Computer Support Forum

help!! Malware keeps coming back!

Question: help!! Malware keeps coming back!

It started with the AntiVirus 2009 pop-in the new firefox tab. So, I installed Malwarebytes and ran the test. It found a bunch of stuff, deleted it, but it all comes back within a day. If I run Malwarebytes again, it finds it, deletes it, but it keeps coming back.

I installed and ran SDFix, but upon reboot it hangs on the finishing. Also, now I get rundll errors upon startup due to this.

Please help! Thanks in advance for any help anyone can provide! Here is my Hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:38:28 PM, on 11/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {d223ce9f-00ed-4720-8cba-c49387289dae} - C:\WINDOWS\system32\vibomate.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [hoveyuhuva] Rundll32.exe "C:\WINDOWS\system32\dofakase.dll",s
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [hoveyuhuva] Rundll32.exe "C:\WINDOWS\system32\dofakase.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [hoveyuhuva] Rundll32.exe "C:\WINDOWS\system32\dofakase.dll",s (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1218681879859
O20 - AppInit_DLLs: C:\WINDOWS\system32\ninegozu.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8699 bytes

More replies
Relevance 100%
Preferred Solution: help!! Malware keeps coming back!

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Relevance 67.24%

SuperAntispyware keeps detects

Roque.Internet.Antivirus
Browser.Hijacker.MJcore
Roque.Antivirus2009
browser.hijacker.webtools
browser.hijacker.skra
trojanxp security center
adware media-codec/zlob

ANy ideas?
 

Answer:Malware keeps coming back?

Heres the log from smitfradfix which i was told to attach before proceding.
 

2 more replies
Relevance 67.24%

I am in the process of finishing up the requested scans. As I got to near the end of the scans, the obvious malware .exe files that had been deleted started to come back. I am in the process of the final last scans and am collecting the log files to send. I really need help on this one because it seems to be something really deep/behind the scenes.
 

Answer:Need Help - Malware keeps coming back

Hi mismgr

Welcome to Major Geeks!
You'll need to post twice to attach the logs. We'll look at them when you've finished them all. Please make sure your HijackThis log is renamed analyse.exe and that it's in the folder HJT or HijackThis under C:\Program Files

abri
 

23 more replies
Relevance 67.24%

Hi, I've had this problem for about a week now. Something seems to have gotten onto my computer. The main thing I notice is there is a program called brastk.exe that gets autorun on startup. There are also a number of startup entries in msconfig that reactivate even if I disable them. They are:
"rundll32" which runs a dll called drkly16j.dll
"dumprep 0 -u"
"brastk.exe"

If I delete brastk.exe or drkly16j.dll they just get recreated on the next boot. It appears that something besides a program is running at startup, possibly a service or a program running on shutdown. There is also something redirecting my google searches, and when I plug in my flash drive an autorun file gets created along with a file called system.exe.

EDIT: uh-oh, I just tried to run HJT and Spybot and neither will start! No error messages, just double clicking on the program and nothing happens.

Answer:Malware keeps coming back

Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.Make sure that e... Read more

8 more replies
Relevance 67.24%

Working on a friend's laptop, running Win XP - and it seems to be really infecfted.
 
I ran MalwareBytes and SuperAntiSpyware, and they found and removed multiple items (PUP Desktop, Yontoo, etc).  
 
They don't seem to stay gone.  I briefly connected the laptop to the net and it seemed to self re-infect pretty quickly.
 
He was only running an outdated Mcafee and his kid had previously done some file sharing.
 
I'm leaving the laptop disconnected from the net and working through a desktop for this.
 
 
I ran through all the prep steps in this forum and should be ready to go.
 
Here's my DDS scan, and I've attached the zip file.
 
 
==================================================
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by Owner at 21:41:16 on 2013-10-29
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2047.1557 [GMT -4:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SearchProtect\bin\CltMngSvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\CD... Read more

Answer:Malware keeps coming back

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).=== Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifications.On completi... Read more

17 more replies
Relevance 67.24%

 Hi all, my main computer has been infected with the ICE Malware twice now and I don't know what I can do to fix it at this point.
  I have done system restores, I have used malware and Kickstart pro and a couple of other programs and it still comes back.
 Any fix I make only lasts about 24 hours or so.
 I know the problem is with my Windows Registry. A window will pop up asking me if I want to allow the program to make changes to my computer via the registry and clicking no only brings up the window again and again until I click yes. 
Shortly after that, the ICE malware has shown up both time.
 At this point, I am thinking the only thing to do is do a system reformat but I've been told even that might not work.
At least I have everything I really care about backed up on external hard drives (learned my lesson from Cryptowall) but I would really like the stupid thing off my computer for good.
  Any help I can get will be greatly appreciated, as I am at my wit's end.

Answer:Ice Malware keeps coming back

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/555446 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 67.24%

I've had a frustrating issue lately with my PC.

A storm knocked out our ISP for an hour, and when the internet came back on, I was was swarmed with malware.

We cleaned it off with Kaspersky, Hitman Pro, and Norton. But the next morning, it returns. We clean it off again. The next day, it returns with rogues and backdoors.

And Norton/Hitman Pro says that the computer is completely clean, but as soon as it gets uninstalled, the rogues and backdoors are back again.

What is the issue here? Is our IP address compromised?

Answer:Malware Keeps Coming Back

Hello Mazy,

Yes and no. The problem is that none of the tools you've run have been able to properly eradicate the malware. Please follow the instructions in our pre-posting topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 67.24%

Ok, so I scanned my computer with Avast and had some Trojan?s and avast got a lot of them out, although my Firefox Process runs at 100% after about 2 minutes of using the app. So I assume I have some sort of a virus, I scanned my comp with Malwarebytes and it found some and deleted then but other malware viruses keeps coming back. I also did spybot S&D it found cookies, online Bitdefender found IRC-Worm and some other generic Trj's it deleted them, it seems avast did not detect some that Betdefender did, RemoverIT Pro v4 detected lots and could not remove some(list is below), I have Vista 64bit so : RootRepeal screend didn't work. I did what the instructions told me to do and this is where I?m at. What I do most of the time when I have a virus that does not want to go away is I try safe mood scans or boot time scans, i do not have avast pro anymore so i can't do a boo time scan. Safe mood scan detected some of the following below
Avast
Sign of "JS:Downloader-FT [Trj]
Sign of "Win32:Malware-gen
Sign of "HTML:Framer-inf [Trj]
Sign of "Win32:VB-LLP [Trj]
Sign of "Win32:VB-LLP [Trj]
Sign of "JS:FakeAV-AX [Trj]"
Sign of "HTML:IFrame-CJ [Trj]"

These where sign's of the trj or malware, it seems to keep coming back so i can't find the main file infecting my pc. Also these things have got into my windows files.

Usually what i would do at this point would be to back up and reinstall windows, although i have an extra TB hard driv... Read more

Answer:malware and Trj's keep coming back

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.

First Location
Second Location
Third Location

Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this repor... Read more

7 more replies
Relevance 67.24%

Hey guys,

I been using AntiVir and there have been lots of pop up saying that y.exe is a malware and i deleted it using antivir but it kept appearing. Also, I have found many unknown file in C:\Windows\system32 and searched them up which they came up as malware/spyware

I have run hijackthis and here is the log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:59 AM, on 11/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\W... Read more

Answer:Malware kept coming back

Hi, welcome to TSF!

Before we continue, please follow the instructions presented in this thread: http://www.techsupportforum.com/secu...oval-help.html then post the requested logs.

2 more replies
Relevance 67.24%

I was infected with some Malware, I thought I had gotten rid of it, but It came back and this time it doesn't go away, What should I do? How do I post a Hijack this Log?
 

Answer:Malware Keeps coming back

* Click here to download HJTsetup.exe.
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

1 more replies
Relevance 67.24%

I'm not entirely sure what infection I have here, but I think it has something to do with the Coupon Printer my friend downloaded a while back (I'm cleaning her computer for her)It started out with a bunch of fake AV programs screaming at me to "fix all the infections". I downloaded and installed MBAM, but I couldn't run it until I rebooted in safe mode. It found 8 or 9 items and I cleaned them all. One of them was the following:C:\Users\Haley\AppData\Local\Temp\Low\COUPON~1.DLLEvery time I restart the computer and re-run MBAM, that same file shows up, no matter how many times I've tried to delete it.I thought I had fixed all the nasties because the fake AV is now gone, but I'm not so sure anymore. I'm pretty good at malware removal, but not great, so I thought I'd ask you guys to take a look.Thanks!!DDS (Ver_10-03-17.01) - NTFSx86 Run by Haley at 0:15:15.58 on Tue 05/11/2010Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3034.1804 [GMT -6:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssc:\Program Files\Microsoft Security Ess... Read more

Answer:Malware that keeps coming back

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

12 more replies
Relevance 67.24%

I have some sort of malware or virus on my computer. My computer is:
Dell Mini XP Home Edition Version 2002, Service Pack 3, CPU 1.60 GHz, 0.99 GB Ram
I connect to the internet wirelessly.

I have run Avast! scans which found and removed several items. I have used Ad-Aware to remove some items. I have also used CCleaner that removed items. However, the main problem keeps re-occuring. Several times it appeared to be gone, but always came back within one day. It does not appear to matter which websites I visit.

The main symptom:
Websites that I normally go to take more time to do anything, and then a big browser screen with some ad pops up full screen in front. This happens in both IE7 and Firefox. These are sites I am accustomed to go to and have visited daily for months and am fairly aware of their performance on this machine. Some of these sites do not work at all, until I kill some other process. However, there is really nothing extra that is normally running, so I end up killing the Avast! On-Access scanner.
Also when I try to install Malwarebytes, the main mbam.exe is never present, so I can not run this. I am not sure if the malware is preventing normal install of this program.

