what can be done to fix that issue.

2 more replies
Relevance 65.19%

> I am  using sify ISP with limited data tarnsfer package.>My ISP is showing that i have downloaded 1200 MB which is not true.>I did'nt turned  on the PC on the date prescribed by ISP but it showing i have downloaded 1200 MB and has cut down 20 valid days>I think some one has hacked my system.So i am requesting you to tell the best way to protect my system from malware and internetThanks in advace.

Answer:Best way and best software to protect my system from malware and Internet?

Before anyone tells you that,   it may be that someone connected to your internet connection, via wireless?How are you connected to the internet?Because if your computer was off on those dates, even if a hacker got into the system the computer needs a physical connection to the internet, while the computer is off, there is no way of obtaining an internet connection.

3 more replies
Relevance 65.19%

Hi everyone,
I want to tell my story about protection of ESS on my computer. Today, when my friend plug in his USB into my computer, I noticed that his USB shows only 1 USB shorcut in explorer. Before, my previous machine is infected by this malware type (malware creates USB shorcut) so I have experience with it. And when he plug his USB in, I run ESS Smart Scan but it found nothing. This afternoon, when I plug my USB in my machine, I saw that all things in my USB turn into 1 USB shorcut, I run Smart Scan again with my USB and found nothing, too (I also run a scan by Zemana AntiMalware, and it found nothing, too). After that, I installed MCShield AntiMalware Tool, and scan my USB with it. Magically, It found .ink malware in my USB and cleaned it sucessfully! This is screenshot about log of MCShield:

And now, I'm very disapointed with my ESET . It makes me got infected easily! . How do you think about my problem, please share with me.

Answer:ESET Smart Security can't protect me from .lnk malware

ESET protects against malware coming from USB devices.
Probably did not recognize the malware that caused the problem.
You have done well to use McShield.

71 more replies
Relevance 65.19%

My computer is infected with a malware program called "Spyware Protect 2009" how do I get rid of it? I followed instructions and have copied DDS and Attach files below. popup windows keep appearing saying my computer is infected with a virus and I need to install their software.
DDS (Ver_09-03-16.01) - NTFSx86
Run by John Schlatterer at 2:44:20.15 on Mon 03/16/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.96 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files&... Read more

Answer:remove malware, Spyware Protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any scri... Read more

2 more replies
Relevance 65.19%

Hi Folks, Yes I've got the privacy protection Malware, currently running windows XP on a dell laptop and I cannot start up in the safe mode, no Internet start up or execution of any programs allowed. Looks like I can strip documents & information off but thats about it. Can anyone share my options to cure this problem?

Thanks in advance - L

Answer:OK I've got the Privacy protect malware & no safe mode

Hello LarsLind,I moved this to Am I Infected.For the connection try these...Please click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.Now check if the internet is working again.ORGo to Start ... Run and type in cmdA dos Window will appear.Type in the dos window: netsh winsock resetClick on the enter key.Reboot your system to complete the process..Please follow our Removal Guide here Remove Privacy Protection (Uninstall Guide) .After reading how the malware is misleading you ...You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Also the other tool log.. A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller. will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.

1 more replies
Relevance 64.37%


I was just wanting to know the reason why Spybot S&D was removed from the "How to Protect yourself from malware!" sticky.

I am using version 1.6.2 since I found the newer v2 to be quite bloated and annoying. Should I still be using 1.6.2 since it still downloads the lastest malware signatures? Or is there an important reason why it was removed as a recommended antispyware tool?


Answer:Reason for Spybot S&D removal from How to Protect yourself from malware thread?

Just not that useful anymore and as you noted V2 is too bloated. We also never liked Teatimer.

You can still use the old version and make use of the bad download blocker and hosts file protection if you wish but I would not use Teatimer. Modern antivirus programs already included antispyware too.

1 more replies
Relevance 64.37%

Hey guys, I am sure you can relate to my current woes here. I have a family member who is just always getting malware on their computer. Getting tired of cleaning it up so frequently and I wanted to ask you guys what you do. Personall I install Chrome and MSE, and set MSE to a Full Scan once a week with real time monitoring. I also preach safe web surfing, but honestly, it's like telling a Crack Head that crack kills.

