Computer Support Forum

Malware - blocking removal by malware antimalwarebytes

Question: Malware - blocking removal by malware antimalwarebytes

Have got a strange one, where have attempted to remove XP antispyware 2009 using malware antimalwarebytes. Looks to have been partly successful - but have got something else interfering. Frequently have pages on IE as "not found".

Have posted HJThis log and Malware Antimalwarebytes log below. Thanks for any assistance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:58, on 08/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdjserv.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Shaun\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! UK & Ireland
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [PlatriumWeather] "C:\Program Files\Platrium\bin\1.2.103.0\Weather.exe" -auto
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Shaun\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
O20 - AppInit_DLLs: karna.dat
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdjCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe
O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
MBAM log file

Malwarebytes' Anti-Malware 1.30
Database version: 1373
Windows 5.1.2600 Service Pack 3

08/11/2008 10:42:00
mbam-log-2008-11-08 (10-41-43).txt

Scan type: Full Scan (C:\|)
Objects scanned: 258882
Time elapsed: 1 hour(s), 19 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 20

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\TDSSrhyp.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\ (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\delself.bat (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> No action taken.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> No action taken.
C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\av.dat (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\wini10802.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\TDSShrsr.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\TDSSlxwp.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\TDSSnmxh.log (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\TDSSoiqh.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\TDSSoiqn.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\TDSSoitt.log (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\TDSSriqp.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\TDSSxfum.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\TDSSmqlt.sys (Rootkit.Agent) -> No action taken.
Regards

HCD

Relevance 100%
Preferred Solution: Malware - blocking removal by malware antimalwarebytes

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Malware - blocking removal by malware antimalwarebytes

16 more replies
Relevance 96.76%

I did a hijackthis scan and here's what I got:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:18:17 PM, on 4/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\WINDOWS\System32\00THotkey.exeC:\WINDOWS\system32\TFNF5.exeC:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynT... Read more

Answer:Malware Blocking Acess to Spybot, Microsoft Malicious Removal Tool and other anti-malware programs

Hey guys I solved my own problem. I completely reinstalled windows. (It was about that time anyway)

2 more replies
Relevance 84.46%

Hi, I've been working with boopme on this in the "Am I infected forum" Mod. edit: Topic referenced is here: http://www.bleepingcomputer.com/forums/t/183098/infected-with-something-cant-download/ ~ OBHe determined that a driver was blocking the removal of the malware affecting my computer and said I should post here.Some background info. My desktop computer is infected. It uses Window Vista home premium. The computer is very slow when trying to browse the net and stops responding often. I can sign on with IE but am very limited to what sites I can get to. I can't get to this site. Firefox won't start at all. I am unable to download anything and I can't updated my antispyware programs. Other programs on the computer, like photoshop, seem to work fine.I have been using my laptop to download and update programs and transfer them to the desktop with a flash drive. I am posting this from my laptop.Here are the RIST logsLogfile of random's system information tool 1.04 (written by random/random)Run by Owner at 2008-12-04 21:36:01Microsoft? Windows Vista? Home Premium Service Pack 1System drive C: has 148 GB (64%) free of 231 GBTotal RAM: 2942 MB (69% free)HijackThis download failed======Scheduled tasks folder======C:\Windows\tasks\Check Updates for Windows Live Toolbar.job======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Ac... Read more

Answer:Driver or service blocking malware removal

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part... Read more

14 more replies
Relevance 82.41%

Help please dear scumware fighter!

Here's a tricky one that's brought me to halt. I have an infection from some malware that is hiding itself and seems to be actively crashing anti-virus/anti-malware sw before they can id it or remove it.

Here are the symptoms:

Discovered when I upgraded to version 10 of Avira's Antivir Free version. It wouldn't run completely through and crashed. Checking with Avira's forum, others had the same problem and it was identified as an existing infection. It was then that I noticed that I haven't even had a successful full system scan with the previous version since mid-Feb (even though I manually run a full scan every month or so). Virus definitions were being downloaded normally every day.

Then it started crashing Windows and Firefox. Couldn't turn off the computer and had to hard reset with the power button several times.

Downloaded and ran MalwareBytes which found 1 virus immediately, id'd as "Trojan: FakeAlert" in C:\END. I quarantined this item.

Ran a full system scan and MalwareBytes ran for about 10 minutes but crashed at the same directory that I thought I had seen Avira stop on.
I repeated and it stopped at the same directory. This is the file that it stopped on:

windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\063bdcb7c733d30d0ac1e533ae9191f7\ehiVidCtl.ni.dll

I tried downloading Microsoft Security Essentials and that failed to even finish the download for some unknown error. Another ... Read more

Answer:Insidious Infection Blocking Anti-Malware Programs & Removal

BUMP, please.

3 more replies
Relevance 82.41%

Hi,
I keep seeing the Antimalwarebytes balloon pop up saying that it "successfully blocked access to a potentially malicious website: 109.236.82.176  Type: outgoing"
I have run antimalware scans and come up with nothing, found several quarantined Trojans with MSE which I removed,  restarted my computer three times, and it's still happening.  The thing that kind of freaks me out is that it still happens when my browser is closed.
 
I would really appreciate some advice, thanks!
 
I am running Windows XP Home Service Pack 3, Firefox 21.0, Antimalwarebytes v2013.06.12.06,  and my MSE virus & spyware definitions are 1.151.2103.0

Answer:Antimalwarebytes continuously blocking malicious i.p.

Welcome ShortDancerLets look a bit further here.Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Please Download TDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive)Do not change the default options on scan results.Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.You will be prompted to restart your computer. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[S1].txt as well.Last run ESET.Hold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your deskto... Read more

7 more replies
Relevance 81.59%

I've got a computer on my hands that has got one hell of a bit of spyware/malware on it. the damn thing has disabled task manager for all accounts, made it so I can't boot to safe mode, and is blocking all web access to get the machine cleaned.

so I figured ok I can handle this... wrong....
I slapped in a ubuntu live boot cd downloaded spybot S&D. booted back into windows and started to install it. well naturally the installer wants to pull files off the website for install but that's being blocked via loop back. so I figured ok check out the hosts file remove the loops and I should be good. nope nothing in the hosts at all.

the damn thing has a popup on the tray menu that says I've got spyware click to download more spyware. and it's turned active desktop on so the desktop says the same. click here to download more spyware.... ok ok ok it doesn't say to get more it is just trying to get me to by saying click here to download bogus spyware removal tool.

so as of now I have the drive out and am running a windows vista defender scan on it. I don't know if that's gonna help and or work but it was worth a shot.

in the off chance this doesn't work has anyone else had any experience with this critter and eradicating it?
 

Answer:Malware blocking taskmgr, safe mode, and spyware removal sites

there are several that do this what is the name on the window it pops up?

easiest is back up the data, format and reinstall.
 

11 more replies
Relevance 79.95%

The malware affecting my computer sometime prevents me from viewing a web page I want to look at. For instance, I might type a search in google. When I click on one of the web pages in the search results, I will instead be directed to another page, often times an advertisement or other search page featuring words similar to the ones I typed in the google search. I'm not always redirected; sometimes I get to look at the actual page I clicked on. It's probably one out of two times that I'm redirected.

The malware appears to be blocking spyware removal programs like ad-aware.

Here are my logs:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft? Windows Vista? Business
Boot Device: \Device\HarddiskVolume3
Install Date: 11/7/2008 9:39:36 PM
System Uptime: 6/12/2009 8:42:11 AM (28 hours ago)

Motherboard: Dell Inc. | | 0D500F
Processor: Intel® Core™2 Duo CPU T8100 @ 2.10GHz | Microprocessor | 2100/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 136 GiB total, 90.288 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.332 GiB free.
E: is CDROM (CDFS)
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP129: 3/25/2009 - Scheduled Checkpoint
RP130: 3/27/2009 12:13:05 AM - Windows Update
RP131: 3/27/2009 2:56:04 PM - Scheduled Checkpoint
RP132: 3/29/2009 3:01:05 PM - Scheduled Checkpoin... Read more

Answer:Malware is redirecting my internet searches to different web pages/The program is blocking ad-aware and other removal programs

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, ... Read more

2 more replies
Relevance 78.72%

Hi all,My dad has asked me to take a look at his computer after it's been acting odd, and it looks like he's got a doozy of something running on the system. He's been getting some pop ups advertising various programs, the desktop is changed to text reading "Your system is infected! System has been stopped due to a serious malfunction. Spyware activity has been detected" (which is not something any program that should be running would display", Task Manager is blocked from opening and a fake piece of anti-spyware has taken up residence (don't have the name off hand).Looking at the log, I found a couple of things that I'm not a fan of - batmeter16.dll, for starters. There's a couple others I don't recognize, but I am not sure if they are bad or not.Unfortunately, my attempts to fix it have been thwarted - an AVG scan said it cleared it up, but more pop ups came. I tried to run Malware Bytes, but when I download the latest update through the program, I get a nice warning message saying "The database you are using is not supported by this version of Malwarebytes' Anti-Malware. Download the latest version of the program."Additionally, this came about because I tried to start into Safe Mode to get this cleaned up. I couldn't get my keyboard to register keystrokes before Windows started, which kept me from accessing the dialogue allowing Safe Mode to be entered, so I modified boot.ini to force a safe mode boot. Unfortunately, this brought about a blue sc... Read more

Answer:Malware blocking MalwareBytes (post-update), fake anti-malware program

Hello, my name is fenzodahl512 and welcome to the forum.. Please do the following....Please download The Comedian.exe by Rorschach112 to your desktopPlease disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..Double click the program to run it. It will only take around several minutes to run.It will do a series of tasks and tell you when each one is finished.You will be prompted to press any key after each stepWhen it is done it will close and exit itself automatically.You can delete The_Comedian.exe once it is finishedSTOP! if you can't complete this step.. Tell me more about it..NEXTPlease download OTL by OldTimer and save it to your desktop.Under the Custom Scans/Fixes box paste this innetsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINTDon't change any setting... Just click on the Run Scan button.. Let it scan till finish..Then a log will pop-up at your Desktop. Post the content of the log hereNEXTWe need to scan for Rootkits with GMERPlease download GMER from one of the following locations, and save it to your desktop:Main Mirror
This version will download a randomly named file (Recomm... Read more

3 more replies
Relevance 78.31%

Ran a pcpitstop scan last week as my pc is becoming increasingly slow (particularly when it comes to opening web pages). The scan showed that the pc is infected with Kollah, trymedia as well as various others. Started searching for solutions on the web, and subsequently installed Malwarebytes, HijackThis, Superantispyware, etc (already had spybot S&D) Malwarebytes and hijackthis would install but refuse to run. I found this forum, and followed the READ AND RUN ME FIRST Malware removal guide - to the letter.
Superantispyware scanned ok, but didn't find anything.
Malwarebytes won't run.
Combofix gets to stage three and then i get the BSOD and have to crash and restart.
Rootrepeal and MGtools seemed to work ok and generated reports, although I am unable to find a zip file containing a log in the MGtools folder on the c drive.
Incidentally, Spybot S&D and Adaware both don't find anything more sinister than a few tracking cookies.