In the system startup items there is always something like (from CCleaner):
Program:tipejabov
File: Rundll32.exe "c:\windows\system32\biluguki.dll",a
the name of the file varies. It was nonomasu.dll yesterday. it was wituloru.dll the day before.
I susp... Read more

Answer:Malware keeps coming back

Hello these are Vundo (malware)files. Since the malware is affecting your ability to scan let's do it this way.Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.2. Restart your computer (very important).3. Download and run this utility. Mbam clean4. It will ask to restart your computer (please allow it to).5. Due to the reboot,you need to run RKill again.6. After the computer restarts, install the latest version from here. http://www.malwarebytes.org/mbam-download.phpNote: You will need to reactivate the program using the license you were sent.Note: If using Free version, ignore the part about putting in your license key and activating.Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.Restart the computer again and verify that MBAM is in the task tray and run a Quick Scan and post that log.Rerun... Read more

20 more replies
Relevance 67.24%

I made the mistake of installing a program from an unknown source and now my computer has malware. Malware Bytes scanner keeps removing them, but they keep coming back. I think it was wooden seal and smeazymo.
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-02-2016
Ran by Mohamad (administrator) on MOHAMAD-PC (25-02-2016 19:11:42)
Running from D:\Downloads
Loaded Profiles: Mohamad (Available Profiles: Mohamad)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(Scarlet.Crush Productions) C:\ScpServer\ScpService.exe
(Microsoft Corporation) C:... Read more

Answer:Malware keeps coming back.

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Your FRST log is clean.Please paste the Addition.txt file created by the Farbar tool.I will review it.

6 more replies
Relevance 67.24%

I have already been through the "Am I Infected" forum and I am sure that I am but I don't know how or with what. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/305217/security-breach/ ~ OB We have run MBAM and GMER and removed some infections and the next day when I ran my Spyware Doctor, I was reinfected with two new infections. Already identified them as keyloggers and one was some type of autodialer. Anyway, I was told to run a DDS and post it here. Time for an operation, I guess. LOL I am hoping to learn something from the process. I have already learned a lot just reading and researching on my own before I broke down and came to bleepingcomputer for help. I know when something is over my head and whatever this is.....is it! Thank you so kindly for the help! Here is the DDS. I did run a GMER last night but for some reason, my system had crashed when I returned the computer so I did not have the results. If you would like for me to run another one, please advise and I will do it ASAP. DDS (Ver_10-03-17.01) - NTFSx86 Run by Compaq_Owner at 0:48:56.29 on Sun 04/04/2010Internet Explorer: 7.0.5730.11Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.191 [GMT -4:00]AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.ex... Read more

Answer:Malware keeps coming back.

Hello and and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have sinceresolved your issues I would appreciate if you would let me no so I can close this topic.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.%SYSTEMDRIVE%\*.exe/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.sys/md5stopCREATERESTOREPOINTPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedThanks

42 more replies
Relevance 67.24%

OK, first i would like to say how great this forums is, its helped me alot over the years to come to terms with fixing my computer! Normally i have no problem browsing through to find a specific error and get things sorted.. but this evil worm virus keeps cming back and i cant kill it!

When the virus first emerges i kept getting Error in: Users\Alex\AppData\Local\Temp\(randomfilename).dll

Missing entry: run

So i tried too manually fix the error by using hijack this and autoruns, but it keeps coming back, and is getting worse! No i cant even set a desktop background without it going insane, and making IExplrer browser pop up and auto load adverts over and over! Agh!

Ok so this is my Hijackthis scan log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:16, on 02/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g... Read more

Answer:Malware Keeps Coming back PLEASE HELP ME ^_^

6 more replies
Relevance 67.24%

Hey, so i've gotten this malware and i know what program caused it but i deleted it and have no clue now, sorry :/ But the main issue is, as i said i cleaned it with Adwcleaner and it finds it and removes it (I'm certain that's it but when i restart chrome it "re-installs" itself. Also I've used FRST but i don't know how useful it will be as i'm puzzled whether it worked or not Now enough from the cryptic talk.

it's under
C:\Users\my user\Appdata\local\google\chrome\user data\default\secure preferences
inside the file (opened with notepad++)
this is the culprit:
plnkhmnoajbfccclonaeepohggeolcih (more details in uploaded logs)
Also, over time due to the popups it also installs some random tinytask thing + uk.ask.com or whatever search provider (also in logs)
Now, as i mentioned above i've checked installed programs and services and found nothing out of the place. I have no clue how the hell should i go about fixing this as its a nasty malware that doesnt wanna get removed. The only sites i found relating to this issue are spanish and the forums even with translate didnt help much so i'm here to ask for some help! Thanks for anything in advance
 

Answer:Malware keeps coming back

Hello,

Your FRST report is empty and you are missing Addition.txt report.
 

9 more replies
Relevance 67.24%

Recently my computer was infected with something that changed the time to *:** VIRUS ALERT!, disabled display options, disabled taskmanager, and disabled regedit among other things. It also installed a toolbar called fqbewlna(which is still there). I scanned the computer in safe mode with Malwarebytes anti-malware and it detected about 73 items and removed them. I rebooted in normal mode scanned with norton antivirus and malware bytes and found nothing. Everytime i reboot now, i get the VIRUS ALERT and everything disabled. I have to scan without malwarebytes (i now only get about 23 results) and reboot; this gets rid of it until the NEXT time i reboot.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:50:48 PM, on 9/14/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\agrsmsvc.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Hotspot Shield\bin\openvpnas.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:�... Read more

Answer:Malware Keeps Coming Back

bump

3 more replies
Relevance 67.24%

A couple of weeks ago when I started my computer (Windows XP Pro) a popup appeared, without me going on the internet. In the title bar it said http:// morze . cafreedom . com, and the popup was saying I might have spyware and to click a link to begin scanning - as if I'd click it!Anyway I ran Ad-Aware and it found a few items, but the one that stood out was VX2 and was categorised as MalWare. It couldn't delete the file vgz.dll, so I had to delete it via the command prompt. Doing this closed all Explorer and Internet Explorer windows, which presumably is because it was running/using Explorer. It actually restarted explorer completely, so everything disappeared for a moment.Having got rid of it, I had no problems... until the next time. It keeps coming back, sometimes when I'm logged on, other times when I've restarted... I can't see when it's coming back - just seems random.I haven't been on any dodgy sites, so I can only assume that there's another file other than vgz.dll still on my hard disk somewhere that Ad-Aware, Spybot and AVG won't detect.Any ideas?Thanks in advance,Gary

Answer:VX2 MalWare Keeps Coming Back!!!

You can try this add-on from ad-awareclick here

10 more replies
Relevance 67.24%

Help! I use Security Task Manager and every time I connect on the internet, a fake 'svchost.exe' is being downloaded in "C:\WINDOWS\security." There are also a "kakijigu.dll" and "makezimu.dll" that appear in Security Task Manager. I use Avast and Malwarebytes but since I got this problem, I cannot update Avast, even by downloading the update through "avast.com" and Malwarebytes virus database is being deleted after I detect and remove some virus.

Another problem is that when I switch my modem on(I use a modem for wireless connection) and the fake "svchost.exe" is running, I get and error message on the "svchost.exe" and I cannot connect to the internet, I cannot open any program and the theme changes to Windows Classic.

Here is my DDS log:
DDS (Version 1.1.0) - NTFSx86
Run by Administrator at 10:21:45.17 on Mon 01/05/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.536 [GMT 4:00]

AV: avast! antivirus 4.8.1229 [VPS 080723-1] *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Sof... Read more

Answer:Malware coming back

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1Link 2Link 3Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall

98 more replies
Relevance 67.24%

Despite regular PC anti-virus scans, Avast, and online scanners like ESET and scans from Malwarebytes, which usually returns little, the one that captures malware best for me is Spybot.

But it seems I keep removing same malware like Fastclick etc.

Any other scans available?

I've posted Hijackthis scans many times in past, but stopped as I recently get no responses.

This forum must be really busy now.
 

More replies
Relevance 66.42%

I have an 8GB SD card. I scanned it with ESET SS and Malwarebytes and removed all the detected infections. Still when I remove it and plug it again the scanners detect the malware again! I can neither format nor scan the drive for errors. Please help!!!

Answer:Malware in SD card just keep coming back!

Try this free program : MCShield ::Anti-Malware Tool:: since I started using it nothing got through from USB memories. Did you scan whole computer or just USB ?

23 more replies
Relevance 66.42%

Hello I am having a really bad problem with my computer. I have some nasty trojan that keeps comig back. I cleaned up my computer with MalwareBytes Antimalware and it removed the trojan, i can say this because after i restarted the computer i did a new scan and it came out clean.
So the computer was doing ok for about 4 days and then again the trojan activated. I tried using again the malwarebytes but it didnt run, i then scanned with avg and remove some files that were trojans after this i could reinstall th Malwarebytes. It cleaned again the computer but after some days the virus activated again.
I ran combofix and i have attached the log, please help me fix this nasty problem thanks.

Answer:Trojan or Malware keeps coming back

Hello and welcome to TSF.

I Apologize for the late response.

If you still require assistance, we would like to see the latest state of your system. So, please post a fresh DDS log and a new GMER log as described in this topic. In your reply, I would also like to know any symptoms you may still have and how your computer is running at the moment.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don?t hear from you in three-five days this thread will be closed.