So what do you guys do to try to ease the pain of fixing a family members computer?

Answer:How do you Setup your family members computer to protect from malware?

They now have Macs

46 more replies
Relevance 64.37%

I've been using AVG, and have bought the full version, yet was confused with what I had to do.  Can anyone tell me which product is user friendly, yet a good system choice.  Thanks,
Would be appreciated. 

Answer:What is a good product to buy to protect and remove virus, malware etc...

My personal choice is ESET NOD32 Anti-Virus if choosing a paid for program as it leaves a small footprint...meaning it is not intrusive and does not utilize a lot of system resources. Kaspersky Anti-Virus is also a good choice if looking for a paid for program. If you don't want to pay then I recommend avast! Free Antivirus.For more specific information to consider, please read:Choosing an Anti-Virus ProgramSANS Institute Choosing Your Anti-virus SoftwareImportant Fact: It has been proven time and again that the user is a more substantial factor in security than the architecture of the operating system or installed protection software. Therefore, security begins with personal responsibility and following Best Practices for Safe Computing.

6 more replies
Relevance 64.37%

I have recently been infected with a fileless malware. I have run a scan with ksc and it reported some memory detection. So,i run a scan with fully updated avast free and emsisoft eek but they didn't find anything. Finally, i have to scan with zemana and only after it detected and removed a fileless malware,ksc was able to give my system a clean sheet. Does kaspersky and zemana the only one to protect against such attacks? I need a free tool to protect my system against such attacks. The detection by zemana was "trojan poweliks: fileless malware". I don't need any whitelisting software and i also sincerely think that even they cannot counter such attacks.

Answer:Do you know any free software to protect against fileless malware attacks?

avast and bitdefender free are both goof

23 more replies
Relevance 64.37%

Hi, i'm having a problem with my web browser since using the malwarebytes anti-malware scan. Before I ran the scan and removed the infections it found, I was able to open webpages and go to sites although when i would try to search it would redirect the page. After I ran the scan and deleted the infections, I tried to open a webpage and it said it couldn't display it although I was connected to the internet. One of the things the scan found said "adware.mywebsearch" I would assume that was the reason it was redirecting the page. As of right now, I have done a system restore to a point before i removed the infections so i could display a webpage to get help. If someone can please help me, I would be very grateful.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Leslie at 14:54:14.01 on Wed 05/06/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.496 [GMT -4:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\CA\SharedComponents\HIPSEn... Read more

Answer:malware agents/koobface,spyware protect removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Relevance 63.55%

Hi Guys,
Can I begin by saying a MASSIVE thank you to you all-I'd be totally lost without your help
Ok, down to business-I've done as the guide suggests, performed the XP clean up, ran the programs and I've got all the logs which are hopefully attached. The problems started a almost a week ago when the dreaded "spyware protect 2009" screen started popping up and the icon lodged itself in my system tray and I got suspicious when there was no option to get rid of it-it's disabled my windows firewall, is blocking/redirecting my IE browser with it's phony msgs etc. If you need any more info or if I've somehow left something out/attached the wrong logs just let me know-it's purely out of ignorance and not laziness if that's the case!!!:-o

Thanks again- Cheree :wave

Answer:vundo/spyware protect 2009 malware-logs attached

here's the last log

6 more replies
Relevance 63.14%

Hello,Please help!!! I only have a couple of days to fix this comp before I leave!!!I am receiving security popups, Spyware Protect 2009 (I did not download) is in my task bar and keeps popping up with infiltration alerts, and IE keeps redirecting to displaying "Internet Explorer Warning - visiting this web site may harm your computer!" Then offering to link me to Purchase Spyware Protect 2009.Here is my DDS Log file and attachment.Thanks!!!peace.b.DDS (Ver_09-03-16.01) - NTFSx86 Run by John at 9:11:09.81 on Sun 03/22/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.223.43 [GMT -5:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\VTTimer.exeC:\WINDOWS\system32\VTtrayp.exeC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeC:\Program Files\Analog Devices\SoundMAX\Smax4.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\QuickTime\qttask.exeC:\PROGRA~1\Nero\data\Xtras\... Read more

Answer:Unkown Malware/Rootkit security popups - Protect Spyware 2009

thank you! topic is resolved through off-post email reply.