I'm losing the plot now!

I have attached logs as instructed. Would really appreciate any help that you can give me!

Thanks
 

Answer:Trojans/malware blocking virtually every malware remover tool

Welcome to Major Geeks!





badlydrawngirl said:





MGtools seemed to work ok and generated reports, although I am unable to find a zip file containing a log in the MGtools folder on the c drive.Click to expand...

It is not in the MGtools folder. See the instructions which said it would be in the root folder of your Windows boot drive. i.e., C:\MGlogs.zip

We need this log to even begin.

Why are you attaching instructions for using SDfix?
 

10 more replies
Relevance 78.31%

A couple days ago I was looking at the weather online on my Toshiba laptop (XP Media, SP3) when I got a report from Avast stating it had blocked a connection to a malware site, just like this, which popped up when I was typing.

Infection Details

Process:file://C:\WINDOWS\System32\svchost.exe Infection:url:Mal
Obviously I scanned and it did pick up some things, and I thought I had gotten the problem. Obviously I didn't, and I got Malwarebytes which I scanned with and again thought I might be good. MWB just started constantly reporting outgoing connections being blocked. I did some digging, a lot more scanning (all turned up clean), and I noticed a couple things.

1. I'm getting issues with SVChost where it is sometimes taking up nearly my entire CPU. I replaced it with a different version of SVChost (in all windows folder locations) and whatever is using it to do the bad stuff isn't the file itself because it resumed causing trouble.

2. I tried to get rid of all unwanted processes & services, & I came upon one which I couldn't get rid of- groovemonitor, associated with Microsoft Office. I'm suspicious because I've tried deleting it, manually and automatically, and whenever I try to delete the entire Microsoft Office folder this one set of files (the groovemonitor dll's) will not let me delete the folder. I've tried disabling this whenever possible.

I'm still getting constant url blocks no matter what I have done, all sca... Read more

Answer:Avast & Malware Bytes Constantly Blocking Malware Connections

Just wanted to provide a bump.
 

1 more replies
Relevance 77.49%

Greetings,

I am repairing the computer of a neighbor and have encountered a pretty nasty infection.

Although I am able to install and run CCleaner, AdAware2008, a-squared, and SpyBlaster, I am blocked from installing everything else I've been able to think of to combat malware.

The following install programs do not execute:
-Malware bytes
-Spybot search & destroy
-Combofix
-DSFix

Firefox will install, but will not run. Opera won't even download via the corrupted IE. None of this changes in safe mode.

In IE itself, all links out of search engines clicked are redirected. If you manually input an address, it fails to connect.

When I ran AdAware and a-squared, it turned up trojans, CWS, Zango, some redirect stuff, etc (I can't remember it all) and did some removal of those. However, no matter how many registry entries I trim out via HiJackThis, I still haven't found what's up. CWShredder comes up clean.

This is a new one for me. Maybe a rootkit?

I plan on returning to their home (one house away) and finishing this off tomorrow. I'd like to get an opinion of what I might be facing.

Thanks,
--E--

Answer:Some Tenacious Malware Blocking Install Of Malware-removers

Ok... can ANYONE point me to ANY resource about what sorts of programs might actually be blocking install of my repair programs on the machine in question?

6 more replies
Relevance 74.21%

This is my first post ever, so I am new to this. I will make this as plain as I know how.

My pc obviously took on a virus. All desktop icons disappeared, wallpaper gone, lots of popups, and when you search for something on the net, it sends you to nothing but virus removal pages wanting you to buy it, etc etc etc.

Here's what I have done so far:

I removed the hard drive, took it to another PC, and loaded as a secondary drive. I ran a McAfee virus scan, superantispyware scan, and spybot scan to try to weaken it.

I put the hard drive back in the original PC and now I have icons back, wallpaper, and things run somewhat smooth. However, it will NOT allow me to run my Microsoft essentials virus scan, superantispyware, or even combofix. It starts running, then disappears off the screen like it never existed. Wont even let me update my virus protection. It updates for a long way, then freezes, and have to restart.

I installed Hijackthis and Malwarebytes. They begin to run then they disappear too. Lots of times, but not every time I try to run one of these, I get the blue screen of death. The technical information it gives me on that screen is:
STOP: 0x000000D1 (0xF7AF7000, 0x00000002, 0x00000000, 0xab0dc747)
ldqgakb.sys - address AB0DC747 base at AB0D8000, datestamp 4cf44c8f

I have also typed MSCONFIG in my run command, went to startup, and didnt find anything suspicious. I did disable anything I know I did not need.

Something is running somewhere that... Read more

Answer:Virus blocking me from running any virus or malware removal EXE

Oh, and also, I will say, I did see signs of "antivirus 2010". I removed in in add/remove programs, not knowing that's apparently a virus. I know that its not really removed, so could this be my issue?

26 more replies
Relevance 73.39%

HP notebook running Vista Home Premium SP1Whenever I open a new browser window (IE and Firefox) I get messages from AVG indicating it found trojan horse files:However when I try to remove selected infections or all unhealed infections AVG sends the message: Some files cannot be healed, action interrupted by user. And the remove fails. I suspect malware is blocking AVGs function.I also believe the malware is blocking Spybot update:Windows Defender update:and Housecall function:I'm a computer novice and have no idea where to begin to clean this machine. I would greatly appreciate any advice. Thanks.

Answer:Malware blocking AVs and Malware Scanners

This is a Rootkit infection. carefully follow these instructions.Please download Sophos Anti-rootkit & save it to your desktop.alternate download linkNote: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now". Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.If the scan did not start automatically, make sure the following are checked:Running processesWindows RegistryLocal Hard DrivesClick Start scan.Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.Files tagged as Removable: No are not marked for removal and cannot be removed.Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.Files tagged as Removable: Yes (but clean up... Read more

4 more replies
Relevance 72.98%

I have scanned with AVG with the latest updates. On top of that insidious google redirect I get random pop ups even when I don't already have IE or Firefox running. Also getting sounds in the background like I'm clicking on a link, surfing the net when I'm not. And SYSTEM in task manager is hogging a ton of memory.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:52:42 PM, on 8/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeC:\... Read more

Answer:persistent malware undetected by virus scans and malware removal tools

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

2 more replies
Relevance 72.98%

Hi,

I am the IT manager in my company.

I have a co-worker, his computer has search redirect issue. That means most likely it has malware.
Then i installed some major malware removal: Spybot Search & Destroy, SUPERAntiSpyware, Malwarebytes

After i installed them, i cannot launch them(That definitely means it has some kind of malwares)
I needed to rename their .exe files, after i can run them and scan my computer.

SUPERAntiSpyware, Malwarebytes found something, but didn't solve the problem, search redirect and
blocking malware removal software are still there. Now i am running Spybot Search & Destroy will see what happened.

By the way, i run them in safe mode because when i logon window to normal mode, it is slow (like it takes a long time to explore hard drive, etc). I suspect the malware slow down my pc. hopefully not registry corrupted or something, but works smoothly in safe mode.

So you guys have any suggestions? or you need a log file from combofix?

Please advise,
Tommy

Answer:malware: google yahoo redirect and can't launch malware removal software

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

5 more replies
Relevance 72.57%

Please help me,
I cannot access any internet (wifi & ethernet) after malware removal using GridinSoft Anti Malware. I already updated network drivers, but it's still not working.
 

More replies
Relevance 72.57%

I was surfing the web today and I believe I clicked on a pop up by mistake when I shouldn't have. Avira then blew up with Malware alerts and I knew I had a problem...

I did a virus scan and it removed the detections found but when I did a restart they were back again. Also, the virus seems to move itself around to other .exe files. I found it had infected moviemaker.exe so I manually deleted the file as I don't need it but as soon as I emptied my recycle bin the moviemaker.exe file returned back to its original folder.

I'm afraid something really nasty has infected me. Avira is detecting it as a W32/Infector.Gen2 and Maleware Bytes is detecting 2 Malware.Packer.Gen files.

I went through the Read Me First steps on this site and preformed everything it asked. However, I was unable to uninstall my previous JAVA (ver 19) and was not able to install the newest version of JAVA. Both gave me errors that the installation program wasn't working.

I'm attaching the logs here. Can anyone help me get rid of whatever is infecting my machine? I would really appreciate the help!
 

Answer:HELP-Requested Malware Removal (Infector.Gen2 / Malware Pacger Gen)

Here is the 5th log.
 

6 more replies
Relevance 72.57%

Hi, I'm suddenly having a lot of trouble with malware. My computer seemed to be running okay but I ran Malwarebytes as I occasionally do, and it picked up a fair amount of malware on my system. I deleted it and rebooted, but that's when my problems really began. Upon restarting, my internet connection has become almost unusable. It's extremely slow and generally I can't even open a page that I want after trying to refresh several times. Oddly though, google is working perfectly and a few other sites seem to work too, including this one. I've tried running MBAM again and again, each time it picks up more malware and I remove it, then reboot and the cycle renews. I can't seem to get rid of all of it, every time I scan my system there's just more of it. I've tried ComboFix but it doesn't seem to have done anything. One persistent thing seems to be photo_id.exe, I've got a few messages from MBAM saying it can't be removed and I need to reboot. Also, I've noticed that if I'm trying to reach a webpage, although it won't load there seems to be some redirecting, for example I just tried to reach a wikipedia page and it says &quot;The server at topsearchfeed.com is taking too long to respond&quot; For some reason I can't bloody format this properly no matter how hard I try, so here's an attached HJT log:
 

Answer:Malware removal attempt led to unusable internet, still can't remove all malware

problem has become more serious, now my mother has told me that the internet on her laptop is also extremely slow and essentially unusable, I'm worried that something from my computer has got on to hers via the wireless network we're both connected to. Somebody please help me
 

2 more replies
Relevance 72.57%

Gud day to everyone,

My computer having some malware activity, i have used adware 2008, spyware removal tool, norton anti-virus and other removal tool, but still those malware cannot be deleted.. My Computer icon could not display its properties, instead it appears like a file when you see its properties. It also disabled TCP/IP that why until now i cannot connect to the internet.. I don't have WindowsXP SP2 cd for repair..

Please help me as soon as possible, because it is a server..

Answer:Urgent! My XP SP2 have malware activity!.. cannot remove using malware removal tool

Hello frozenfire03, Welcome to TSF!

I recommend that you read this article… "Having problems with spyware and pop-ups? - First Steps"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.

When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Good Luck with it.