With Regards,
Extremeboy

3 more replies
Relevance 66.42%

Ok so i remove these files with malware bytes anti-malware every day, but after afew hours it just comes back again, and is very very irritating.
so far the only obvious signs are that windows live messenger will receive a message about it having an error, but i simply ignore it and continue msn.
another thing is that my 'show hidden files' cannot be activated, and i assume it has been changed by one of the viruses.
can someone help me find ways to get rid of them permanently?
attached is the log file.
Also, is there a way to make MBAM be forever running on my com in the background and alert me of any detected viruses infiltrating my com?(like the other anti-viruses)

Answer:5 viruses/malware keeps coming back

Hi,

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.Disable any script blocking protection
Double click dds.pif to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT



Download GMER Rootkit Scanner from here or here. Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

9 more replies
Relevance 66.42%

Hello everyone so im having some malware problems..This malware is hiding in my CD or this malware is so deep in my system that i dont know how to remove it..I have tryed almost all scanners what i know and what i found gmer,tddskiller,malwarebytes,panda cloud cleaner,hitmanpro many more more scanners i have done malwarebytes full scan and almost with every scanners full scan still they doesent seem to find this malware.I have 3 DVD+RW DVDS and they are all infected..Today when i putted 1 of my cds in my cd drive weird things started to happen first my desktop started to flash my desktop icons and then it started to run programs automatically this time it ran microsoft one drive.And only all of these scanners eset found first 2 threats and then only 1 but i couldnt remove those because this malware blocks it somehow and crashes eset online scanner..all requested logs attached and screenshot of this scanner..And forgot to say this malware now blocked fully Access to google chrome.

More replies
Relevance 66.42%

Hello, I have ThinkPoint Malware on my system, I have the free Malwarebytes and it cleans it off, but it keeps coming back. Very frustrated, please help.

DDS (Ver_10-11-10.01) - NTFSx86
Run by PORTON at 11:04:29.29 on Fri 11/19/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.210 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\PROGRAM FILES\DELL\DELL LASER MFP 1600N\PSU\ScanToPc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\taskmgr.exe
C... Read more

Answer:ThinkPoint malware coming back!

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

You can read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

-------------------------------------... Read more

11 more replies
Relevance 66.42%

Hi, Spybot search and destroy used to take care of my malware, recently I've added malwarebytes to my defence. Unfortunatly they are not enough. I play league of legends a lot and about every three games I'll start getting huge lag spike (usually I have 87ms, then it shoots to about 20000ms)I check resource manager and it doesn't pick up anything leaching my interent besides the game. (and svchost of course) Please help me out, I don't want to have to scan for malware everytime before I start playing -_-Logfile of Trend Micro HijackThis v2.0.4Scan saved at 7:58:03 PM, on 7/15/2011Platform: Windows 7 (WinNT 6.00.3504)MSIE: Unable to get Internet Explorer version!Boot mode: NormalRunning processes:C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\iTunes\iTunes.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exeC:\Users\The Bola\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\The Bola\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\The Bola\AppData\Local\G... Read more

Answer:Hijackthis log - Malware keeps coming back

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:***************************************************First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/409750 and follow the instructions there. If you do not still need help, this is all you need to do. If you do need help please continue below.***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have p... Read more

1 more replies
Relevance 66.42%

I have already posted a topic here about another computer in my household. Hopefully, you guys can help me with this..

My boyfriend has run SpyBot & AdAware several times but he can not manage to get rid of ALL the Malware. His PC is sluggish, refuses to open programs, & often crashes.

Here is his HJT log..

ANY help is GREATLY appreciated! Thank you!

Logfile of HijackThis v1.99.1
Scan saved at 1:31:42 PM, on 2/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Canon\MultiPASS\mpservic.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\r... Read more

Answer:Urgent! Can NOT get rid of Malware! Keeps coming back!

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


* * * * * *


Something that requires your immediate intervention. I notice that you have more than one anti-virus programs on your machine (AVG & Symantec). That's not a good idea!!

This messes up the machine pretty badly. Alike firewalls, anti-virus programs have conflicts co-existing with each other & may produce undesirable results. Please uninstall ALL leaving only one of them.

ALL the antivirus programs must be removed via add/remove program.
For any program that doesn't have an add/remove entry, you will have to do this:re-install the program -> reboot -> uninstall## Do NOT proceed with the rest of the fix until you have resolved the dual antivirus programs ##


* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *


Download & install CleanUp.exe (not recommended for WinXP64)

Download LSPFix.exe

Download and install Ewido Security SuiteWhen installing, under "Additional Options",uncheck - Install background guard

H... Read more

7 more replies
Relevance 66.42%

I have an 8GB SD card. I scanned it with ESET SS and Malwarebytes and removed all the detected infections. Still when I remove it and plug it again the scanners detect the malware again! I can neither format nor scan the drive for errors. Please help!!!
 

Answer:Malware in SD card just keep coming back!

Hi,

Before we begin, I want you to have this in mind:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

I visit forum several times at day, making sure to respond to eveyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me.
Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.

Please attach all report using button below. Doing this, you make it easier for me to analyze a... Read more

11 more replies
Relevance 66.42%

Hi, My name's Kelly, and I use Windows XP 2002 Professional with SP3, I use trend online security as a anti-virus. I scan my computer about once every 2 days and i keep detecting a cookie called COOKIE_ATDMT and other cookies but not this time i scanned... it says its being deleted but when i scan it again, its still there, and i dont know how to remove it, i press the link and it gave me a solution which was run the housecall thing from the trend website, but that wont even load, guess my computers really slow for some odd reason, plus my internet connection keeps getting disconnected and i use broadband.. If you need any more info, please tell me..I will try my best since I really know nothing about computers, that why I keep getting infected..
 

Answer:Cookie malware keeps coming back

8 more replies
Relevance 66.42%

Hi there I have a problem with some trojans and stuff, I have done few scans with PC tool, Panda, Kapsersky. Scans tell me they have been removed but everytime I restart my comp the pop up keeps coming back.

win32.monder
virtumonde

are the main cuprits

Pop ups are adult material and its so annoying.

please help.

here is my log ...

________________________

Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-19 18:10:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
44: 2008-06-19 17:10:14 UTC - RP109 - Deckard's System Scanner Restore Point
43: 2008-06-19 16:02:50 UTC - RP108 - Installed Kaspersky Anti-Virus 7.0.
42: 2008-06-18 18:33:36 UTC - RP107 - Removed Apple Software Update
41: 2008-06-18 16:44:12 UTC - RP106 - Software Distribution Service 3.0
40: 2008-06-17 11:52:52 UTC - RP105 - Installed QuickTime


-- First Restore Point --
1: 2008-06-17 09:34:39 UTC - RP66 - Removed Logitech Audio Echo Cancellation Component


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:12:29, on 19/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
M... Read more

Answer:Malware removed but keeps coming back

Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer pr... Read more

1 more replies
Relevance 66.42%

Hi there,

I have been noticing a slow down of my computer and issues with my weekly backup. I have Malwarebytes installed and have used it daily. It keeps finding this pup.datamngr malware and removing it. Obviously, this is not a permanent removal. I have looked up (on the internet) how to remove it manually and with Combofix, but I am worried about crashing the computer.

I am prepared to do what I need to do, but need some guidance.

Thanks in advance.

Answer:PUP.Datamngr malware keeps coming back

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

20 more replies
Relevance 66.42%

I'm running Vista 32-bit.I got hit with Vista Security 2012 a couple of weeks ago, and thought I had successfully removed it. However, I've recently noticed problems that it's not quite gone - I occasionally get pop-up advertisements on sites that don't have pop-ups historically, Explorer would crash & reboot itself "mysteriously," and for a time Windows Firewall and Windows Security Center were disabled. I've been using MSE, Rkill & Malwarebytes Antimalware to try and clean this up. MSE points towards Java exploits and FakeRean. I ran a few scans with TDSSkiller while trying to treat it as well, but it turned up nothing the last time I ran it.Rkill terminated these programs the last time I used it:\\?\C:\Windows\system32\wbem\WMIADAP.EXEC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeI've used DeFogger to disable any CD emulation software. I've attached the DDS logs below. I unfortunately do not have a GMER log, since my laptop either crashed while that was running or when it went into hibernation. I will get one posted as soon as I can get a log..DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24Run by Fred at 13:13:40 on 2012-01-18Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.2549.1423 [GMT -5:00].AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160... Read more

Answer:Go away, malware I've tried to remove that keep coming back

I managed to sit down and get this worked out earlier today, so you can just disregard this. Thanks!

2 more replies
Relevance 66.42%

Hi,

I can't seem to get rid of some malware that's infecting my comp with popup ads.

Please help. Thanks!
 

More replies
Relevance 66.42%

Is it possible to prevent spyware and malware from getting into your computer? It seems that it is always the same stuff that I regularly remove with SpyBot, AdAware, A-squared etc...I use Spywareguard and Spywareblaster and still these nasties appear! Am I going to have do this as long as I use the internet? Thanks.
 

Answer:Spyware and malware keeps coming back...

http://www.mvps.org/winhelp2002/hosts.htm

What kind of things are you finding in Spybot and AdAware? If they're just "Tracking cookies", don't worry about it.
 

3 more replies
Relevance 65.6%

Hi - my daughter handed over her 'blue-screen-of-death' computer to me and I got it back to the present state. She has some spyware/malware that keeps re-appearing after I run McAfee virus scans and Adaware. Can you help?

Tks a bunch!

Here's my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:03:06 PM, on 8/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\bdaecsc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\explore.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctf... Read more

Answer:Solved: Spyware, Malware keeps coming back

16 more replies
Relevance 65.6%

Hi,

Sorry to post again, but this time with my scan results. I also posted here a month ago, but had to be closed due to pirated software. I've deleted them all since (I hope, at least all that I know of.)

Right now "Ads Alert" seems to be affecting my computer and I can't seem to get rid of it.

My scan results are as attached.
 

More replies
Relevance 65.6%

Although my anti-virus program is catching the trojan, it keeps coming back. I also get spyware that comes back after I have just removed it. So far I have used the following programs in my quest to remove all malware on my Windows XP computer: Ad-aware, Spybot, MS AntiSpyware, CWShredder, and True Sword. The following is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:59:46 AM, on 1/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Notes\ntmulti.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\WINDOWS\System32\wm.exe
C:\WINDOWS\system32\rundll32.exe
C:\NOVELL\ZENRC\WUOLService.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
c:\windows\clntrust.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SY... Read more

Answer:Trojan.Dropper keeps coming back along with malware

You have multiple infections on this system....we'll address VX2/Look2Me first:

You have the latest version of VX2. Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Click "Install" to extract the contents to a newly created folder.