Malware-bytes removal is the best!


2 more replies
Relevance 62.73%

My son runs Windows XP and has recently started having problems. Whilst he can send and receive e-mails and download things such as Windows Update, every time he tries to visit a Web Site, he gets an error notice telling him the site is unavailable. He uses Internet Explorer 6 and has recently loaded IE 7 but the result is still the same. He is obviously getting through to the net as he can get his emails and can receive windows updates, but has anybody any idea why he can't get into the web sites, It's almost the same as having sound but no vision.Help would be appreciated.

Answer:Can't visit web sites

Try a system restore to before the problem started...

10 more replies
Relevance 62.73%

This is my Hijack Log. Logfile of HijackThis v1.99.1Scan saved at 10:05:09 PM, on 1/3/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\WINDOWS\System32\Tablet.exeC:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exeC:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exeC:\Program Files\Trend Micro\Internet Security 2006\pccguide.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Clean Windows\HijackThis.exeO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /autoO4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Sec... Read more

Answer:Can't Visit Some Sites

Sorry for the delay. Are you still having problems? If so, please post a brand new hijackthis log as a reply to this topic. Also make sure you have followed all the instructions in this topic before you post your new log:Preparation Guide For Use Before Posting A Hijackthis Log

2 more replies
Relevance 62.73%

Oh dear, my computer is having issues. See, I have Internet Explorer 8, right, and it works really snappy. Like, real fast. Cept, whenever I visit a site thats not like washington post or a school website or anything, it freaks out and says "res://C:\Windows\system32\shdoclc.dll/navcancl.htm" in the address bar.

I've checkes a million times for parental controls or other content blockers, even asking my dad, but there's nothing physically blocking anything except for this. It's been like this since I got my Windows Vista laptop (it's a Sony VAIO) but it's gotten worse and worse and I just cant stand it any longer.

My dad called up a Verizon guy (I have Verizon internet, right) and the dude said I had a virus. I downloaded HijackThis but didn't want to have to download like fifty million things, you know?

So if someone could tell me like what to do about this, I would be eternally grateful. Seriously.

I have Trend Micro Internet Security, along with the Windows Defender-type stuff. And I cant access sites like Verizon Webmail or Gmail or ANYTHING really which is not good at all.

So please help me, I appreciate it so much!

And btw please dont comment unless you REALLY know what your talking about. Not to discriminate AT ALL, but the thing is that I might get a virus ifI download something weird and the last thing I need right now is ANOTHER virus.....

Thanks again soooo much!!!!

More replies
Relevance 62.73%

... I sometimes / often get the message to "click here" if the site is not displaying properly. See attached thumbnail. I click on their "click here" and it then works OK. These are "normal" sites like, not pron sites.

What are they doing that allows me to view their site properly. I have used the "red cross" fix in the past but no change. Any help appreciated. Bazza

Answer:When I visit sites ...

I just try your site and for me it work fine.....

XP Pro SP2.... Intetnet Explorer 6.0.2900.2180

3 more replies
Relevance 62.73%

Hello, I can't visit some web sites even the firewall is disabled.The page only display as one symbol "<" or totally blank.When I look up the source code. It is also "<" or blank as well.The most strangle thing is I can visit some homepage but failed to visit the sub webpages.For example,I can see and I can't open computer operating system: Win xp pro.IE 6.0.2900Thanks for your answer.

Answer:Can not visit some web sites.

Same problem with Firefox?

14 more replies
Relevance 61.91%
Question: Malware sites

Is there a list of current malware sites to be avoided? Can entering sites in the Restricted Site list of your Browser, prevent these sites from downloading to your computer? Can wild cards help prevent hijackers from changing their addresses to get around Restricted Sites lists?Mod Edit: This will be moved to a more appropriate Forum.