Kind Regards,

7 more replies
Relevance 71.75%

Hi, i got infected because i was triying to run malwarebytes and it skip the part of analising the files, it ended in arount 1 minute in a full scan, and i tried to download dr web cure it, and it dont allow me, the computer seems fine, but those things are very strange, and when i was running the scan i was in safe mode...
 
thanks for the help

Answer:Malware infected, malware removal tools useless

Greetings samidelcueva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

0 more replies
Relevance 71.75%

Please find attached the logs from the scans in the Windows XP Cleaning Procedures. I followed the Cleaning Procedures but still have a problem. The problems can be pinpointed to yesterday when I surfed to a web site without having an up-to-date Anti-Virus definition files. Before I knew it, I had an infected machine.
There seems to be 2 problems.

(1) After restarting the computer, Windows File Protection gives following message.

Windows File Protection
Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. Insert your Windows XP Profession CD2 now.

I have Dell OEM Windows XP Media Center 2005 installed on my Dell Dimension 5150/E510. Problem is, Dell has a Windows XP re-installation CD but Dell states there is no 'CD2'.

(2) I keep getting pop ups every time Internet Explorer is open. The pop ups occur on their own.

Hopeful you can help me to fix the problem. :confused
Thanks,
Ankur

p.s. Please note, the AVG Anti-spyware log is not attached because it was not generated by the tool. I scanned my computer using Trend Micro (after updating virus definition files) and I can provide the logs if you need.
 

Answer:Malware problem not fixed with Malware Removal instructions

Welcome to Major Geeks!

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
Java 2 Runtime Environment, SE v1.4.2_03

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F3 - REG:win.ini: load=C:\WINDOWS\system32\mlljg.exe
O2 - BHO: (no name) - {3F7BDD0B-0462-4F19-8B87-54D83601B87C} - C:\WINDOWS\system32\mlljg.dll
O2 - BHO: (no name) - {B8AFD866-6B8B-490E-DA2E-39E671810F96} - C:\WINDOWS\system32\mknamps.dll (file missing)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime

After clicking Fix, exit HJT.


Now download The Avenger by Swandog46, and save it to your Desktop.

Extract avenger.exe from the Zip file and save it to your desktop
Run avenger.exe by double-clicking on it.
Check the 'Input script manually' box.
Click on the magnifying glass icon.
Copy everything in the Quote box below, and paste it in the box that opens:




Files to delete:
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\mlljg.exe
C:\WINDOWS\system3... Read more

9 more replies
Relevance 71.75%

Hi. I am trying to diagnose a problematic laptop for a friend. I don't know the details of what happened to cause the problems. The main problem I can detect is that the laptop is EXTREMELY slow. It seems like anything I try has a delayed response (even a simple mouse click). I followed the Malware Removal Guide, but was only able to run two of the five suggested tools as follows:

1) SUPERAntiSpyware - I ran this after manually updating the definition files on the version already installed and the scan found nothing.

2) Malwarebytes Anti-Malware - I was not able to update the definition files for the current version installed. After several attempts to uninstall this (via the Control Panel), I was able to do it via CCleaner. However, I was not able to re-install a more recent version due to problems with the Windows Installer service. After uninstalling an outdated version of Java (Update 14) via the Control Panel, I have not been able to install/uninstall any more programs.

2) combofix.exe - not compatible with 64-bit OS

3) RootRepeal - did not run on 64-bit OS

4) MGtools - did run; kept getting errors, but continued to completion

Attached are the SUPERAntiSpyware and MGTools logs:
 

Answer:Possible Malware preventing me from running malware removal tools

I am not seeing any malware in those logs. I do not know why MalwareBytes would not run, are you able to run it in safe mode? How does the PC behave when you use safe mode?

More than likely I think I will be sending you off to the software forum.

We can do this:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:



O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsM... Read more

5 more replies
Relevance 71.75%

Four steps that will keep your PC happy, healthy, and crap-free

Malware sucks. In the best-case scenario, it craps up your system with unwanted files and occasionally makes itself known in the form of a persistent pop-up window or annoying browser-based toolbar. In the worst-case scenario, malware completely takes over your desktop or laptop and ruins your life.

Your system slows to a crawl. You can’t even boot into Windows in the time it takes you to walk to the kitchen and back. Your data gets sent off to a faraway Internet land or, worse, your actual keystrokes are recorded for some unsavory individual to see. Malware locks down your browser, making you unable to actually do any browsing without being carted off to some bogus domain. You can barely run a program in Windows without getting bombarded by fake advertisements, programs, and dancing people on your desktop.

We can’t make this stuff up.

So what’s a computer enthusiast to do? Step zero: Read this guide, because we’re going to walk you through all the key details you need to know to both rid your computer of this junk and keep it free of downloaded nasties forevermore.



Read more at:
Maximum PC | Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Answer:Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Most excellent reading, thanks for posting for all to see, I , myself, use most all of these myself, the only paid program i have is malwarebytes, the rest are free add ons or are free programs . Thanks.

5 more replies
Relevance 71.75%

Dell m1330 Vista home premium. I have malware isses, frequent memory dumps, google redirection and something is preventing me from running or installing anti-malware programs. I had to install malwarebytes using the rename method, but the program will not run in safe mode or normal. I had spybot previously installed but I was also prevented from opening, so I tried reinstalling, but before it can complete the installation I get the blue screen of death memory dump! Before reading the procedure I ran coolweb, kill2me, windows defender and windows malicious software tool. None of the programs found anything. I also perfomed a couple system restores, but both failed.

Should I continue with the cleaning procedure (combofix), or does anyone know how I can get malwarebytes and spybot to run?
 

Answer:Trying to follow malware removal procedure, but malware is preventing me?

Here's my MGtools log, it was the only program that worked.
 

4 more replies
Relevance 71.75%

Had a machine in riddle with viruses which we duly cleaned up and removed without incident. Uninstalled the applications one at a time, restarting each time it was required and all was good.

After removing the last app (dont ask me which one it was I cant rememebr) the machine no longer starts.

It's boot cycling but once we disable automatic restart on system failure it brings up a STOP 24 error.

Have booted to puppy linux and examined the hard drive (which is SATA btw) and the data seems intact so we can assume, physically at least, that the drive is good.

Booting to an XP CD and attempting to access the recovery console to run chkdsk /r and it appears the drive is either not detected or is empty (the latter we know not to be the case)

Boot to an X CD to attempt a repair install and it tells me there is no hard drive present.

Check the BIOS and the drive is detected properly. swap the hard drive for a SATA CD and it detects the CD without issue which makes me thing the SATA controller must be functioning too.

Now it seems that the this single disk system has some kind of RAID configured on it according to the boot screens. My next step would be to remove the RAID but I'm concerned it might format the drive. Is this likely? It has an ASUS A8R-MX/S motherboard but the info I get from their site is a little vague.

Am I on the right track with the RAID thing or way off base, help me folks its driving me nuts.
 

More replies
Relevance 70.52%

Hiya

Im running XP, avg detected trojans, the first one it got rid of, the second one Generic13.ATHP it could only remove it partially, apparently located in in c:\windows\system32\svchost.exe

Started the Malware Removal Process as recommended, SuperAntiSpyware wouldnt install, so I changed the filename, and it has installed but when I attempt to run it I get an error message -

SUPERAntiSpyware Free Edition has encountered a problem and needs to close. We are sorry for the inconvenience

The same happens with any other malware/spyware removal program, Spybot S&D, Malwarebytes etc...

Is there anything I can do to fix this?

Thankyou!
 

Answer:malware halps/malware removal not running

Hi again,

also tried doing this (as seen in another thread)

Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

* Scroll down to ?Non-plug and Play Drivers? and click the plus icon to open those drivers.
* Then search for TDSSserv.sys
* Let me know if you find this or not.
* If you do find it, right click on it, and select Disable. Do not try to uninstall it.
* Also if this is found and you disable it, then reboot and see if you can run the cleaning procedure and attach the requested logs.


but the device mentioned is not present (although there are a few that have error "!" things next to them, but 30 or so others.

:confused have no idea if any of this will help you lovely helper person, but i guess im just trying...
 

2 more replies
Relevance 70.52%

About a week ago, I noticed that when running Internet Explorer www.google.com that clicking on a website would take me to an add instead of the website. If I clicked back and clicked on the website again, it would correctly go to the website.

A day or two before noticing this issue I had upgraded to AVG 8.0 Free and had installed the latest Firefox version.

I am running a Windows XP Professional SP2, Intel Pentium 2.8 GHz.

I ran the instructions at forums.majorgeeks.com/showthread.php?t=35407 and am still experiencing the same issue as described above.

Any help would be greatly appreciated! This is the first forum I've ever posted to so be patient!

Thanks,
Deb
 

Answer:Malware - Exists after running MalWare Removal

This is the last of the Malware log files.

Thanks again!
Deb
 

2 more replies
Relevance 70.52%

Hi. Thanks for this. I need to first tell you that I don't even know how to generate the logs everyone posts here for troubleshooting. I'm sorry. Maybe someone could tell me how, then I will.

Because my laptop wouldn't even boot to the O/S last week, DELL's tech support helped me move files, reformat and reinstall the OS. I reinstalled McAfee. A security tool warning popped up. I knew it was rogue; I came here and got rid of using mbam and process explorer - very easy. Or I thought I did. On my daughter's desktop this morning, there were 3 porn shortcut links ON HER DESKTOP!!!! There was also a link to "Active Security" - trying to figure out wtf this was it turns out it was another rogue. Awesome. It at least had an uninstall on Add/Remove programs... but obviously it is not gone, if that is even the cause of all this... Thinking MBAM would be a logical quick fix, I figured I would try that. My Mbam won't load - I have reinstalled and it - it reinstalls and then when I try to quicksccan it says I don't have permissions and then I can't even open it again. I can reinstall, then it is hijacked when I try to scan. My McAfee won't scan either so both are being hijacked and I also am having the same browser redirects as others when clicking on sites from search results. McAfee can't even fix itself. In safemode, McAfee tells me the truth at least that it is not working (in regular mode it poses like everything is... Read more

Answer:Ugh - Malware Removal Tools Disbled by Malware

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Relevance 70.52%

Hi all, 
 
Recently on Chrome browsing on a site a received a web site popup saying "Your browser contains MALWARE. You have to install Chrome Malware Removal Tool". Confirming with OK opens an extension page:
 
https://chrome.google.com/webstore/detail/chrome-malware-removal-to/mbdoonnjlifcmakklcaembokjhjikank
 
I have a strong suspect this is a malware!!!
 
What I'm trying to understand if what kind of malware infected the web site I visited. Some technical specs could be useful . The web site is of a my friend and I'd like to help them to identify the malware infected their web site...
 