Close any programs you have open since this step requires a reboot.From the l2mfix folder, double click l2mfix.bat
Select option #2 for Run Fix by typing 2 and then pressing enter.
Your desktop and icons will disappear as L2mfix scans/disinfects your computer.
When finished, you will be required to press any key to automatically reboot.
On the reboot notepad will open with a log. Copy/paste the contents of that log back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

If after the reboot the log does not open double click on it in the l2mfix folder to locate log.txt.

If you receive an error - \system32\Autoexec.nt is not suitable for running MS-Dos applications, you will need to visit this website to download additional files.

9 more replies
Relevance 65.6%

Hi, everyone -
 
I'm new here... and totally hoping someone can help me with this annoying problem!  
 
A family member managed to catch the Conduit search hijacker about two weeks ago.  Being an experienced computer user, I was tasked with removing it.  I followed the steps listed here: http://malwaretips.com/blogs/remove-conduit-search-virus/  and everything came up fine.  Conduit was removed.  I finished the procedure by running full scan with Avast! (free version).  Every single one of the removal tools advised it was removed. It wasn't showing up in the browsers either.
 
The following day, the virus/malware/hijacker was back.  So... I went through all the steps to remove it again.  The next day... it was back.  After doing this four times, yesterday I advised them to not go online - ANYWHERE - on that laptop... since I figured maybe a site they were frequenting was re-infecting them every day.  However, even after not going online anywhere yesterday, Conduit search was back this morning right after the computer was turned on.
 
Does anyone know why this thing keeps coming back?  Is there something else I should be doing?  Is there a better removal program I should be using?
 
The computer is an Acer Aspire 7741 with 6GB of RAM and running Windows 7 64 bit OS.
 
Thanks, y'all!

Answer:Conduit Search Malware Keeps Coming Back

I had the same problem.  Used http://malwaretips.com/blogs/remove-conduit-apps-search-and-toolbar/
  and then had to use it on Google, Firefox and IE to get it all.  Took some time and effort but that was 3 weeks ago and so far it's stayed gone.  Instructions are quite clear.   I didn't notice an uninstall specifically for Win 7 but I do hope it works for you.

4 more replies
Relevance 65.6%

I'm wondering if someone can help me. My computer is clearly doing things I don't want it. I clean it using Spybot and Ad Aware (& sometimes others) but the same things keep coming back. One malware that I recall is called Vundo. I have to believe it is in my registry - - can someone please help - - see attached HJT log (after Spybot and Ad Aware was run).
Thanks!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:00 AM, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\syste... Read more

Answer:Malware & other issues keep coming back - HJT log attached

Hi,

Download Deckard's System Scanner to your Desktop.

Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, a text file will open - main.txt.txt<<this one will be maximized and extra.txt <<this one will be minimized.
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt.txt in your next reply.
6. Please copy and paste the contents of main.txt and extra.txt to your post.

1 more replies
Relevance 65.6%

Hi bleeping computer. I'm having problems with my laptop. Whenever I turn on the internet, many trojans and links to sites download to my computer.I tried to fix the problem in am I infected, but we only got so far. A virus (Which I believe is causing this) Is responsible for redownloading stuff to my computer.This is the original topic I posted: http://www.bleepingcomputer.com/forums/t/244004/new-win32-virus-in-svchostexe-moved/Here's a HijackThis log, since DDS nor Rtis would work.DDS couldn't find a file called Cscript.exeRtis would just crash since it tried to write a value to a variable that did not exist.I had to use v1.99 of HijackThis since the newest one would be deleted every time I tried to install it.Here is the log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:00:07 AM, on 7/27/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exec:\Program Files... Read more

Answer:Malware keeps coming back when I turn on internet

Hello and welcome to Bleeping Computer.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I wouldbe grateful if you would note the following: Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
Copy and paste all logs requested in you reply, Do not attach them unless asked too.
If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
If I do not hear back from you within 5 days of my last post, then this topic will be closed.We need to scan for Rootkits with GMERPlease download GMER from one of the following locations, and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zip Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and c... Read more

5 more replies
Relevance 65.6%

Please help!!! I'm at a loss to keep vicious stuff off my computer after deleting it. Norton found W32.allim after my daughter clicked on Hey check this out! in AOL AIM. I think I got if off the computer because Norton doesn't find it anymore. However, I'm getting a dozen other things that I get off only to come back after restart such as Esyndicate, Aproposmedia, the stupid Hunt Bar constantly comes back, and upon restart, I get the message that C:/windows/system332/gmi4i9ir.exe is causing Runtime to terminate in an unusual way. I've run Microsoft Antispyware, Adaware, Xoftspy, Spybot Search & Destroy. It seems to be affecting my web browser--changing the URL home page and pop-ups are occurring. The following is my Hijackthis log file.

Logfile of HijackThis v1.99.1
Scan saved at 2:44:41 AM, on 5/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\msaccrt.exe
C:\WINDOWS\Sy... Read more

Answer:HELP!! virus/malware/adware keeps coming back!!

16 more replies
Relevance 65.6%

Hi,

I have an acer aspire 5670 running windows XP professional. I've had it for over 3 years now and never had 1 problem or one spyware...out of nowhere...its infected and I cant get it fixed. I have hijackthis, combofix, malwarebytes, spybot s&d, spywareblaser, superantispyware, atf cleaner, and antivir antivirus on my computer. Ive cleaned out the pc countless times, including deleting all cache and prefetch and temp data...ive cleared out all suspicious keys and paths in the registry. Also, there are multiple hidden objects on my computer (26 to be exact) that I cannot find, view or delete...but I did block them with the group policy editor. Everything I've done only seems to be a temporary fix.

There have been multiple issues with things such as antivirus pro 2007/2009, etc (other fake spyware programs). My google links or other search engine links are all redirected to other sites. After I clean the pc...it fixes the issue but only for a short while. Also, most of my processes in my task manager are UPPERCASE...after i clean the pc...again, they go back to lowercase but only for a short while. Ive deleted spyware with names such as svchast, and multiple other trojans. I'm pretty computer savvy and fix computers in my spare time....so I'm able to stop the issue, but it seems I cannot find the source of my problem and it just keeps coming back. I am going to include a log from hijackthis and anything you can do to help would be greatly appreciated... Read more

More replies
Relevance 65.6%

Basically what the topic says, they keep coming back even when the scan has happend.

Did a scan with MBAM and this is my recent log,

cheers

-----------------------------------------------------

Malwarebytes' Anti-Malware 1.35
Database version: 1945
Windows 5.1.2600 Service Pack 2

25/04/2009 6:02:00 PM
mbam-log-2009-04-25 (18-02-00).txt

Scan type: Quick Scan
Objects scanned: 69195
Time elapsed: 2 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 5
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\twext.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: system32\twext.exe -> Quarantined and d... Read more

Answer:Trojan/Malware/Backdoor bot keeps coming back

Hello, first I want to post a bit of advce about a Backdoo,bot IRC bot.. Mbam needs to be updated if we continue.One or more of the identified infections is a backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.Rerun MBAMOpen MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan.After scan click Remove Selected, Post n... Read more

6 more replies
Relevance 65.6%

Hello,
My computer is running Vista and has been infected with the "Windows Recovery" malware. The computer seized up for about 30 seconds before displaying the message "The system has detected a problem with one or more installed IDE / SATA hard disks. It is recommended that you restart the system."

At first I thought I had real hard drive problems and so restarted the computer. Nothing came back up - no icons ran, the background was wrong, I couldn't run anything. IN the end I started in safe mode and ran Windows System Restore to a point yesterday (13/05/11). The problem came back after half an hour so I googled the problem and found your guide to removing the virus using Malware bytes. I went through all the steps, including running unhide.exe and SPSI, but in the end there were still a few icons missing, such as the "show desktop" icon on the task bar, and the shortcut to my broadband connection. I thought maybe there were some problems remaining so I did another system restore to the earliest point, which was 10/05/11 (4 days ago). I then ran the malware program again and it found nothing so I thought I was in the clear. However after about half an hour the file "null.00...exe" appeared on the desktop and had started running in task manager. The computer seized up again. There was also a dodgy program in c:\programdata (sorry can't remember the name). I stopped both of there in task manager and re-ran the malware pr... Read more

Answer:Windows recovery malware keeps coming back

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

2 more replies
Relevance 65.6%

Hello,I have a malware problem that seems to get cleaned by malwarebytes but comes back I think after a restart. Here are a 2 logs from malwarebytes of stuff that was removed. ALSO dds report. I am unable to run malwarebytes or superantispyware without changing the programs .exe name. ThanksMalwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4707Windows 6.1.7600Internet Explorer 8.0.7600.163859/27/2010 7:32:39 PMmbam-log-2010-09-27 (19-32-39).txtScan type: Quick scanObjects scanned: 150425Time elapsed: 7 minute(s), 34 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\Windows\System32\spool\prtprocs\w32x86\xGM1g93a79.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully.C:\Windows\Temp\31g9iQ7w.sys (Rootkit.Agent) -> Quarantined and deleted successfully.C:\Windows\Temp\G931793.sys (Rootkit.Agent) -> Quarantined and deleted successfully.NEXT LOGMalwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4650Windows 6.1.7600Internet Explorer 8.0.7600.163859/27/2010 ... Read more

Answer:redirect malware keep coming back after restart

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

12 more replies
Relevance 65.6%

Hello all.I recently got rid of (most) of an Virtumondo infection off this system. Everything except for "Malware.Trace" (Ms Juan), I've run everything, but it reappears after its been "removed". The only other system still present is pop ups.My HijackThis Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:46:52, on 12/23/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\... Read more

Answer:Malware.Trace (MS Juan) Keeps coming back!