Answer:Malware sites

Even if there were a reliable list of such sites, the list would be too long to consider entering each instance into your restricted zone. Moreover, many of these sites come and go on a weekly basis, so keeping current would be a full time job.I would think the best approach would be to turn IE to a very high setting for ALL websites, or to use an alternative browser. See section 13 of the tutorial linked below for recommended IE settings:,John

1 more replies
Relevance 61.91%

Sometimes, on clicking a web address, message appears saying something along lines of -'the site you are trying to access contains a USERNAME - do you want to continue?Whether I click 'yes', 'no' or hit cancel the page always stops loading.Anyone please advise -What is meant by 'username' and what's the prob?What programme is generating this 'warning'?How do I sort so I can browse where I like?Shouldn't Opera, Spywareblaster, AVG & AdAware adequately protect against whatever 'hazards' out there?

Answer:Sites you'r not allowed to visit

If you have checked all your security options and they are set to low, then, this may be a Certificate issue or that you have not registered for the site you are trying to access.

7 more replies
Relevance 61.91%

I have just installed my wireless network on my computer with AOL. Some sites however are unavailable through IE, and can only be got to through AOL, as i hate AOL id rather use IE. Does anyone know how to let IE get to all sites? Ive already tried fiddling with the MTU.

Answer:Unable to visit some sites.

RipsawHave you got to the bottom of this? If so be interested to find out what it was as I suffer the sameThe BB

1 more replies
Relevance 61.91%

alright i was having virus issues and spyware i fixed those now i cant visit any sites that i use regulary myspace google mail and this is what ive tried uninstalled firefox reinstalled used winsock fix used hoster to return my host files to orignal state also ive done ipconfig renew flushdns and all that nothing seems to be working anyhelp here

Answer:cant visit my frequent sites

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:07 PM, on 08/08/08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\program files\mozilla\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet ... Read more

1 more replies
Relevance 61.91%

Well i know that they know what country i am from coz of my IP address, does it mean that each country has its own range of IP addresses?
How does it work?

Answer:How Does The Sites I Visit Know My Country?

Hi Wassim, Remember most of the time Google is your friend. So as a starter, read this.Good luck.

2 more replies
Relevance 61.91%

I cant visit certain sites sporatically, google/yahoo searches wont work, pc is running slow, running low on memory constantly and popups.

I ran combofix, so here is the log for combofix and hjt.
ComboFix 08-05-11.1 - Compaq_Owner 2008-05-11 22:35:10.1 - NTFSx86
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\Downloads\ComboFix.exe
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))))

2008-05-11 22:13 . 2008-05-11 22:13 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-11 22:13 . 2008-05-11 22:13 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-11 22:13 . 2008-05-11 22:13 10,520 --a------ C:\WINDOWS\system32\av... Read more

Answer:Cant visit sites, pop ups, hjt/combofix log

Hi guys still needing help!

2 more replies
Relevance 61.91%

Earlier Avira Antivirus detected 4 malicious items in my drive C. I cleaned it and the software notified me that they have been removed. After doing so however, i cannot visit my bookmarked sites. I opened them in chrome and firefox but i just get random characters in the webpage. Below is an example:

i open oddee. com which usually turns out fine but this time, these show up:

`I%&/m{JJt`$ؐ@iG#)*eVe]f@흼{{;N'?\fdlJɞ!?~|?"~=?lF?q[eN}9xZ-8}RViLӢ-QFAVy-gi"/EViӫ.g=^m.EGu-GZoǏ}ͯYu6ռmW/Z}t"-\r}khyV7yٺ=>b6 򳏚̛y-A =s#+ۼ^fmn^Vf ݺi>y([email protected]|&=;i|_"[,.=. 1d([email protected] R^gxRͮŴ*~?(󼸘}wWŬm?$rbUEq.X=45xV\<>rpEv?Zǃ=d]t//?'UVG;2[L{,3Og|u{Z]TE!~~ZOw߻Ow>}pG{vR4M.~Nk*{pwݝb{;!{&g... Read more

More replies
Relevance 61.91%


I`m running Vista on an Acer laptop over a wireless connection. 95% of my attempted page loads will fail until I do a page refresh in Firefox and IE.