 

More replies
Relevance 68.88%

Hello. I am working on a friends machine that seems to have a nasty infection. This machine is a dedicated server running Windows Server 2003 Web. Everything I am doing to it is via remote desktop which is making it a little more of a challenge. Web browsing on the server was incredibly slow when he asked me to take a look at it. I figured he was infected with something so I was going to try and install a few things on it and run a few scans, only to find that all of the sites that I found to use are blocked or disable by whatever is infecting the server. Any attempt to access an anti-virus or anti-malware website results in a message stating server cannot be found. Any other website can be accessed though.

There is an FTP server running on this machine, so I do have that availability to FTP to the server to get any file or program to it that I need to. Please just let me know what you need from me and I will get it up here as soon as I can. I am a fairly experienced user and can grasp things pretty easily. Thanks for your time, I greatly appreciate it.


Jamie

Answer:Malware Blocking all Anti-Malware/Anti Virus websites

If it doesn't block you from softpedia or download.com, the get the anti virus software from their sites instead. Hopefully it won't block them. When they are downloaded, rename the file names.

2 more replies
Relevance 68.06%

When I try to run a scan from usind AVG anti-virus, Avira, Windows Defender, or SuperAntiSpyware; when the scan gets to a certain point, Windows shuts computer down with a blue window. It says Kernel_Stack_ Inpage_ Error plus some standard verbage about if you recently installed sortware/hardware,see administrator, etc. At bottom it says: STOP: 0x00000077 (0x00000001, 0x00000000, 0x00000000, 0xF79B1D24). I could sometimes run AVG scan in "select drives/folders" mode but recently it quit allowing that after I upgrade to AVG 9 (free). I uninstalled AVG and went to Avira but with same results. Scanning with Windows defender did the same. I recently installed and ran SuperAntiSpyware and was able to pinpoint problem to " System Volume Information" directory. I am unable to open to see contents as Windows shows no files in it. When I ask Ariva to scan it, Ariva says no files also but if I use AntiSpyware to scan, it shows many files during it's scan but will get to a certain point and computer will shut down. I can almost see file that shuts it down but it happens too fast to catch it. I was able to run "RootRepeal" and log is below. I was not able to run "DDS.scr".

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/30 13:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepe... Read more

Answer:Unknown malware/virus won't let any anti-virus/windows defender/malware removal progran to complete scans

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

23 more replies
Relevance 67.24%

I have run the malware removal intructions and when through each programs as they did remove some of the malware and virus. The issue that I am having is that when I open the computer under seperate user and try to run the malware removal programs via internet or through USB drive, I keep seeing a window which pops up asking me which program I want to use to open the program. I have run the computer under the adminstrator and do not seem to have problems running the

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log



View attachment hijackthis.log

malware removal steps and have attached the reports from the intructions.

Even when I try to open add or remove programs under control panel- I get the following message: "C\windoesn\system32\rundll32.exe- application not found. I am thinking that It is something to do with AVG and have removed the program with the step.

Please help....

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log
 

Answer:Help with malware removal- have run malware removal instructions

ssmehta007 said:



....try to run the malware removal programs via internet or through USB driveClick to expand...

Specific download and installation instructions are in our R&R ME FIRST guide :
ComboFix
Running from: l:\combifix\ComboFix.exe <--- belongs on your desktop

RootRepeal
Save it to your Desktop

SAS & MBAM
Installed to the Default Location - "C:/Program Files", as we suggest that you keep them after malware removal.

MGTools.zip
Download this file to the root folder of the drive where you have installed Windows (Typically this would be C:\ and thus you would have a C:\MGtools.exe file after downloading). ​
Please make those corrections and attach the missing RRlog.txt (from RootRepeal) and MGlogs.zip - normally it is C:\MGlogs.zip . Please tell me any problems you still have.
 

18 more replies
Relevance 67.24%

Hi,

I have a dell xps 8300. It started acting up about 1 week ago (freezing while working online, freezing while trying to boot). Today i got the Blue screen asking me to restart if this was the first time I had received a blue screen.
I restarted it was fine for 30 minutes and everything froze.
I restarted it and I received error beeps ( 4 beeps)
I looked that up on dell support and they said it was RAM problems.
I opened up the computer vacuumed a bit, took out ram cards and reinstalled them.
It had been working o.k.for about 1 hour and only froze once more.
I decided to try the malware removal guide and here are the logs
Malware bytes did not find anything
TDSSKiller did not find anything
MGtools ran but as soon as it was done the window closed. i don't know how to find the log
Your help will be greatly appreciated
 

Answer:malware removal - have followed malware removal guide

I still want to see the log from Malware Bytes please.





MGtools ran but as soon as it was done the window closed. i don't know how to find the logClick to expand...

Should be directly on C:\ if that's where you boot Windows from. If you really cannot find the log, you'll have to run MGTools.exe again in order to produce a MGlogs.zip. Thanks.
 

20 more replies
Relevance 66.83%

I have followed recommended protocols to suceessfully remove the "Trovi" malware from my computer.
But have one minor problem.
The virus removal programs successfully removed the malware programs, as the program no longer runs on my computer.
But the malware appears to have left code in the windows startup directing the computer to run files which are now no longer present on my computer.
Problem is that this causes the following Windows Popup box "Run DLL" to come up , before any other windows startup programs run.

The Pop up box contains the following wording"

" There was a problem starting
C:\Users\LESTER\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
The specified module could not be found."

Does anyone have any suggestions on how to get rid of the code lines in start up that lead to the popup box, so that it will no longer occur at computer start up.

Thanks.
Lester
 

Answer:Trovi Malware - "Run DLL" pop up box remains on windows startup after malware removal

Follow this thread and attach requested reports

http://malwaretips.com/threads/malware-removal-assistance-how-to-get-help.20334/
 

1 more replies
Relevance 66.83%

My computer recently became infected. At first, my taskmanager and regedit were locked. Next, my desktop background was locked. I fixed these problems, but continue to be bombarded with malware in my running processes which regenerate upon rebooting. Eventually, I could not startup Windows. Once the Windows loading page was finished, my computer would restart. I upgraded to XP Pro, can now log on, but still have malware. Please help! Thanks for your time!
 

Answer:completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have malware

Re: completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have mal

Here is my MGTools.zip log. Thanks in advance for your help. Any addition info needed please let me know. Take care.
 

4 more replies
Relevance 66.01%

I ran the steps in the Malware removal guide, i haven't seen any new pop-ups, but i noticed that there were a few problems that bitdefender could not fix, and my laptop is still running slow.

I am running windows XP, and will attach all logs.

Thank you in advance for all you assistance.
 

Answer:ran all the steps in "Read & Run Me First malware removal guide," still have malware

Re: ran all the steps in "Read & Run Me First malware removal guide," still have malw

Here are the last three logs.
 

10 more replies
Relevance 65.6%

I have an old Dell running MS XP. Something has infected it, though it had AVG antivirus and Windows Defender running, as well as regular scans of Spybot.

Somehow AVG and Defender were disabled, and I can't run any of the programs listed in the Majorgeeks sticky note--Superantispyware, Malwarebytes, Combofix, etc, or Spybot. Firefox was disabled, then, eventually, even IE. In a few cases, the browser seemed to be redirected,

While IE was running, I tried running several online scans, most evaporated immediately, some seemed to get to a few files before evaporating. None made any report. I tried running from a flash drive, that didn't work.

The only thing that seemed to run (it didn't seem to help) was a Microsoft Standalone System Sweeper disk I made on another computer. (Version 1.113.773.0 on 10/2/11) This ran a scan for a long time and found the following, which I copied:

Exploit: Java/CVE-2010-0840.BE
Worm: Win32/[email protected]
Program: Win32/PowerRegScheduler

All were set to "remove" and the report said "succeeded". However, the computer is no better than it was and in some ways getting worse.

Not sure what to do next--thanks in advance for your help!

Larry
 

Answer:Malware blocking almost everything

Hi and welcome to Major Geeks, LMarvet!

Please read ALL of this message including the notes before doing anything.

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and then attach the requested logs to your next reply when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes, you could use a flash drive too, but flash drives are writeable and infections can spread to them.
If you cannot seem to logi... Read more

25 more replies
Relevance 65.6%
Question: Malware blocking

I am trying to log in to a site that I have logged into everyday for the last few years. It asks me to log in and then takes me back to the login page. I have Malware on my PC and it is always giving me a message that it is blocking the outgoing address which is 64.94.137.102

I am running Windows Vista with IE9

I have contacted EA and they can't seem to figure out what the problem is. Does anyone have any suggestions?

Thanks in advance!
 

Answer:Malware blocking

follow advice here and post the logs those programs make
 

1 more replies
Relevance 65.6%

Computer is an old Compaq running XP. 2.8 ghz celeron with 80 Gb drive, 512mb memory. This has a ton of old photos and files I must save. Start menu and taskbar are gone. Internet access is completely blocked. Firefox opens but no internet. Internet explorer won't do anything when clicked. I managed to download dds onto a flash drive with another computer, and run it on the infected one, but I can't copy the resulting files, or drag and drop them into the flash drive. I can't move or copy and paste any files/folders. Can't even rearrange icons on the desktop. MBAM was previously installed and functional, but malware is blocking it now. Tried downloading it onto a flash drive under a different name but would not load.


I realized the computer would let me take a screen shot and save it in paint, so that's what I did for the dds files. I know it's inconvenient, but it's the only way I could get the results on here. The picture files had to be zipped due to their size.
Please help. Thanks for your time.

Answer:Malware blocking everything

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

41 more replies
Relevance 65.6%

Malware has been blocking malicious ip addresses.
Any Ideas?
21:11:08 John IP-BLOCK 213.174.143.33 (Type: outgoing, Port: 50153, Process: forfilles.exe
By the way how can i close this port? or can I create a firewall rule to to block communication to and from this Port?
Thanx in advance:confused
 

Answer:Malware Keeps blocking an IP

I want to thank You it worked great!:celebrate
 

1 more replies
Relevance 64.78%

Malware is blocking  an IP address
here are the attached DDS logs
 dds.txt   10.37KB
  1 downloads
 attach.txt   26.76KB
  0 downloads
 dds.txt   10.37KB
  1 downloads

Answer:Malware blocking ap addresses

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/521321 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 64.78%

I have a malware infection on a person's computer that is similar to one I had recently. The CMD command is blocked, as well as regedit. In the previous infection, it was a DLL that was loading with iexplore.

Please see the attached hijackthis logs, as well as the DLLs that are loading with winlogon and iexplore.

Answer:Malware blocking CMD and Regedit

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Relevance 64.78%

Here are the log files from DDS.

 dds.txt   10.37KB
  8 downloads
 attach.txt   26.76KB
  1 downloads

Answer:Malware blocking ap addresses

Hi,
my name is alexsmith2709. I will be helping you to remove the infections you appear to have on your computer.
Please bear with me while i look over your logs.
I will reply within a couple of days, but if i do not, please feel free to PM me to remind me.
 