Hello FFg64,Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:O2 - BHO: (no name) - {1137f5fe-5815-41cf-a581-17a0948b9fbf} - (no file)O2 - BHO: (no name) - {20B3988A-7503-42F8-A5A2-022A309B83A4} - (no file)O2 - BHO: (no name) - {F352626F-9196-47B7-9424-A7EB6AE406C3} - (no file)O20 - Winlogon Notify: cbXRHbbX - C:\WINDOWS\Close all browsers and other windows except for HijackThis!, and click "Fix checked".Reboot your computer.Please download Malwarebytes' Anti-Malware from one of these places:http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlhttp://www.besttechie.net/mbam/mbam-setup.exeDouble Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy&Paste the en... Read more

4 more replies
Relevance 65.6%

This VBS:Malware [Gen] virus keeps showing up on my pc and I don't know where it's coming from or even if it's getting deleted in the first place. Normally I delete it, but this time I chose to send it to the "chest". How do I keep this from coming back?

Logfile of HijackThis v1.99.1
Scan saved at 9:49:50 PM, on 2/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Tray Tools\atitray.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Program Files\No-IP\DUC20.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Fil... Read more

Answer:VBS:Malware [Gen] virus keeps showing up. How do I keep if from coming back. w/HT log

7 more replies
Relevance 65.6%

Hey new to the site hope you can help. I have run malwarebytes countless times but to no success. Here is my log.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4673

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/24/2010 9:13:52 AM
mbam-log-2010-09-24 (09-13-52).txt

Scan type: Quick scan
Objects scanned: 119158
Time elapsed: 5 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{bce37e3b-1b23-65f1-40f9-b9049421c894} (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\program files\microsoft\desktoplayer.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe) Good: (userinit.ex... Read more

Answer:Malware and Trojan found and keeps coming back

Hello lets run a couple safe mode tools and see. You did reboot normally after that scan?Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser click that browser at... Read more

13 more replies
Relevance 65.6%

Hi.
I have read and done the suggestions in the Readme sticky, and while it removes the Spyware, each time I restart my pc and connect to the internet it reappears again.

Ad-aware detects two types. 'DyFuCA' and 'istbar'

When it removes them a message saying
'CrogramFiles\istsvc\istsvc.exe is in use and cannot be removed' and to run ad-aware on start up to remove it.

Microsoft AntiSpyware detects two types called 'IST.ISTbar (browserModifier),
and 'Trojan.Downloader.TargetSavers'

Can someone please help!
 

Answer:Malware/Spyware keep coming back after restart.

If you are using an OS that has System Restore then turn it off > reboot > then follow removal instructions.

If after reboot you are clear of any spyware then turn back on System Restore.
 

13 more replies
Relevance 64.78%

Hi - having serious trouble removing the below. No scans on anything I've tried yet have worked. They issue stops if I delete the extension in Chrome, however returns once I restart the browser

NextCoup 1.0
NexxtCOup 1.0
Vaauduixx 1.3
VdxCouponApp 3.18
 

Answer:Malware Extensions on Google Chrome - Keep coming back

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

9 more replies
Relevance 64.78%

I know this problem has been posted before (EX: techguy.org/1032793), but I'm not seeing a sufficient answer for it as it pertains to me. So this is me posting on behalf of myself.

I did all the suggestions from BleepingComputer.com... it fixes the problem for a couple days, but then it comes back which makes me think it's not been completely removed properly in the first place. I do not use Limewire or Kazaa. I try to be responsible and only download things from reputable sources. I am not seeing a pattern in my behavior as it relates to this virus. I normally don't get viruses, and the handful of malware is usually taken care of by Spybot. I don't usually have these problems, let alone have one that can't be easily fixed.

Is this a virus or is it malware or both or what?
Where does it come from to begin with?
Why does it keep coming back?

Maybe if I understood it better I could prevent getting it again.
Please help, this one is driving me crazy!
____________________________________________

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista&#8482; Home Premium, Service Pack 2, 64 bit
Processor: Intel(R) Core(TM)2 Duo CPU T9300 @ 2.50GHz, Intel64 Family 6 Model 23 Stepping 6
Processor Count: 2
RAM: 6141 Mb
Graphics Card: NVIDIA GeForce 8800M GTX
Hard Drives: C: Total - 464051 MB, Free - 213353 MB; D: Total - 10239 MB, Free - 1440 MB;
Motherboard: Dell Inc., 0KX412
Antivirus: avast! Antivirus, Updated ... Read more

More replies
Relevance 64.78%

If anybody can help and advice with a solution on removing malware from my windows xp sp3 machine

Symptoms what i had are:

System restore unable to use ( greyed out) - but managed to fix by importing registry keys
Unable to enter safe mode ( keep restarting machine ) - managed to fix by importing safeboot registry keys
On login getting error with generic host process for win32 services
System unstable after couple minutes and need to restart machine
MSN mesenger starting even if it not directed to do so
Disabled Symantec Endpoint Protection and cannot open it
Unable to unhide hidden files and folders , same with system protected files ( actually you can unhide it but in couple seconds it hides files again)
It easily infects usb drives how i noticed same problems on other computer that i used my usb drive after i used it on this one.

Anyway , i started a removal process with avast, malwarebytes and spyhunter

avast found a file in windows\system32\wmxperw.exe , it marked it as a rootkit and removed it.
in some time the file came back but was coming back also in other forms.. as :
wmxperc.exe
wmxperl.exe
wmxperd.exe
qxzv5.exe
qxzv8.exe

I have found traces of that in plenty registry keys as well

Finally i bought Prevx 3.0 how it was the only page while i was googleing that came up with definitions about those files

I made a scan and it seemed like it managed to remove it

After that i made a scan with avast again and then he start to find more malwares
... Read more

Answer:cannot completely remove malware, qxzv5.exe still coming back

You have a rootkit and you are going to need specialized helpPlease read the pinned topic titled "Preparation Guide For Use Before Posting A DDS / HJT Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.When you have done that, post your log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Removal Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the Malware Response Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.The MR team is very busy and it will take awhile to get to your postPlease be patient and good luck

3 more replies
Relevance 64.78%

been at this a few days i could'nt find any thing that works
Spybot keeps coming up the Win32.agent.pz
MalwareBytes comes up with Malware.trace,
Both come back the second i do anything internety.
I have ulso use used ad-aware and SDfix And have Combofix logs. All are fully updated.
I had Virtumonde but cleared
dss log:
DDS (Ver_09-05-14.01) - NTFSx86
Run by mike at 10:32:34.68 on 01/06/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.995 [GMT 1:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwd... Read more

Answer:Win32.agent.pz/Malware.trace keep coming back

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 64.78%

It first happened randomly when I went on my PC that day. Is very annoying because all types of adds pop up on the sides of my screen, and whenever i try to bare those, it opens new tabs of adds whenever i click on the screen. I performed many scans with different software but it keeps coming back after a day or so. I attached scan logs for AdwCleaner (my first ever scan log and my last one - which I performed just before doing this post) and for FRST.
 

Answer:Google Chrome - Addware/Malware Keeps Coming Back

This topic will be closed due to presence of pirated content.

Piracy policy
 

1 more replies
Relevance 64.78%

i got a new pc with windows 7 , after i restore most of my apps/files , i downloaded malwarebyte . and it detected few items , but they keep on cominging back .
i tried to turn windows firewall on ,, but for some reason it wont let me open that option .(nothing happen when you click at "windows firewall"
thank you for trying to help
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by petro at 20:18:43 on 2011-09-09
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3313.2135 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1... Read more

Answer:infected ,malware bite cant stop it from coming back

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

20 more replies
Relevance 64.78%

I am a desktop tech at a municipality. I have 2 pc's out of 1200+ that are infected with the same virus/malware.

It disables regedit....takes away the 'manage' option when right clickin on my computer and restricts .cpl files causing add/remove programs to disappear. I can get all of these things back by going into gpedit.msc and reenabling regedit and then going into the registry and deleting the offending keys, but it comes back on the next reboot. Please help. I don't want to reimage these pc's if I don't have to.

Malwarebytes' Anti-Malware 1.39
Database version: 2435
Windows 5.1.2600 Service Pack 2

7/15/2009 2:50:39 PM
mbam-log-2009-07-15 (14-50-34).txt

Scan type: Quick Scan
Objects scanned: 104482
Time elapsed: 3 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl\1 (Malware.Trace) -> No action taken.

Re... Read more

Answer:malwarebytes finds malware/virus but it keeps coming back

Hello usualsuspect and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the... Read more

2 more replies
Relevance 64.78%

Hello folks at BleepingComputer, first of all I want to say awesome website, keep up the good work. Now let's get to the problem at hand.A couple of days ago I got infected by a malware program called Windows Police Pro. I googled for a bit and found your site. I got MBAM and I managed to root it out of my system. Surprisingly, the day after, I got infected by another malware program which seems to be related, Security Tool. I followed the removal instructions for Security Tool, and also managed to root it out, but know it keeps coming back every morning. I've been infected for three days now, and it seems you guys are my only hope now.I thank you in advance for reading and caring about this issue On to the reports now...DDS LogDDS (Ver_09-10-13.01) - NTFSx86 Run by Mi PC at 9:01:10,09 on 22/10/2009Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05Microsoft Windows XP Professional 5.1.2600.2.1252.34.3082.18.1022.390 [GMT -3:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Archivos de programa\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\Archivos de programa\TortoiseSVN\bin\TSVNCache.exeC:\Archivos de programa\Java\jre1.6.0_05\bin ... Read more

Answer:Security Tool malware coming back every time

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

2 more replies
Relevance 64.78%

Somehow 'free ride games' was downloaded onto my laptop and ever since my browser has been extremely slow and I keep getting pop ups. I tried using revo uninstaller, it said it deleted all the components of it but when i restarted my computer free ride games was still on and my browser still slow with pop ups. I then downloaded malware bytes free and it said that it took care of the problem, i restarted my computer and free ride games in still on it. What do I do? Also tried to restore my laptop to the earliest date it would let me (30 days ago) but I guess free ride games has been on my laptop longer than 30 days.