When the page fails in Firefox, the error console reads (example taken from trying to navigate to

Error: illegal character Source File: Line: 1, Column: 6 Source Code: GIF89a

Error: nesting is not defined Source File: Line: 8

Error: load is not defined Source File: Line: 1

IE will show the error:

Char: 1
Error: Object expected

My HJT log reads:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:46:34 PM, on 24/10/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18527)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Read more

Answer:Sites Do Not Load Upon First Visit


1 more replies
Relevance 61.91%

i have windows 2000 and IE6 and i cant visit secure sites. i tried fixing my internet options but it still doesnt let me view secure sites. i cant download anything either. any assistance would be great. thanks

Answer:cant visit secure sites on IE6

You need the high encryption pack.

Download it here

3 more replies
Relevance 61.91%

So I am using a blackberry to post. I can't not visit any website that has any thing to do with antivirus websites because I will either get an error message or sent to a google search page. I posted a hjt thread here and since then all heck has broke loose. I obviously had a virus then and it seems to have gotten worse. The pop ups appear even if no one os at the comp.

My wallpaper says warning spyware threat has been detected on your pc. I am getting a huge amount of pop ups.

But I can't go to any site with any help with antivirus stuff unless I am using this blackberry - can someone give me some advice asap?

Answer:cant visit any antivirus sites

Hello MikeVan1818,I see that you have an HJT log posted here: We do not allow more than one topic for the same computer and the same issue as this causes confusion, and in this case may make the disinfection process more difficult.This leaves you with a choice:1) Have this thread reopened and the HiJack This log topic deletedOR2) Keep this thread closed and wait for assistance in the HiJack This log forum. Please note that that forum is VERY busy.Please send a Private Message indicating your choice.Assuming you wish assistance in the HiJack This forum, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make anoth... Read more

2 more replies
Relevance 61.91%

When I try to goto a certin site I am automatically re-directed. Following is my hijackthis log. Can someone help?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:20:44 PM, on 6/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Netopia\C3kWepN.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.exe
C:\Documents and Settings\Danny\Application Data\U3\0000151E676030F7\LaunchPad.exe
C:\Documents and Settings\Danny\Application Data\U3\0000151E676030F7\786EC753-D82C-493A-BF26-67D74AE2D931\Exec\RoboTaskBarIcon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\Hi... Read more

More replies
Relevance 61.91%

Hi once i have read some of your arhive threads last 6-27-08 i began to follow all of the steps from cleaning, defrag and Removal. I found out my PC had been infected with Trojan.Vundo(it was detected by malware)... I think it started when i downloaded last 6-26-08 a file at Bitlord. The first virus that was detected was a backdoor.trojan the Norton Anti-virus detect it and remove it. So i thought it was ok when i noticed my PC is slowing I already think that there are still problems with my PC. So i run again the Anti-virus and when it reaches 24% (estimated) my PC reboot and my keyboard got stalled and in my monitor it is BAD BIOS. but when i manually reboot it, it just jump to windows and didn't do the normal process when booting... and everytime I scan my PC with my AV it always reboot so i try to search the net and find you guys... a bit STRICT but helps us more to know and learn how to fix things with our PC

1. From cleaning guide my pc was running better than it was before...
2. From the Malware Removal Guide i don't know if i got the right proceedure
but got some problems...
a. SAS - it doesn't goes blue screen,but my problem here is when it attemps to scan my files it becomes stalled. the first time i ran it i left it for almost 6 hours... (thinking it would still work) so reading from the procedure if it doesn't work proceed to the next
b. Spybot - I dom't have problem here works really great
c. MAM - no problem he... Read more

Answer:Trojan.Vundo,Malware.Trace and Problems on boot and Norton Anti-virus Protect

here are the second logs of HJT and Combofix.

BTW,when i right-click all my folders and files and choose properties it seems that it has security tab and when i click the security tab there's been so much users and administrators in it. Is my files been publicly displayed or does this HighJacka** i mean Hacker get and manage my files...


16 more replies
Relevance 61.5%

When my machine became infected last week, I suspected that it came through a legitimate site, and that it exploited Adobe. According to the following article, it looks like my hunch was correct:

Answer:Malware via Legitimate Sites

yep. I got hit by one back in July. Posted to a local papers comments section before they knew enough to lock it down. But it made me go through all my puters and update the reader bho's and flash blockers and all my old versions of acrobat.