Regards,
alexsmith2709

22 more replies
Relevance 64.78%

Hi there recently I have started getting Error safe fake security alerts and popups so I ran Spyot and AVG and it seemed to take care of them but then I started getting Ultimate Defender Popups in IE and then IE and Firefox stopped working, When you clicked to open the explorer or direct to any page it would just say connecting and stay on a blank page, Now I know this is not related to my hardware or internet connection as my messengers and file downloaders are all working etc. I tried the winsock resetting and the Ip renew and restarted and it would work for anywhere between 5-15mins before stopping again.

I then downloaded super anti spy and it detected the IBM/Shell trojan and the media/codec trojan and it said that it had deleted them but a few mins later the internet problems and the popups came back.

I ran Vundo and also smitfraud and it doesnt seem to of helped the situation.

Please can you help me this is getting really frustrating, I have attached the most recent Hijackthis log below:
 

Answer:please help malware is blocking my ie and firefox

Edit: Removed inline hijackthis log for guide below to be run.
 

2 more replies
Relevance 64.78%

Hello,

I believe I have gotten some form of malware from a friends USB drive. Since then I have not been able to access sites for Windows Update or any virus removal sites including Symantec. All of my browsers tell me they cannot find the server. I discovered the problem when I tried to download some updates from the Windows Update server. It does not appear to hamper any other aspects of the computers functionality.

I am running:
Microsoft Windows XP
Professional
Version 2002
Service Pack 2

Requested logs below:
Thanks in advance for any help.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_31
Run by User1 at 10:50:18 on 2012-03-14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2559.1462 [GMT -8:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Hexamail Vault\hexamailvault.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\deepinvent\MailStore Server\MailStoreServer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\Ghost\ngserver.exe
C:\... Read more

Answer:Malware Blocking Sites

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed. Note that if you do not respond within 5 days I shall no longer check this thread for replies.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
IMPORTANT - for Windows Vista and Windows 7 start all tools by using right click > Run as Administrator.


Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

A guide and tutorial on using ComboFix

Please read all the informatio... Read more

14 more replies
Relevance 64.78%

Hi hope someone can help - I am unable to get to the Microsoft web site nor download and apply security patches and updates (such as trying to work towards XP SP2). Here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 12:35:29 PM, on 10/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\System32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WIN... Read more

Answer:Malware Blocking MS Site and DLs

6 more replies
Relevance 64.78%

Hey guys. I'm new on this site, as it is my last resort, so I hope someone here can help me. About 2-3 days ago, there was a website that I visited to download a file. I now know that in downloading this file, it of course contained some malware. At the beginning, my computer did a random restart while it was running (has only done it one time, might be a PS problem, but not sure). As it was starting up, it took A LOT of time to start up, much more than usual. And now, when I get onto Windows XP, I have no internet connection through my school network (I'm posting from another computer now). I've ran Symantec various times, Ad-Aware, and Sbybot. I've ran, like I said, all of these several times, and I've also ran these in safe mode. I've cleaned much of it up, however, Symantec NEVER reported anything, and both Ad-aware and Spybot keep bringing the same things up, even after I try to fix them. With the results from Spybot, I went in to try to manually remove them, and they kept regenerating themselves. I've attached the logs from each program and hopefully someone can help me!

Thanks guys!!

JB
 

Answer:Malware blocking internet?

Welcome to MajorGeeks.com!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.


READ & RUN ME FIRST. Malware Removal Guide


If something does not run, write down the info to explain to us later but keep on going.

Do not assume that because one step does not work that they all will not.
Notes:
If you run into problems trying to run theREAD & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

 

11 more replies
Relevance 64.78%

I`ve had a problem for a few weeks now... part of my internet access is being blocked...

internet explorer won`t work and programs such as Bit defender and java won`t update i just get an error message...

I`ve also got a strange icon in my shutdown menu telling me i`ve got windows updates waiting to install but i`ve not updated anything for weeks...

I`ve tired various antivirus programs and anti malware programs but haven`t found anything...

heres my Hijackthis log... can anyone help me out...????

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11:08, on 25/08/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Edit by chaslang: Inline HJT log removed. READ & RUN ME FIRST. Malware Removal Guide sticky not followed.
 

Answer:malware blocking internet??? Help

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.
After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using a different use... Read more

1 more replies
Relevance 64.78%

I have a Windows 10 machine, upgraded from 7 about a month or so ago. It has been fine for a couple weeks, and I recently installed avast! Antivirus to make sure everything is OK. I have a problem. Whenever I try to use Google or YouTube, sometimes other search engines like Bing, it is blocked. It acts as if the site is down. Other sites load slowly, but they do eventually load. Now, YouTube will sometimes load after about 5 minutes left alone, and then it loads fine until the tab is closed. Google will occasionally work, but nowhere near often enough as I'd like. I suspect it is the doing of malware because while I cannot access Google/YouTube, etc on Chrome or Microsoft Edge, I can access it fine on Steam's in-game browser. I have also heard that there is a virus going around on Steam, so I am quite concerned. Is this a virus, and if so, what should I do?

Answer:Malware blocking Google?

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scr... Read more

1 more replies
Relevance 64.78%

Hi there,I hope you're well, and that you don't mind me asking for some help. Sorry for the blah Topic Title - I'm afraid I didn't know what to put. I'll give the best account of my woes thus far, and hope you can join the dots!I'm a Mozilla Firefox user on Windows XP with AVG Anti-Virus Free, and started getting the odd pop-up a couple of weeks ago - but didn't think too much of it until Google started wildly misdirecting a few days back. Now, whenever I click on a search result, I am sent to the wrong site (if at all). Quite often no page loads, and there is a message saying 'Transferring from surveys.cnet.com' (or, occasionally, 'google-analytics.com'). I have found, however, that if I quickly double-click on the hit, I'm sometimes taken to the right page.Next I noticed certain sites were plain inaccessible. The Guardian website (www.guardian.co.uk) was the first to go - and the most recent development is Gmail and Hotmail (which is making things particularly difficult).When websites started being blocked, I decided to download Malwarebytes' Anti-Malware - but I can't open it. When this happened, I searched for other users with similar problems on Google, and (someone's got a sense of irony here) found that I couldn't open those pages. BleepingComputer was, mercifully, not one of them. (I've already fallen in love with this site, for what it's worth.)Today, sadly, has been a real nosedive. I'm ... Read more

Answer:Malware - misdirection, blocking, pop-ups etc

hi worths,Sorry for the delay, no shortage of posters. Your log is a few days old, If you still need help simply post back.

9 more replies
Relevance 64.78%

Hi, I'm having problems with some Malware that is blocking all access to my desktop but I don't know how similar it is to other problems mentioned on the site. I have Vista and whenever I log on I get a white screen with a message in english and again in German stating "please wait whilst connection is beeing established".

I ran FRST.exe and have attached the resulting .txt file. Help please?
 

Answer:Malware blocking desktop

Hi and welcome to Major Geeks, LeeSuss!

See if the below helps out:

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Attached is fixlist.txt

Save fixlist.txt to your flash drive.
You should now have both fixlist.txt and FRST.exe on your flash drive.

Now re-enter System Recovery Options.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (How to attach)

Now attempt to boot normally.
 

4 more replies
Relevance 63.96%

Please help - am desperate!  Two computers in the house (one wired XP, one wireless Win 7) lost internet access almost completely, in a day.  Some websites load fine, but others (google, gmail) are extremely slow or fail to load.  Most virus definitions were extremely slow to update, and I can't download any anti-malware programs.  The Verizon DSL gateway shows each laptop getting 130Mbps and "excellent" signal, but when I try to download any diagnostic or anti-malware file (e.g. dds), it goes at <1Kbps or fails.  Two other computers had no problem using the same wireless source.  
 
A few days ago, a friend accidentally went to goggle.com instead of google.com >, and NIS warned that it intercepted an attack.  I immediately scanned with NIS and MBAM and found nothing, and everything was fine for a few days.
 
The Win 7 laptop is fairly tweaked, plus this started happening overnight.  I've scanned with NIS and MBAM in safe mode, plus MBAR, but found nothing.  I cleaned with CCleaner.  I flushed DNS and checked hosts file.  I looked over running processes and services, but don't see anything unfamiliar.  Chrome works a little better than Firefox, but is also slow and cannot download any anti-malware programs.
 
Could you please look over my DDS and/or suggest anything?
 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer:   BrowserJavaVersion: 10.51.2
Run by LRS at 16:35:01 on ... Read more

Answer:Malware blocking internet access

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
The fixes are specific to your problem and should only be used for the issues on this machine.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
Please be sure to subscribe to the topic if you have not already done so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.
 
Having said that....     Let's get going!!  
----------
  Please download TDSSKiller
Double click TDSSKiller.exe
Press Start Scan but do nothing else as we are just looking for what is there.
If Malicious objects are fou... Read more

30 more replies
Relevance 63.96%

On Windows 7. Most malware-removal-related sites are blocked, this one included, along with various news sites, Facebook, Amazon and others (some come and go, some only partly load, some are blocked completely and permanently, as if the server were down).
This started when a rogue Flash plug-in installed an executable in C:\ProgramData (bin2dbex).
Any help would be appreciated. I ran RKill and Rootkit Remover (McAfee) and nothing came up.
Cheers,
Andy
Edit: oh, it also hides all hidden and system files every time I turn my laptop on.
Edit again: hosts file is clean.

Answer:Malware blocking access to certain websites

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click ... Read more

6 more replies
Relevance 63.96%

I've been using OpenDNS but their ad blocker is kind of light. Norton DNS is also good for Malware blocking but they don't seem to update fast enough.
So any other choices?
I would really love an options that has a good Ad, Tracking and Malware blocking DNS.
 

Answer:What's your choice for Malware/Ad/Tracking blocking DNS?

For adblocking Alternate DNS - Ad Blocking DNS Server but I don't trust it (I use it only on mobile)
I use Yandex.DNS it has antimalware with sophos signatures, botnet protection, parental control and safesearch (and is foreign of USA I don't trust NSA)
 

2 more replies
Relevance 63.96%

My system has been compromised by malware that blocks my ability to send Outlook messages after two to five successful uses, and also blocks access to web pages using IE 7 after several successful uses. Once the system is rebooted, the process starts again. Receiving messages does not appear to be affected.

I have followed the 5-step process that TSF recommends. I found no suspicious programs, etc.; I ran Panda ActiveScan (results below); I installed Spyware Doctor to supplement Norton Corporate AV already installed on my Sony Vaio laptop; MS Windows Update Page was blocked, so I was unable to perform any updates there; and I ran DSS.exe (results below and attached).

Any and all help will be much appreciated!

Thank you.