Answer:Free ride games malware keeps coming back

Hello and Welcome on board stephtrudeau ,my Name is Machiavelli and I will assist you with your problem.If you booted into safe mode on your computer then print my instructions!I'm in the 'Malware Staff Team' and will provide you with advice:To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.Below are a few tips:Removing Malware is usually very difficult.We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!Please follow these instructionsIf you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!Please stay in contact with me until your problem is resolvedAs Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.Please don't run any other tools without consulting with me as this can complicate finding and removing all MalwareDon't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!Read my post completelyIf you don't do so, you may make mistakes that could result in your System crashin... Read more

14 more replies
Relevance 64.78%

Seems like I am infected with some sort of malware, I've gone as far as I can alone, and I'm no expert with computers. Reformated my system after initial crash now still infected (or more likely reinfected), keeps making my system attempt to connect to 206.161.121.2,3,4,5 etc. , my research so far yields this is not a new problem in the virusphere, though no one seems to be saying anything more about it other than that they have the infection. Start ups and restarts often very buggy and crash a significant number of times, though when running mbam it just restarts to remove it and it comes right back after restart. mbam has gotten it down to one trojan and its memory process each time, though they come right back. Anyway I can be helped would be wonderful, thanks. Windows 7 OS. If I see any more crash logs, I'll try to catch the errors and add them in.

Answer:malware problem, rootkit? Trojan keeps coming back.

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here

9 more replies
Relevance 64.78%

I've been cleaning up my PC (Windows XP) for the last couple of days but no matter what I try the problem comes back.

Here's the history and what i've tried so far:

The PC was infected with Spyware Guard 2008 (tell you you have a virus and need their virus remover yada yada yada) and I was able to remove it and restore some normality using Malwarebytes Anti-Malware 1.31

However when I was cleaning up the system there is a file that MAM finds but it cannot remove:

c:\windows\system2\dxmhqx.dll

It says that it will clean up during reboot but whe I reboot the file is still there.

If I tried to delete the file manually I get a cannot delete access denied message so I downloaded Unlocker 1.8.7 so I could unlock the file (it was associated to svchost.exe and also other times to winlogon.exe). I was able to unlock the file and then delete

Now I had to go to the registry to remove the entry in there but low and behold everytime I remove the entry it comes up again so this time I got Process Explorer so I could suspend all the instances of svchost.exe. Suspending the processes allows me to remove the entry from the registry and it doesn't come back.

Then I ran MAM and Spybot and everything comes back clean but after I reboot dxmhqx dll and its registry entry come back.
I have done this several times and i always end up on the same spot, one thing worth noting is that if I disconnect my internet connection cable and do the above steps I can clean the syst... Read more

Answer:Please Help: Malware dll and registry entries keep coming back after deletion

Hey guys,

Just bumping to see if anyone has any ideas.

Thanks
 

2 more replies
Relevance 64.78%

Fellow members,
 
These two extensions NextCoup & GGoSave keep coming back in my Chrome browser after I restart the browser. Even after having deleted these extensions manually in chrome's extension options, they keep reappearing.
These broswer extensions manifest through annoying popups and links on all my tabs that are not supposed to be there, until I manually shut it down in chrome again.
In windows explorer I cannot manage to get rid of these annoying add-ons too.
Hence, could someone please assist me in the process of cleaning this stupidly self-caused mess?
 
Somehow I could not manage to open dds.com as it kept stating "DDS is not meant to run in Compatibility Mode." I did not specifically chose to run it this way, and I tried opening it as an administrator, which didnt work either.
So hereby I include my report of FRST.txt and attached is the addition.txt
 
Thank you for considering my issue.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-10-2014 02
Ran by Maxiboek (administrator) on MAXIME on 16-10-2014 12:13:56
Running from C:\Users\Maxiboek\Desktop
Loaded Profile: Maxiboek (Available profiles: Maxiboek)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================... Read more

Answer:NextCoup & GGOSave browser malware keeps coming back. Help me please!

Hello emphatic,my name is Jo and I will help you with your computer problems.Please follow these guidelines:Logs can take a while to research, so please be patient.Read and follow the instructions in the sequence they are posted.print or copy & save instructions.back up all your private data / important files on another (external) drive before using our tools.Do not install / uninstall any applications, unless otherwise instructed.Use only that tools you have been instructed to use.Copy and Paste the log files inside your post, unless otherwise instructed.Ask for clarification, if you have any questions. Stay with this topic til you get the all clean post.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.***Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.Vista / Windows 7/8 users right-click and select Run As Administrator.A Notepad document should open automatically called checkup.txt; please post the contents of that document.***Please download Malwarebytes Anti-Rootkit and save it to your desktop.Be sure to print out and follow the instructions provided on that same page.Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.Scan your system for malwareWith some infections, you may see two messages boxes.'Cou... Read more

6 more replies
Relevance 64.78%

I obviously have malware because Kaspersky keeps finding it and deleting it but it keeps coming back.  I'm not sure what else I might have.  This has been going on for a week or two.  In case this helps, here is the location of the files that Kaspersky keeps deleting:
 
c:\users\j\appdata\local\microsoft\windows\temporary internet files\content.ie5\hur2zkla\protectupdater20151102[1].exe
 
c:\users\j\appdata\local\microsoft\windows\temporary internet files\content.ie5\hur2zkla\protectupdater20151102[1].exe//data0001
 
c:\users\j\appdata\local\temp\file_to_run551193.exe
 
c:\users\j\appdata\local\temp\file_to_run551193.exe//data0001
 
c:\users\j\appdata\local\temp\file_to_run5579.exe
 
c:\users\j\appdata\local\temp\file_to_run5579.exe//data0001
 
In the past few weeks there are over 100 of these files that Kaspersky deleted.  They all start like the first four above but the numbers are different.
 
Also, two files just showed up in my downloads folder that I didn't put there and my computer won't let me delete them.
 
downloads\webscr
 
downloads\i
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-11-2015
Ran by J (administrator) on MOMHPLAPTOP (17-11-2015 15:20:44)
Running from C:\Users\J\Downloads
Loaded Profiles: J (Available Profiles: J & Kids)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mod... Read more

Answer:Kaspersky is telling me I have malware & trojan. It keeps coming back

Hi & to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.
Before we move on, please read the following points carefully:
My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
If I don't reply within 24 hours please PM me!
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1
Please download TDSSiller and save it to your Desktop.
Start tdsskiller.exe with ... Read more

21 more replies
Relevance 64.78%

Hi,

When I started getting popups a few days back I ran a scan using Spybot. It detected Smitfraud-C.Toolbar888 and was able to remove it successfully. Also, AVG Anti-Spyware detected Adware.Virtumonde and deleted it. Even then the popups wouldn't stop so I scanned again using Spybot & it found the same malware again!! AVG also detects the same adware after every system startup. This is really frustating!! Please help!

Here's my HJT log:
----------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 5:32:52 PM, on 5/23/2007
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\xampp\apache\bin\apache.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\xampp\apache\bin\apache.exe
D:\WINDOWS\Explorer.EXE
D:\xampp\mysql\bin\mysqld-nt.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\SYMANT~1\VPTray.exe
D:\Program Files\Java\jre1.6.0\bin... Read more

Answer:Solved: Malware (Smitfraud-C.Toolbar888) keeps coming back

14 more replies
Relevance 64.78%

If anybody can help and advice with a solution on removing malware from my windows xp sp3 machineSymptoms what i had are:System restore unable to use ( greyed out) - but managed to fix by importing registry keysUnable to enter safe mode ( keep restarting machine ) - managed to fix by importing safeboot registry keysOn login getting error with generic host process for win32 servicesSystem unstable after couple minutes and need to restart machineMSN mesenger starting even if it not directed to do soDisabled Symantec Endpoint Protection and cannot open itUnable to unhide hidden files and folders , same with system protected files ( actually you can unhide it but in couple seconds it hides files again)It easily infects usb drives how i noticed same problems on other computer that i used my usb drive after i used it on this one.Anyway , i started a removal process with avast, malwarebytes and spyhunteravast found a file in windows\system32\wmxperw.exe , it marked it as a rootkit and removed it.in some time the file came back but was coming back also in other forms.. as :wmxperc.exewmxperl.exewmxperd.exeqxzv5.exeqxzv8.exeI have found traces of that in plenty registry keys as wellFinally i bought Prevx 3.0 how it was the only page while i was googleing that came up with definitions about those filesI made a scan and it seemed like it managed to remove itAfter that i made a scan with avast again and then he start to find more malwaresWin32:wmit-cWin32:Zbot-MQOWin32:Rootkit-... Read more

Answer:cannot completely remove malware, qxzv5.exe still coming back

Is there now solution for this or everybody is busy? How i heard first exact symptoms where noticed middle of January 2010 and I tried everything, also with PC Tools - Alternate Operating System Scanner and Kaspersky Rescue Disk. Gmer i managed to run only first time when it discovered a rootkit. After that whenever i want to run it, it gives me error, even when renaming file. Looks for me that the only solution will be format c: and fresh install Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our Malware Removal Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal coul... Read more

4 more replies
Relevance 64.37%

Can someone please take a look at my logfile and see if you see anything funky. I have run malwarebytes and spybot and cleared out things. but virus keeps coming back:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:04:31 PM, on 1/12/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\AOL\1252339344\ee\AOLSoftware.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Fi... Read more

More replies
Relevance 64.37%

Hi, everytime I start my computer I have to constantly run Ad-aware to get rid of stuff that somehow keeps reinstalling itself. Can someone please help me. Here's the Hijack this log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:09:20 PM, on 10/15/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\E_S00RP1.EXEC:\Program Files\iPod Access for Windows\iPAHelper.exeC:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\s... Read more

Answer:Spyware/malware Keeps Coming Back Everytime I Reconnect To The Internet

What keeps coming back? I do not see anything wrong here.

3 more replies
Relevance 64.37%

I have run several scanners (MalwareBytes, SAS, rkill, Sophos A/V and A/R, Rootkit Repeal, GMER, TDSS Killer, etc). Originally I found and removed some problems, mainly via MBAM. All scans come back clean now but I know something is on here because of some weird behavior. I can't install direct X, it fails with an error stating that the cabinet files are corrupt. Everytime I start IE it says that it is not the default browser. One of the scanners (I think CatchMe) came back saying that the C: drive was not present.