7 more replies
Relevance 61.5%


I believe I have gotten some form of malware from a friends USB drive. Since then I have not been able to access sites for Windows Update or any virus removal sites including Symantec. All of my browsers tell me they cannot find the server. I discovered the problem when I tried to download some updates from the Windows Update server. It does not appear to hamper any other aspects of the computers functionality.

I am running:
Microsoft Windows XP
Version 2002
Service Pack 2

Requested logs below:
Thanks in advance for any help.

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_31
Run by User1 at 10:50:18 on 2012-03-14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2559.1462 [GMT -8:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hexamail Vault\hexamailvault.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\deepinvent\MailStore Server\MailStoreServer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\Ghost\ngserver.exe
C:\... Read more

Answer:Malware Blocking Sites

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed. Note that if you do not respond within 5 days I shall no longer check this thread for replies.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
IMPORTANT - for Windows Vista and Windows 7 start all tools by using right click > Run as Administrator.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

A guide and tutorial on using ComboFix

Please read all the informatio... Read more

14 more replies
Relevance 61.5%

hi guys
im back with a new problem
my kids are streaming free movies and its malware loaded
here are the logs: attached
the tds log was clean so i didnt add it
thanks in advance

Answer:malware from movie sites

The only malware in your logs what the adware that MBAM found. What issues are you having, if any?

3 more replies
Relevance 61.5%


My computer has recently become infected with some kind of virus/malware. I have went through the steps outlined and have posted my log below. As for what is going on, my computer a few days ago started acting very strange. My search clicks would get redirected and at one point a fake anti-virus system icon became installed on my taskbar. I had great difficulty getting anything to work at first, but after running SpyBot I was able to identify that this was a CoolWebSearch spyware problem. The anti-virus icon is gone, but Spybot and CWSshredder keep coming back with positive results for cws.alfasearch and cws.olesearch. My searches are still getting redirected and my computer performance is slower than usual.

What steps should I take now? I would truly really appreciate feedback on this issue.

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k L... Read more

Answer:Malware redirecting sites

Hello, and welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Also, I'd be grateful if you would note the following: The fixes are specific to your problem and should only be used for the issues on this machine.
Do not install/uninstall anything on your computer unless advised.
Do not run any other scanning tools other than those instructed for you to use.
Follow the instructions on the order they are given.
Stay with this thread until advised when your computer is clean. Absence of symptoms does not necessarily mean a clean computer.
If you are being helped regarding this problem on another forum please advice us so that we can close this thread.
And lastly, if you have any questions, please ask before proceeding with any of the advised fixes.

If you are using Vista/Win 7, you will need to right click and choose "Run as Administrator" to run the tools we will use.
Also, please note to post the entire contents of the logs as the first DDS log has been cut off.

5 more replies
Relevance 61.5%

70 Of Top 100 Web Sites Spread Malware users are often encouraged to visit only legitimate Web sites to reduce the risk of malware infections, but distinguishing between legitimate and illegitimate Web sites increasingly appears to be meaningless.Seventy percent of the top 100 Web sites either hosted malicious content or contained a link designed to redirect site visitors to a malicious Web site during the second half of 2008, claims Websense's report State of Internet Security, Q3-Q4, 2008. Alexa Top 500 Sites

More replies
Relevance 61.5%

I recently got infected with AntiSpyware Master on my Laptop (WinXP) and went through hours of getting it to a somewhat useable state by running AdAware, searching based on time when infection occured, and deleting about 30 or so obviously malicious .exe's. However, I still have the following issues that I can't seem to get rid of:

-Internet Explorer opens sites such as (most common),, etc.
-These are opened whenever I take some sort of action (click on link, etc.) in Internet Explorer, but also at random about every 10 minutes or so even if I wasn't initially using internet explorer.
-When I try to browse other sites, some that normally work fine (ex. gmail) hang and will not load.