____________________________________________________________

Panda ActiveScan results:

Incident Status Location

Adware:adware/popmonster Not disinfected C:\Documents and Settings\gcherry\Favorites\Search Now.url ... Read more

More replies
Relevance 63.96%

First of all my OS is Windows 8.1, my pc is extremely slow, and Avast keeps saying I have malware. I have scanned with Malwarebytes and Avast and they have not found anything.

Answer:Avast blocking everything, and I have a feeling I have malware

First of all my OS is Windows 8.1, my pc is extremely slow, and Avast keeps saying I have malware. I have scanned with Malwarebytes and Avast and they have not found anything.
Switch the machine to Windows Defender, give it a good & proper cleaning* then, scan (Full) w/ WD.  Remove any unwanted or unneeded programs, as well; including any 'computer tuner-uppers'
* CCleaner, Internet Options & Sage
 
Cheers,Drew
 

 

4 more replies
Relevance 63.96%

Hello all, I have a user that has spyware here is what was done so far and the HJT log

AdAware removed threats
SpyBot S&D - had to rename the .exe to launch it. Removed objects
MalWareBytes - had to rename the installer to install and rename the .exe to launch it. Removed objects
SuperAntiSpyware - had to rename the installer to install and rename the .exe to launch it. Removed objects
HighJackThis did not show the normal stuff that I find but here it is:

Logfile of HijackThis v1.99.1
Scan saved at 2:57:42 PM, on 2/17/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\DWRCS.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\syste... Read more

Answer:Spyware blocking Malware tools

Bump
 

1 more replies
Relevance 63.96%

Hi folks, I believe my computer was infected this past Sunday while visiting the official (!) website of the Moscow subway system. I was running ESET and Spybot at the time and I got warnings from both of them all of a sudden. A question from spybot about a persistent registry change led me to reboot, after which the issue seemed to go away. However that evening ESET stopped automatically updating, and when I uninstalled a few days later, thinking that it would be a simple matter of re-installing my antivirus, I realized I couldn't access a number of major antivirus sites, including ESET, Norton, Kaspersky, etc. I searched for files created at the time I visited the Russian website and boom, I found a cluster of obvious malware, including two programs under the names G4P5P0M and qg6cXDm. I deleted them and rebooted, but my access is still blocked. Likewise I've run full scans of Panda Cloud AV, Spybot, and Malwarebytes, but I still can't access ESET and the other antivirus sites. I would really appreciate any help you can provide. My DDS and RootRepeal logs are attached. Finally, to the administrator: I originally posted this issue on another forum earlier today before I decided I would prefer to seek an answer on this board. I asked the administrators of the other forum to disregard and delete the post, because I couldn't delete it myself. Please don't think that I am trying to double-post! :-)Thank you!AndrewDDS (Ver_09-12... Read more

Answer:Malware Blocking Antivirus Sites

Hi atp4849,Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.Download the GMER Rootkit Scanner exe file from here and save it to your desktop.Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.Click on this link to see a list of programs that should be disabled.Disconnect from the Internet and close all running programs.Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.In the right panel, you will see several boxes that have been checked. Make sure the following are unchecked:SectionsIAT/EATDrives/Partition other than C:\ drive (C:\ drive should remain checked)Show All (this one also should be unchecked)Then click the Scan button & wait for it to begin. (Please be patient as it can take some time to complete).When the scan is finished, you will see the scan button appears again. Click Save to save the scan results to your Desktop.Save the file as gmer.log and copy/paste the contents in your next reply.

5 more replies
Relevance 63.96%

Hi,

This is a Windows Xp operating system. Seems to have a load of malware with usual pop ups for "you are infected, please run scan" ads, along with starting explorer and sending to porn sites, and also seems to be blocking most programs (.exe) files from running in regular mode.

I ran all the scans in safe mode. I was able to install them in regular mode. Still seem to have pop ups/malware in regular mode. Pop ups no longer are occuring in safe mode though.

Your help would be much appreciated. Thank you!

Oh this was all run on a user account, but not the administrator. I do not have the admin password at this time. Not sure if itll make a difference or not. Admin was blocking some installation of programs initially.
 

Answer:Malware Infection - Blocking programs

By the way, there are two Malwarebytes files as I ran it twice due to not having hidden files turned off the first time.
 

7 more replies
Relevance 63.96%

My windows update and malware are being blocked from updating. Problems with search engines. Here is my HJT log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:51:31 PM, on 12/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C: ... Read more

Answer:Blocking Windows/Malware updating

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for postin... Read more

2 more replies
Relevance 63.96%

Hi gang.  I have a client that has 5 workstations - all running Windows XP Professional and running Windows 2000 on the server.  Yesterday, they called, complaining that one of the workstations could not connect to the Internet and lost network connectivity.  I went in, brought the system back to my office.  Interestingly, I plugged the system in and had an Internet connection.  I started the system in safe mode with networking and ran the following: TDSS Killer, Rkill, Malwarebytes.  Malwarebytes reported pum.bad.proxy.  It removed it.  I wasn't satisfied with the resolution and googled the malware.  A post from this site suggested running SuperAntiVirus, so I installed and ran that.  It found numerous cookies and tossed them (it tosses its cookies.  :-) ).  A second scan showed clean results.  I checked the LAN settings and they were fine.
 
I returned the system to the client and found that another system was suffering from the same thing.
 
I hooked up the initial system and brought back the second system... same results as the first system above.  I got a call from the client about 20 minutes saying the same thing had happened again.
 
I am now thinking there is something on the server causing the problem as it seems to be the malware is making is rounds throughout the network.  As I mentioned, the server is running Windows 2000 - so I can't load my preferred malware removal softwar... Read more

Answer:Malware blocking network access...

Update: One of the systems that has/had this issue started up fine this morning.  I had this system in my office last night and it connected fine.  I scanned for viruses, including an Avast! boot time scan... no malware.  I brought it back to this office and it's connecting and I have server access.

1 more replies
Relevance 63.96%

Hi
I first encountered connectivity issues a few months back after picking up a Trojan from Google Images. Windows 7 started alarming saying I had been infected with a Trojan and should scan for viruses. I had no protection at the time.
As I could no longer connect to the net I had to use my work PC to find a solution and came across your site. I downloaded AVG, SAS and Malwarebytes and scanned my PC. No infections were found but after the Malwarebytes scan my connection returned.
On two occasions since that time I have switched on my PC to have no connection and scans with Malwarebytes have resolved the issue.
On this occasion however the magic bullet has not worked so I have now followed the read me advice and attached the logs below.

Two points which may or may not be relevant:
When running SAS it stopped scanning items at around the 50 minute mark. It stalled on the item C:\windows\winsxs\install temp. I had to manually close it.

When running combofix the pc rebooted before compiling the report. I was not expecting a reboot.

Thanks
 

Answer:Malware blocking Internet connection

Hi and welcome to Major Geeks, upfront!



When running combofix the pc rebooted before compiling the report. I was not expecting a reboot.Click to expand...

This is normal. The ComboFix below will reboot your machine again.

Now we need to make use of ComboFix by sUBs

Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop but do not run it!
If it is not on your desktop, the below will not work.

Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Open Notepad and copy/paste the text in the below code box into Notepad:

Code:

[COLOR="DarkRed"]KillAll::[/COLOR]
[COLOR="DarkRed"]RegLock::[/COLOR]
[HKEY_USERS\S-1-5-21-2423181418-2568429119-3599355337-1000\Software\G*e*n*i*e*"!\FM Genie Scout 11]
"GameDir"="c:\\Users\\Kevin\\Documents\\Sports Interactive\\Football Manager 2011\\games"
"ShortlistDir"="c:\\Users\\Kevin\\Documents\\Sports Interactive\\Football Manager 2011\\shortlists"
"FMPath"=""
"ScreenshotsDir"="c:\\Users\\Kevin\\Documents\\Sports Interactive\\Football Manager 2011"
"SaveDir"="c:\\Users\\Kevin\\Documents\\Sports Interactive\\Football Manager 2011\\"
"HistoryDir"="c:\\FM Genie Scout 11\\History Points"
"LangDB"="c:\\FM Genie Scout 11\\lang_db.dat"
"LastSaveGame"="c:\\Users\\Kev... Read more

9 more replies
Relevance 63.96%

Hi- My thread was closed, I guess, because I didn't supply you with the reports from DDS and GMER. But this is the reason for my post. I am receiving the message: "The application or DLL C:\WINDOWS\system32\invual.dll is not a valid windows image. Please check this against your installation disckette."

I have downloaded DDS and GMER. DDS won't run because I continuously receive the above message (invalid windows image) which requires me to click OK--over and over again. DDS, thus, does not provide me with the report. I also attempted to run GMER--unchecked the settings per the instructions (Show all appears in back of the scan, save buttons) but when I got to click SCAN---it doesn't click.
I believe that script blocking is enabled but am not 110% sure. I have AVG running and have turned off Spybot S&D.

I am not very tech-savvy but am able to follow the instructions. Unfortunately they aren't working for me.
Previously, I did run HJT and believe that I have identified the bad files but have made no attempts at fixing them.
Please help?
Very much appreciated!

Answer:Malware blocking DDS and GMER from running

Hi -

Try using this copy of DDS

http://www.techsupportforum.com/atta...-steps-dds.zip

For GMER, try this:

Let's try this special version of gmer.


Download GMER Rootkit Scanner from here to your desktop. Double click the exe file. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

19 more replies
Relevance 63.96%

Hi. For the past couple of days I have been getting blocked attempts from ip addreses in china, it says svchost - which i believe is in my windows?Im not sure how svchost is connected to the blocked attempts but im guessing if its in windows, that this isnt a good thing!I have done a full scan of malware bytes and it shows no infections and i also did a free scan from macafee and again, nothing.Its a new ultrabook and the anti virus trial finished, so for a couple of days i was without any protection, other than Malware bytes which i regular checks etc.Also I had Chatzum randomly come as my search bar, and a chatzum_nt application, i deleted the app into recyle bin and then deleted it - but there are probably some traces as ive read that also goes in registry...OK thats a lot of problems, i know.1- any info on how to remove these would be great and if its a simple job for a local computer shop to do and to be trusted to do fully?2- Can these attempts access my financial info as i have been online banking stupidly thinking nothing of the alerts?3- Should i stop using the internet, or is it ok to use non financial services online etc? Many thanks and sorry for sp as its very late in UK.

Answer:Malware byes blocking incoming ips

Try SuperAntiSpyware free from this link: http://www.superantispyware.com/It is good at sorting out browser problems. Please reply and let us know if our help worked. Your feedback helps others. Maybe you?