Other than that it is running well. I don't see any browser or search redirects. It doesn't seem to be bogged down. I ran system file checker and it just goes away eventually, I don't get a message that it did or did not repair any files.

There are some weird things in the GMER log, but I don't know what they mean. I included that below as ark.txt

Hopefully you guys can help.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Garrett at 15:49:09 on 2012-04-28
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.509 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple ... Read more

Answer:unknown rootkit/malware, scans keep coming back clean

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Everytime I start IE it says that it is not the default browser.Go to Menu Tools > Internet Options > Programs tab.Change the settings under "Default Browser" ===Please download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not b... Read more

16 more replies
Relevance 63.55%

So I got infected and I already scanned with Malwarebytes but it still comes back when I turn on my pc again. I also have multiple conhost.exe and csrss.exe processes going on at once I don't that's normal.it also messes up my Google Chrome and some of my other shortcut, when ever I try to open them the name is showed backwards. I don't know what to do, it shows that I have 0 threats but I clearly dont. Please help

Answer:Malware keeps coming back moments after removal and multiple suspicious processe

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the LogFile button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleanerCx.txt (x is a number).===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first ti... Read more

0 more replies
Relevance 62.32%

Almost a week ago, would make my laptop lag to an extreme, display redirect to onclickads every time when clicking on random parts of a webpage

Now it only occurs occasionally when I click on a part of a webpage, it redirects me to "onclickads.net"
Does not appear in chrome extensions or are there any suspicious programs found in the uninstall programs section in the control panel. Seems to reappear in mainly the secure preferences/default section in the google Chrome folder. Malwarebytes does not detect anything, only Zemana and Adwcleaner does. Every time I select to erase all malware, it reappears the next time I reboot my laptop.

I have tried reinstalling Chrome several times
I have tried deleting all the sync data on my google chrome account
I have tried making a new user profile on Chrome
I have tried Malwarebytes and it detects nothing
I have tried Zenama/Adware cleaner to detect it and delete it over and over again
I have checked my DNS router to make sure it is the correct IP
I have tried renaming the default folder in Chrome to "Backup Default" to start a new one

Included is the latest FRST log and an Adwcleaner scan result log (just scan, not after cleaned result log)
 

Answer:Click on webpage occasional leads to redirect to Onclickads malware keeps coming back no matter what

Hello,
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Make sure that Addition.txt option is checked.

Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please attach report into your next reply.
 

3 more replies
Relevance 55.35%

I've been having a a problem with the back left corner hinge since October of last year I poisted to another board about this problem hving been told that this issue would be passed onto support in my region. I'm currious as to weather I'll hear from these people in this lifetime or the next. I enjoy my Laptop and would like to continue using it but as time goes on it keeps seperating more and more and I have to snap it back into place to keep in together. I'm hoping to actually hear back from someone this time that will be able to help me in fixing this issue.

Answer:Back Corner coming from the back left side by the hinge

@jmb1313

 

I have brought your issue to the attention of an appropriate team within HP. They will likely request information from you in order to look up your case details or product serial number. Please look for a private message from an identified HP contact. Additionally, keep in mind not to publicly post personal information (serial numbers and case details).

If you are unfamiliar with how the Forum's private message capability works, you can learn about that here.

Thank you for visiting the HP Support Forum.

1 more replies
Relevance 53.71%

I already posted in How to remove Windows 10 upgrade updates in Windows 7 and 8
In this thread after the starting post from Tookeri other updates that had to be deleted were mentioned. I made a list in post 841
I did not have all these updates on the pc but those that were on it I hid.
Some of them came back and I hid them again.
Now today they are back - with some that I had not seen before.

I made an attachment that shows them and also shows that I hid them again

Will I have to check Windows Update for the rest of my live?????

More replies
Relevance 52.89%

Hello,
I have a problem ,which ive tried to fix serveral times but it keeps coming back.
This virus is located in Systems 32 folder, Pc Cilling 2005 identified it as TROJ_ROOTKIN.N . Ive gone
to safe mode, deleted it, returned to windows and the virus reapeared, wats more it clogs up Pc Cillin, so now under quarantine i have 100+ instances of this virus, and its increasing.
The virus is labelled hpr34k8

Im sure my Hijack Log is fairly clean... -------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:27:53 PM, on 14/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin... Read more

Answer:Virus that keeps coming back and back and back, so on

bump, hopefully someone takes notice

19 more replies
Relevance 49.2%

Greetings everyone I need some help.

First off... I have followed all the proceedures listed on the READ ME thread that is asked and I STILL AM HAVING ISSUES.

I have Ad-Aware SE and with the VX add.

I have HiJackThis v1.99 and have followed the steps on that thread as well.

Here is the problem:

I run Ad-Aware everytime I log on, and even in safe mode. It finds beween 8 and 60 items. Mostly Malware and DataMiners. Then once I fix those I rescan and it comes up clean. However, I am still getting pop-ups, I have EnhanceMySearch, and when I log off and log back in... and re-run Ad-Aware I still have 8-60 items that show up and the same problem persists.

Can anyone help and point me in the right direction? It is a major annoyance. THANKS TO EVERYONE IN ADVANCE!!
 

Answer:It all just keeps coming back

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT
 

11 more replies
Relevance 49.2%

This is my second attempt at help. I failed my first time and after reading the preparation guide here I am. I tried fixing it myself and loading MBAM and it says I have an infected regestry value, (Trojan.Agent) When I run the MBAM it says my computer must reboot to fix. It does, but then I have the same infection. I am confused, frustrated, and not really sure now what I am doing. Thankfully there are those here that can help...I am humbled.

Here is my DDS.txt
DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 16:10:46.34 on Tue 03/31/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.186 [GMT -4:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
C:\WINNT\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINNT\system32\ezSP_Px.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINNT ... Read more

Answer:Not sure what I have...but it keeps coming back

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

2 more replies
Relevance 49.2%
Question: Keeps Coming Back

Can someone please help me with this problem? All my AV programs detect a virus running in my system, but whenver I have it removed, it keeps coming back How can I stop this???


HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:13 AM, on 8/25/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\csrcs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.... Read more

Answer:Keeps Coming Back

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

---------------------------------------------------------------------------------------------

If you still require assistance with this issue, please do this:
Download RSIT by random/random and save it to your desktop.
Double click RSIT.exe to start the tool and click Continue at the disclaimer.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt here.
Please attach info.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\rsit\info.txt

Click Upload.

---------------------------------------------------------------------------------------------

2 more replies
Relevance 49.2%

I can't get rid of this crap - I've ran everything on here that people say. I have SAV installed and up to date, I have SpywareGuard installed, I have ran HJT, I've ran Ewido software, nothing can get rid of this - Everytime I clean everything while in Safe mode and reboot, Spywareguard immediately starts popups saying a BHO has been added (suchs as C:\WINDOWS\system32\wvuvspq.dll) - I click remove BHO, and it comes back over and over...

Someone please help - this has totally destroyed my computer...
 

Answer:Someone please help - These BHO's keep coming back!!

Closing duplicate thread. Please continue to reply here: http://forums.techguy.org/malware-removal-hijackthis-logs/648572-please-help-my-hijackthis-log.html
 

1 more replies
Relevance 49.2%

I have a problem with pop-up ads that keep on appearing randomly on my computer. I tried using adaware which picked up a lot of them, but they keep coming back later.

Hijack this log (Created with Hijack-this Analyzer)

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Fil... Read more

Answer:Pop-Ups that keep coming back

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.

4 more replies
Relevance 49.2%
Question: keeps coming back

I keep running scans and it cleans the computer sometimes. I will encounter xp antispyware 2009 and 2008 telling me that my computer is infected. It posts a permanent box on my desktop saying infected and keeps popping up at bottom right by time clock saying infected. I will run anti malwarebytes and it will clean it only if i do quick scan. But then i will run full scan and it freezes so i know it is still infected. And sure enough a few days later it is all back. Please help. I also run cc cleaner and norton but norton freezes too. I have also tried in safemode but still freezes. Thanks Any and all help is greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:56:21 PM, on 10/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Inte... Read more

Answer:keeps coming back

bump
 

2 more replies
Relevance 49.2%
Question: Keeps coming back!

I thought I wiped it off already but it's back AGAIN! And my SpyBot S&D is missing all sorts of components so it's not working right and it's the only one that has found any. The Microsoft one found one and deleted it but SpyBot found 16 but only deleted 2 before running into problems. EliteBar is back also. Help again!
 

Answer:Keeps coming back!

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus RemovalMake sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
After doing ALL of the above you still have a problem:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
 

3 more replies
Relevance 49.2%

I am having trouble getting rid of this BHO object.Everytime I manage to remove the dll and the BHO registry entry it comes back under a different name.I have run Spybot, AdAware and Trend Micro AV.Any help would be appreciated.Logfile of HijackThis v1.99.1Scan saved at 3:17:14 PM, on 04/16/07Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exeC:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exeC:\WINDOWS\system32\fxssvc.exeC:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exeC:\WINDOWS\TEMP\EWE594.EXEC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files ... Read more

Answer:Bho Keeps Coming Back

Hello EBurritt, I am SifuMike and I will be helping you. Disable your antivirus program and go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan". Please be patient, as this scan may take a few hours. It all depends on the number of files on your computer. When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post the BitDefender log.******************Download ATF (Atribune Temp File) Cleaner? by Atribune DO NOT run it yet. Download and install AVG Anti-Spyware 7.5 (formerly Ewido) This is a 30 day trial of the programAVG Anti-Spyware is designed to be used to both scan for and remove malicious files and also to run in real-time alongside, but not replace, your existing anti-virus program to give an added layer of protection.Both the Resident Shield and Automatic Updates will only be available for the thirty day trial period, after that AVG Anti-Spyware will revert to a stand-alone scanner which you can keep and manually update for free and use in a similar way to Ad-Aware SE Personal, Spybot S&D etc.1. After download, double click on the file to launch the... Read more

11 more replies
Relevance 49.2%
Question: Keeps coming back

Ok guys not sure what I keep missing but the 020 line keeps coming back and changing it name.