Here's my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 3:40:00 PM, on 6/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\sys... Read more

Answer:Malware Opens Sites on IE

7 more replies
Relevance 61.5%

when i go to alot of sites,i recieve a message asking me to send an error report,and after i send the report it tells me the problem occured because of microsoft windows xp, i don`t know what does it mean and i don`t know why either,and although i got a new windows xp professional the same happen, and i did as i read in an answear for someone`s question here in this site, to visit and the same happened, i need some help plz,and i don`t have much experienece about computers, i tried to search for a question like mine but i couldn`t find one coz i`m new in this site, sorry if i did it wrong,

my computer`s informations is:

microsoft windows xp professional version 2002 service pack 2( and it becoms service pack 3 after i installed some updates)

intel(R), celeron(R) D CPU 3.06GHz 3.06GHz, 896MB of RAM

i need to use these sites all the time,and i need to go to change sittings also, plz help me, i`ll wait ur answear soon.

Answer:Solved: i can`t visit alot of sites

16 more replies
Relevance 61.5%

Recently I starting to get popups from-


When I go to Twitter website and other type of social media websites.

How can I prevent those survey sites from popping up for no reason ?

Just add them to my hosts file or is there a better way ?


Answer:Survey which popsup when I visit certain sites

Get a pop up/ad blocker.

1 more replies
Relevance 61.5%

Hello all, I'm trying to download Kali Linux but I'm having trouble accessing these two websites that contains the download link. The two websites are and

I find it really unusual that I can't access the two websites that contain the download link to Kali Linux. Whenever I try to go on these two sites, it says "This site can't be reached" and "took too long to respond" and ERR_CONNECTION_TIMED_OUT. I'm using Chrome but I've tried to open these sites on different browsers such as Firefox and Internet Explorer and it still has the same error message. I know the problem lies within my laptop because I went on my phone and used my cellular data to try and connect to those two websites and I was able to open it up fine. I thought it might be my ISP blocking those sites, so I went to starbucks and used their Wifi and I still couldn't open up the two sites on my laptop. For sure there is something wrong with my laptop which is causing this problem. Maybe a virus? A hacker? I installed Malware Bytes and ran the scan and found 22 threats which were quarantined and removed but I still can't fix this problem. I'm using windows 7. I tried using nord vpn's web proxy to access the two sites I mentioned and I was finally able to access it through the proxy and I was able to download Kali Linux through the proxy but then when I tried opening the file after downloading it through the proxy, it says the file is corrupted. I'm guess... Read more

More replies
Relevance 61.5%

Tech Support Guy System Info Utility version
OS Version: Microsoft Windows XP Home Edition, Service Pack 2, 32 bit
Processor: Intel(R) Pentium(R) M processor 1.50GHz, x86 Family 6 Model 13 Stepping 8
Processor Count: 1
RAM: 247 Mb
Graphics Card: Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family, 128 Mb
Hard Drives: C: Total - 27511 MB, Free - 22931 MB; D: Total - 27705 MB, Free - 25697 MB;
Motherboard: Acer, Dunlin, *, LXT760510152235189ED00
Antivirus: None

I'm unable to use automatic updates to microsoft as it says can't find MICROSOFT.COM.

Answer:unable to visit microsoft sites

Scan your computer for virus and spy/malware

2 more replies
Relevance 61.5%

For the past week or so I've only been able to access HTTPS sites in the evening between about 10pm to midnight. The rest of the time it seems to be fine.

At first I thought all internet was down, but then I realised it was just HTTP sites that weren't loading.

I've googled this and it seems like an known problem. The only difference is it only seems to happen in the evenings - about 10pm to midnight.

I've tried running spyware tools such as SUPERAnti Spyware and Spybot Search and Destory with nothing detected.

I'm using Windows 7 and have MS Security Essentials running.

I've tried connected via the WiFi and via an ethernet cable.

It seems to be affecting the other laptop in the house and the phones in the same way, although the other laptop is now broken so can't verify this.

Any ideas of what it could be?


Answer:Can only visit HTTPS sites, not HTTP

9 more replies
Relevance 61.5%

In windows phone with lumia cyan i am redirected from the sites i visit to .

Answer:Why am I redirected to when I try to visit other sites?

Do a Factory Reset on your phone...
If you are getting redirected here you need to flush your system out.

2 more replies
Relevance 61.5%

Has anyone had this problem?



Answer:I can't access or but can visit all other sites

I wouldn't call it a problem.. More like a blessing

What are the symptoms? A giant red window pops up saying "You cannot go there!"?

16 more replies