49 more replies
Relevance 63.96%

Hi. I am running Windows XP. I had no problems until today after I disabled adblock on a website. This led me to be redirected to some security thing. I enabled Malwarebyes Anti-Malware real time protection and since then I have been having constant pop ups telling me its blocked outgoing/ingoing IPs.
Some of them are from China such as 222.186.13.71 I also received an incoming one from Doha 178.152.15.122. I'm not sure if this might be caused by my uTorrent as I always have it on and seeding. Malwarebyes Anti-Malware full scan came up with threats but those are just trainers for games installed on the computer and do not do anything. I have had those trainers installed for a while. What do I do? I have not been redirected recently only that one time.
 
 

Answer:Malwarebyes Anti-Malware keeps blocking IPs

Update: I just shut down uTorrent and so far no pop ups about blocking IPs. I'll keep uTorrent off for a while and see if any pop ups happen. I'm still a bit worried as I was redirected that one time.

3 more replies
Relevance 63.96%

Hi,

Would hugely appreciate help with this!!

Infection on my XP Pro SP3 machine is blocking .exe files -- they simply dim when double-clicked. When I double-click another .exe, it dims and the previous one undims.

I cannot boot to safe mode because the malware causes a huge delay following POST, and by the time I get control back it is too late for F8.

I cannot launch Chrome but for whatever reason, I can use IE no problem, surfing to any site I want.

I ran as much as I could from the list of requested apps, but could not unzip GMER since expander is an .exe file. Here is the DDS file:
DDS (Ver_10-12-12.02) - NTFSx86
Run by Chris at 17:40:36.14 on Mon 01/17/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.163 [GMT -6:00]

AV: AVG Anti-Virus Free *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AV... Read more

Answer:Infected w/unknown malware blocking exe's

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting... Read more

2 more replies
Relevance 63.96%

Have tried a combination of OnlineArmor (*.sample.com) and Avast (http://.sample.com*) url blocking, along with MalwareBytes (protection enabled) to stop spyware/malware etc.

But, they still some come thru (I guess) with changes of domain prefixes (please excuse the lack of terminology knowledge) etc.

SuperAntiSpyware offers a service for blocking, but not sure how they would stop such malware/spyware improvisation.

Any suggestions on how to do simply/affordabley (preferably free) ?
 

Answer:Use of url blocking, to stop spyware/malware, etc ?

If you suspect malware is present then you should follow these instructions.

READ & RUN ME FIRST. Malware Removal Guide
 

9 more replies
Relevance 63.96%

I have successfully run Combofix, cleaning up numerous problems with my system, however my computer still claims there are no wireless networks in range when I know for a fact there are at least four. I'm under the impression that whatever has infected my computer is still blocking my connection. Pulling up the WTM, processes show there are two iexplore.exe files running invisibly in the background. Ending the process shuts it down for all of two seconds before it pops back up. I can't find where it's originating from. If anyone knows anything that could help me I would greatly appreciate it. Thank you

Answer:Internet Blocking Malware? What is this/ Moved

Hello bhvirgil and welcome to BC As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.PLEASE DO NOT NOW POST LOGS unless a log is specifically requested.I have successfully run CombofixPlease note that ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Running ComboFix by yourself is like performing open heart surgery on yourself--the scalpel and other surgical tools that is ComboFix is meant to be wielded by a highly trained surgeon only in emergencies or dire circumstances. When the surgeon is thru s/he leaves the room. So combofix should be removed from a system once it has accomplished its job, unlike an AV that is there to protect you from future infections.. . . CF does make some alterations to your system if you run it. Even if you had no malware removed and run the uninstall command, some things may be different now on your system. I can tell you that one thing is that all your restore points will be flushed out and a new one created. There is a good reason to do that when you have a severe infection--but if you ... Read more

2 more replies
Relevance 63.96%

i recently was having problems with every part of my laptop it seems and my AVG said all was good but a friend suggested Avast and he was a professor for ITT. I loaded that and Malware Bytes then upgraded to the pay version of both and ran the scans which Malware found several trojans ect. Since then neither has not a one virus or anything in the quarantine areas but constantly I do see a window at the bottom right saying Malware has successfully blocked a incoming threat. when I check the logs here is what I get and it is blocking a outgoing port IP but at the end says Avast.exe are they conflicting with each other?? Please help me determine what's wrong.
Thank you

Answer:Is my Malware blocking my Avast security?

Simple answer to your question.. yes they are conflicting with eachother. It is only recommend to have ONE live scanner on your computer. I would suggest removing AVG, Avast and keeping the paid version of MBam as your antivirus since it provides active security.

4 more replies
Relevance 63.96%

I am getting a block popup . Oh there it is again. 221.192.199.49
Malwarebytes is stopping it. I searched and found that this is coming from China, and alot of people are getting the same. Kind of annoying. Is there any thing i shoul do?
 

Answer:Solved: Malware bytes blocking 221.###.###.##

No, just keep Malwarebytes blocking it. Port scanning is most likely what is going on; you have the security going, so nothing you should do.
 

3 more replies
Relevance 63.96%

Have an XP machine that suddenly stopped:- updating AVG 8.5, stating no internet connection- allowing access to cnet downloads, bring up a Google search and redirects clicked entries to other sites- blocks access to most PC help sites including bleepingcomputer, cnet, pctools, etc....Ran rkill and MBAM, nothing foundRan Stopzilla- found >15 trojans and loaders - sucessfully deleted all but did not fix problemRan TDSSKill - nothing foundGMER freezes up so I can't run it****** DDSDDS (Ver_09-12-01.01) - NTFSx86 Run by Admin_2 at 14:29:10.45 on Thu 03/04/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.519 [GMT -5:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exesvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\SaflokV2\Engine\Bin\ibguard.exeC:\Program Files\SaflokV2\Engine\Bin\ibserver.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exeC:\WINDOWS\system32\lxducoms.exeC:\Program Files\Nitr... Read more

Answer:Unknown Malware Blocking Bleepingcomputer.com

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

2 more replies
Relevance 63.96%

*Brief history* Sometime ago my PC was infected with Vundo. It was a horrible experience that I couldn't fix which ultimately led to a complete HD wipe, reformat, and reinstall of everything. I own my own business and easily lost 3 days of work due to this infection. I believe this Vundo problem stemmed from an SVCHOST.EXE file that was somehow tainted and introduced a whole gamut of problems to the computer I was using at them time.

*CURRENT PROBLEM* I'm now on a new computer running Windows 7 and to my horror received an alert from AVG that my firewall detected a malware problem from C://windows/system32/SVCHOST.EXE. Fortunately, this issue was blocked by the firewall but now the firewall is in a constant blocking mode for this file every few seconds, as noted in the firewall log.

I know that SVCHOST.EXE services are a necessary part of Windows but I'm hugely concerned that I'm on the cusp of a new infection. I would greatly appreciate some direction on how I can remove this threat.

Thank you in advance for your assistance.

Answer:SVCHOST.EXE firewall blocking every second - possible malware

This is still an issue and I would very much like any help that can be provided.

Thanks again!

1 more replies
Relevance 63.96%

I've picked up an infection this morning that it appears a few others have as well. Initially it featured processes including b.exe amongst others and reg keys for Monopod. It has disabled my virus scanner, Symantec AntiVirus amongst other problems. I've followed the Removal Guide as much as it will let me.

Steps 1-5 of the removal guide were no probs, but the program seems bent of preventing me following the Windows XP Cleaning Procedure.

SuperAntiSpyware - Started scan, the program just disappeared.
Attempting to reopen gives - Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item. Alternate startup gives no sign of action.

Malwarebytes Anti-Malware - Started preparing for scan then died.
Attempting to reopen gives - Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.

ComboFix - Got to attempting to create restore point then died. I can start this one up again multiple times, but with the same result.

RootRepeal - Got further than any of the other programs, was scanning windows directories and died.
Attempting to reopen gives - Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.

MGtools - Started, but seems to stop mid-way through the process. Having checked other zip files, it seems like mine is not able to call all the pieces it needs.... Read more

Answer:Malware blocking cleaning tools

Welcome to Major Geeks!

I'm going to give you some steps to follow. You MUST follow these steps exactly and they MUST be performed in the order written. I suggest that you read thru all of it first before running any steps.

Download The Avenger by Swandog46, and save it to your Desktop.
Extract avenger.exe from the Zip file and save it to your desktop but DO NOT RUN IT.
Now download and save the below two files to the root folder of your Windows boot drive. Normally this would be drive C. If you do this correctly, you will then see C:\MGtools.exe and FixAVP.exe You need to redownload this MGtools file because it is a new version. Just overwrite your previous version.
MGtools
FixAVP

Now run MGtools.exe by following the instructions given here Using MGtools which will help your understand how to run it and what will happen. You don't need to worry about attaching the MGlogs.zip file that it mentions yet because we have more to do and new log will be obtained later.
Now run the FixAVP.exe file by double clicking on it. This will attempt to automatically run Avenger (which you downloaded above) and it should also try to reboot your PC so don't be alarmed when this happens.
After Reboot, and if all goes well, a new scan by MGtools should automatically take place because Avenger will try to run C:\MGtools\GetLogs.bat which will begin all the scans again.
When GetLogs.bat finishes running, there will be a new C:\MGlogs.zip file and now it will be time to attach i... Read more

6 more replies
Relevance 63.96%

Any help is greatly appreciated, thanks!

Inability to install AVG 9.0 because of Malware Defense.

I've utilized the great Bleeping Computer thread about running the kill program step by step, but to no avail.

When I run Malware Bytes now, it doesn't pick up anything.

So I started over, and when I try to install AVG 9.0, it still say "potentially incompatible software found" in the way of Malware Defense. It's of course not in Add/Remove Programs like AVG suggests in finding and removing.

More replies
Relevance 63.96%

I installed MalwareBytes because I was getting Exploder redirects.
and I installed IE9 and they added a download manager, well the manager never finishes the download, it stops at 99%
the only way to finish the download was to exit IE and open it again, restart your download but then view downloads,
this displays the processes, then click resume.

The Protection Logs shows many of these lines with different ports listed..

16:00:35 IP-BLOCK 212.95.32.134 (Type: outgoing, Port: 51028, Process: rundll32.exe)

I ran rkill and it did not find anything, I installed Superantispyware and spybot, they did not
find anything but cookies.

Any ideas on what this is?