I have ran CWS, ewido, Killbox ( and delete after reboot) VirtumundoBegone
Logfile of HijackThis v1.99.1
Scan saved at 11:25:30 AM, on 1/22/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hijack This\TrojanHunter 4.2\THGuard.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDae... Read more

Answer:Keeps coming back

10 more replies
Relevance 49.2%

Here is my dilemna:

I've run Kazaabegone, CWShredder, Spybot and Adware with new updates and reboots in between. I've run Hijack This and removed what I knew to be suspicious files in safe mode. But one:

O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net

keeps reappearing on the HJT log after rebooting. I know I'm missing something; just don't know what.

Here is the entire log:

Logfile of HijackThis v1.97.7
Scan saved at 8:04:28 PM, on 2/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\EarthLink 5.0\Con... Read more

Answer:New.net keeps coming back

6 more replies
Relevance 49.2%
Question: Back coming off?

My Lumia 640 is quite new and the back plastic panel writing logo is coming off the Microsoft logo has come off and some letters are coming away?
Is this normal?

More replies
Relevance 49.2%

Hello
For many years a succeeded in keeping my computers safe - then, not even a month ago, something surfaced. A Virut thing after I visited an insecure site.
If this can help, a few days before I had for the first time in my pc life installed a downloader program called Flashget-
Well I tried at first to clean up with Spybot and Spyware Doctor (who had not by the way intercepted the hostile item). But the machine had still a strange behaviour so I downloaded some Linux based Rescue CD .iso files (Kaspersky, BitDefender, WebDoctor), burned the CDs and went on scanning without Windows. Those found a wealth of infections by Trojans as well as by the Virut thing, so I kept cleaning and cleaning (desinfecting and/or deleting that is) until nothing more was found.
I then restarted Windows, uninstalled Flashget and installed Avast antivirus. Unfortunately when using my browser I started to get redirected to a "stolnik.net" whatever search I did. Plus Avast began to show infections spreading in the system by a "W32.Vitro" virus. So I tried again with the rescue CDs - Kaspersky found a couple issues but nothing else - and Avast still claiming I have the W32.Vitro everywhere.
At this point I used the VirutCF removal tool by Norton, but to no avail - there is no Virut infection in the machine.
I was beginning to get nervous so I downloaded the Combofix tool, disabled all and every anti-virus and -spyware - as requested - and tried to start Combofix: nothing happens... Read more

Answer:They keep coming back

If you truley have Virut the only real alternative is to do a complete wipe and reinstall. See boopme's post here:http://www.bleepingcomputer.com/forums/ind...t&p=1260380That will help you determine if you have virut, and if you do, what you need to do.

13 more replies
Relevance 49.2%

Hi everyone,

i had this fake FBI Virus on a laptop couple days ago, it would not let the windows to boot, not even in safe mode. i got it to clean with kaspersky boot disc, and also scanned it with avg, malwarebytes, avast. send it back to customer, same night he called me saying avast kept picking up something but was not able to remove it! so i picked it up again the next day, scanned with avg & malwarebytes seemed to be cleaned up again, nothing was picking up any viruses. but guess what? this morning i have a text from a custoemr, saying he was locked up out of screen and he was able to get into it, but now avg is picking up something again!!! i asked him if he uses usb drive or external or anything but he said he did not use any of those! PLEASE HELP WITH REMOVAL OF THIS!!!!

Answer:It keeps coming back!!!!

Hello sapikest,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Before we start, please note:

Please be advised that this free service is typically for home users. We'll help you out this time, but in the future if you are unable to clean a machine via standard methods, then either backup the client's data and rein... Read more

2 more replies
Relevance 49.2%

I have a PC i believe is infected.
i have run Combofix, it appears to find something and reboot but i am unable to tell by the log what it found.
i think it is still infected because if i run CF again, it says it needs to reboot to continue.
 ComboFix.txt   29.88KB
  5 downloads
 ComboFix2.txt   30.15KB
  3 downloads
 ComboFix3.txt   26.11KB
  2 downloads
 ComboFix4.txt   29.75KB
  3 downloads

Answer:it keeps coming back

Hello cgtrott, I will be handling your log to help you get cleaned up. I apologize for the delay but the forum is very busy and as you can see the logs we ask for are very extensive and take a lot of time to investigate. Please subscribe to this topic. Click on the Watch Topic button, select Immediate Notification and click on proceed.Make sure Word Wrap in notepad is turned off. When copying and pasting logs paste them directly in the reply box only attach logs if asked to. Do not wrap logs in codebox or code tags. It makes it very difficult to read and analyze them. Please paste them directly into the reply box. Do not make any changes to your system until we are through. Fixes are based upon information that is current from your system so any changes can affect our strategy. Please refrain from running any tools we may use without specific instructions.If your operating system is Windows Vista or Windows 7 it may be necessary to right click then choose Run as Administrator any programs we use.Before we begin please check and follow the instructions on How to Show Hidden Files and Folders in Windows Vista and Windows XP and How to show hidden files in Windows 7Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.Please read carefully all directions and instructions. If you are instructed to save a tool to the desktop please save it to the desktop. If you have since resolved the original problem you were ha... Read more

2 more replies
Relevance 49.2%

I think I may have finally scrubbed enough to keep the dll (IeBHOs.dll) from re-appearing, but the E2G folder keeps recreating itself. Any suggestions?

It's a friends system and had Norton on it. I installed NOD32 and PC Tools Spyware Doctor. Then read a few threads and ran HJT a few times and made some deletions that "may" have helped. I know that I managed to get rid of the TrojanDownLoader-AC2 but this E2G is stubborn.

Also ran SpySweeper many times in safe mode and in non-safe mode. Disables Spyware Doctor from auto load with windows as it seemed to be interefering with the Spy Sweeper scan.

Here's the latest HJT log:

Thanks in advance for any suggestions!

Charlie

Logfile of HijackThis v1.99.1
Scan saved at 6:51:15 PM, on 4/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EX... Read more

Answer:E2G keeps coming back

Three threads are not needed for the same problem.
 

2 more replies
Relevance 49.2%

I think I may have finally scrubbed enough to keep the dll (IeBHOs.dll) from re-appearing, but the E2G folder keeps recreating itself. Any suggestions?

It's a friends system and had Norton on it. I installed NOD32 and PC Tools Spyware Doctor. Then read a few threads and ran HJT a few times and made some deletions that "may" have helped. I know that I managed to get rid of the TrojanDownLoader-AC2 but this E2G is stubborn.

Also ran SpySweeper many times in safe mode and in non-safe mode. Disabled Spyware Doctor from auto load with windows as it seemed to be interefering with the Spy Sweeper scan.

Here's the latest HJT log:

Thanks in advance for any suggestions!

Charlie

Logfile of HijackThis v1.99.1
Scan saved at 6:51:15 PM, on 4/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EX... Read more

Answer:E2G keeps coming back

Thread closed, please do not post duplicates!
Continue here: http://forums.techguy.org/security/460316-e2g-keeps-coming-back.html
 

1 more replies
Relevance 49.2%

I think I may have finally scrubbed enough to keep the dll (IeBHOs.dll) from re-appearing, but the E2G folder keeps recreating itself. Any suggestions?

It's a friends system and had Norton on it. I installed NOD32 and PC Tools Spyware Doctor. Then read a few threads and ran HJT a few times and made some deletions that "may" have helped. I know that I managed to get rid of the TrojanDownLoader-AC2 but this E2G is stubborn.

Also ran SpySweeper many times in safe mode and in non-safe mode. Disables Spyware Doctor from auto load with windows as it seemed to be interefering with the Spy Sweeper scan.

Here's the latest HJT log:

Thanks in advance for any suggestions!

Charlie

Logfile of HijackThis v1.99.1
Scan saved at 6:51:15 PM, on 4/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EX... Read more

Answer:E2G keeps coming back

16 more replies
Relevance 49.2%

Hello, after removing numerous malwares, str.sys keep coming back even though i removed it several times.Here's the log, thanks for your help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:22:19 PM, on 7/16/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Toshiba\Utilities\KeNotify.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Symantec AntiVirus\VPTray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Synaptics\SynTP\SynToshiba.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exeC:\Program Files\Symantec AntiVirus\DoScan.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program... Read more

Answer:Str.sys keep coming back, help!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 49.2%

2 nights ago i was surfing the next and i starting getting reports such as :

Windows has detected spyware infection!
It is recomended to use special antispyware tools to prevent data loss. Windows will now download and install the most up-to-date antispyware for you
Click here to protect your computer from spyware!

and

Warning! Potential Spyware Operation!
Your computer is making unauthorized copies of your system and
Internet files. Run full scan now to pervent any unathorised access
to your files! Click here to download spyware remover ...

i started getting a lot of popups trying to send me to a site calling cookingluck (f3.cookingluck.com, f5.cookingluck.com, f7.cookingluck.com,
f9.cookingluck.com) i close them before they can finish loading.

Now i didnt do the smartest thing and i downloaded one of the "anti-spyware" things they told me too. "system-defender". well thats about when everything went from bad to worse, shell.dll was giving me hell, wowfax.dll was messing up. The control panel icon also disapeared and anything i tried to do with the system it wouldnt let me..pretty much telling me i didnt have administrative privliges.

So i came on this site and saw the self help page and was looking it over and saw the the "SmitFraud and It's Variants Removal Instructions" section fit my problem to a T, so i followed the steps exactly as they are written. I also got rid of the system defender. When i rebooted into norma... Read more

Answer:It just keeps coming back.....

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.
We'll begin with ComboFix. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/comb...o-use-combofix
When the tool is finished, it will produce a report for you.
Please post C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

12 more replies