Answer:Malware Bytes popup about blocking and IP

Reverse IP Lookup shows

cool-search-engines.com
filmstry.com
really-cool-search.com
I ran a WHOIS in the IP

inetnum: 212.95.32.0 - 212.95.35.255
netname: NETDIRECT-NET
descr: Leaseweb Germany GmbH (previously netdirekt e. K.)
remarks: INFRA-AW
country: DE
admin-c: WW200-RIPE
tech-c: SR614-RIPE
status: ASSIGNED PA
mnt-by: NETDIRECT-MNT
mnt-lower: NETDIRECT-MNT
mnt-routes: NETDIRECT-MNT
source: RIPE # Filtered

person: Wiethold Wagner
address: Leaseweb Germany GmbH (previously netdirekt e. K.)
address: Kleyer Strasse 79 / Tor 14
address: 60326 Frankfurt
address: DE
phone: +49 69 90556880
fax-no: +49 69 905568822
abuse-mailbox:
nic-hdl: WW200-RIPE
mnt-by: NETDIRECT-MNT
source: RIPE # Filtered

person: Simon Roehl
address: Leaseweb Germany GmbH (previously netdirekt e. K.)
address: Kleyer Strasse 79 /Tor 14
address: 60326 Frankfurt
address: DE
phone: +49 69 90556880
fax-no: +49 69 905568822
abuse-mailbox:
nic-hdl: SR614-RIPE
mnt-by: NETDIRECT-MNT
source: RIPE # Filtered

route: 212.95.32.0/20
descr: ORG-nA8-RIPE
origin: AS28753
org: ORG-nA8-RIPE
mnt-lower: NETDIRECT-MNT
mnt-routes: NETDIRECT-MNT
mnt-by: NETDIRECT-MNT
source: ... Read more

8 more replies
Relevance 63.96%

Hi All.

We have just installed an appliance on our network at work for monitoring Internet usage and blocking access to selected sites. The appliance is iPrism by St. Bernard.

One of the categories of sites that can be blocked is Malware sites - those known for spyware, adware and other nasties. We, of course, set the appliance to block those sites.

I would like to test the appliance to see how effective it is at blocking malware sites. So, my question, does anyone know of any sites notorious for adware or spyware? I'd like to see if the appliance actually blocks me if I try to go to those sites.

It seems like no matter how tightly we lock down the end users' desk-tops, spyware and adware gets on the machines. It is becoming a real support headache.

Thanks.
 

Answer:Test for blocking malware sites???

9 more replies
Relevance 63.96%

BIG Problems here. I tried to follow BLeeps directions on using RKILL and TDSKiller by first starting in SAFE Mode with F8. I can get there and once trying to boot in SAFE mode, I get the BLUE screen with codes at bottom and says that the system and been stopped to prevent damage. Thanks for your help here!

Answer:INFECTED Malware- Shut down-blocking

Hello stonemanjr I will be helping with your computer problems.From this point on, it is very important that you refrain from doing anything else to your computer other than what I have requested of you.I do not mind if you browse the web, do basic tasks, or even test to see if the problem(s) you are experiencing are still occurring with the computer while we are working together, but do not run any tools/fixes unless I or another helper from this thread has asked you to do so.Remember that you came here for help, so allow us to help you If something does not run, make a detailed note of what problems you encountered along the way (exact error messages are preferred), but continue onto the next steps until you reach the end of my post.Always do the steps they are listed in (left to right, top to bottom).I prefer that you complete all the steps while you are in Normal Mode. However, I understand that sometimes this is not possible. If you are unsuccessful in getting a tool/fix to run from Normal Mode, but Safe Mode works, then use Safe Mode.If you have a question about something, do not hesitate to ask.Let's begin: Please download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options.To enter System Recovery Options from the Advanced Boot Options:Restart the computer. As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears. Use the arrow keys to select the Repa... Read more

3 more replies
Relevance 63.96%

Hi,I think i have got a infection on my pc and I can't get rid of it. I have been running Eset for some time now and haven't had any problems so far.I logged on to the computer yesterday and started getting messages saying eset had blocked access to webpages and ip address very similar to a previous post (http://www.bleepingcomputer.com/forums/topic330759.html) except its blocking websites like lkolha71gg.cc 213.163.89.106:80 and a74232357.cn 213.1163.89.107:80eset found 8 files on a full system scan that have been moved to quarantine that were found in documents and settings\dean\application data\sun\java\deployment\cache\6.0\ (invarious folders)I have run malwarebytes anti-malware and eset again and no threats have been found despite the computer still blocking various web sites.I have put the dds log on here, but when i run the GMER file after about a hour and a half the compter crashes and boots back tot he windows welcome log on screen so i can't attach that log. I feel like I'm stuck.any help would be great and really appreciated.thanks in advanceDDS (Ver_10-03-17.01) - NTFSx86 Run by Dean at 17:45:18.00 on 23/07/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1983.1434 [GMT 1:00]AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}===... Read more

Answer:Eset blocking web sites possible malware?

Hello !Potter!Welcome to BleepingComputer ==========================Download the following GMER Rootkit Scanner from HereDownload the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on RunIt may take a minute to load and become available.If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKEDIAT/EATDrives/Partition other than Systemdrive (typically only C:\ should be checked)Show All (don't miss this one)Then click the Scan button & wait for it to finish.Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.Save it where you can easily find it, such as your desktop**Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entriesClick OK and quit the GMER program.Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.Post that log i... Read more

21 more replies
Relevance 63.96%

Following on from a thread in "Am I infected? What do I do?" (can't post the URL as I'm browsing through a proxy - this website is one of the ones that's blocked - so hopefully you can find it in my recent posts).
As I wrote there:
On Windows 7. Most malware-removal-related sites are blocked, this one included, along with various news sites, Facebook, Amazon and others (some come and go, some only partly load, some are blocked completely and permanently, as if the server were down).
This started when a rogue Flash plug-in installed an executable in C:\ProgramData (bin2dbex).
Any help would be appreciated. I ran RKill and Rootkit Remover (McAfee) and nothing came up.
Cheers,
Andy
Edit: oh, it also hides all hidden and system files every time I turn my laptop on.
Edit again: hosts file is clean.
FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Andy (administrator) on ANDY-LAPTOP on 21-06-2015 00:23:42
Running from C:\Users\Andy\Desktop
Loaded Profiles: Andy (Available Profiles: Andy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\Opera\Opera.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process wi... Read more

Answer:Malware blocking access to certain websites

Hello aphw,my name is Jo and I will help you with your computer problems.Please follow these guidelines:Logs can take a while to research, so please be patient.Read and follow the instructions in the sequence they are posted.print or copy & save instructions.back up all your private data / important files on another (external) drive before using our tools.Do not install / uninstall any applications, unless otherwise instructed.Use only that tools you have been instructed to use.Copy and Paste the log files inside your post, unless otherwise instructed.Ask for clarification, if you have any questions. Stay with this topic til you get the all clean post.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.***Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.Vista / Windows 7/8 users right-click and select Run As Administrator.A Notepad document should open automatically called checkup.txt; please post the contents of that document.***Please download Malwarebytes Anti-Rootkit and save it to your desktop.Be sure to print out and follow the instructions provided on that same page.Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.Scan your system for malwareWith some infections, you may see two messages boxes.'Could n... Read more

14 more replies
Relevance 63.96%

I have a laptop with a bad case of malware, it cannot get an active internet connection.I've run malwarebytes, although could not update to the newest .dat files, still on 4/10 I believe. It did find and remove some items, one found was vundo, which i've removed in the past, but this seems to be latched on worse than ever.I cannot get an internet connection through the cat5 connection or a wifi connection, I am getting 169.x.x.x ip's on both connections, 3 different physical networks tested. I get a link light, but no actual connection.I've attached the DDS file for reference, here is the actual log:Thank You, Thank You, THANK YOU!!!!! DDS (Ver_10-03-17.01) - NTFSx86 Run by compaq at 11:29:24.90 on Thu 07/08/2010Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_15Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3061.1679 [GMT -4:00]AV: *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}FW: *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvc... Read more

Answer:Malware blocking internet traffic- Help!

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.I order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is ... Read more

4 more replies
Relevance 63.96%

I extremely often get a avast message saying malicious site blocked even when I didnt go to it.
It says the object came from 199.80.55.19/go.php?uid=47196&suid=179829&data=xgxft2HDjxUP
Infection: URL:Mal
Action: Blocked
Process: c:\windows\system32\svchost.exe
nothing bad has happened except its really annoying. I dont know if someone is trying to communicate with my computer with bad intentions, or its a random act of bad intentions.
My hijackthis log said this: (I didnt stop any programs and I didnt stop avast because its the only thing stopping me from the malware to activate, so if i was supposed to stop any programs, i didnt)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:41:37 PM, on 4/10/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows&... Read more

Answer:Avast keeps blocking Malware Site

Nevermind I removed it by first downloading the new service pack for vista, using ATF cleaner, then using a program i found on here called aswMBR and it scanned for the virus, removed it, then when I rebooted using malwarebytes, (a malware scanning removing tool) and removed a file in my application data folder.
Now im clean.
Supposably I had some sort of fake alert virus, and a rootkit malware/trojan i forgot what it was.

2 more replies
Relevance 63.96%

For the past month I have been attempting to remove a virus that is blocking my access to Microsoft.com, Anti-Virus websites and some others. I have used numerous removal tools to no avail.

Below is my HiJack-This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:47:10, on 24/08/2009
Platform: Unknown Windows (WinNT 6.01.3004)
MSIE: Internet Explorer v8.00 (8.00.7100.0000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\dinotify.exe
C:\Program Files\Mozilla Firefox\fire... Read more

Answer:Malware Blocking Microsoft.com And AV Websites

Bump, anyone able to help?
 

3 more replies
Relevance 63.96%

I think I had this question in the wrong area so here goes:
i recently was having problems with every part of my laptop it seems and my AVG said all was good but a friend suggested Avast and he was a professor for ITT. I loaded that and Malware Bytes then upgraded to the pay version of both and ran the scans which Malware found several trojans ect. Since then neither has not a one virus or anything in the quarantine areas but constantly I do see a window at the bottom right saying Malware has successfully blocked a incoming threat. when I check the logs here is what I get and it is blocking a outgoing port IP but at the end says Avast.exe are they conflicting with each other?? Please help me determine what's wrong. Here is what is printed 50 plus times on each log and they are rapid fire!
17:31:20 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50785, Process: avastsvc.exe)
17:31:21 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50788, Process: avastsvc.exe)
17:31:21 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50790, Process: avastsvc.exe)
17:31:21 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50791, Process: avastsvc.exe)
17:31:21 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50792, Process: avastsvc.exe)
17:31:21 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50793, Process: avastsvc.exe)
17:31:21 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50794, Process: avastsvc.exe)... Read more

Answer:Is my Malware blocking my Avast security?

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C... Read more

8 more replies
Relevance 63.96%

I work at a local computer repair shop and in the last week I have recieved three computers in for virus removals. Virus removals are usually a piece of cake, but these are different. None on them can access the internet with any browser. Wireless or hard wired. Ethernet or USB adapter. They are all obtaining an IP address but still no internet. I need to update all the definitions!

Is there a new virus out that is causing this? Any help would be great!

Answer:Malware Blocking Internet Access

I have now manually updated and ran Malwarebytes, Spybot, Combofix, and Avast. All scans were done in safe mode and I even ran an Avast boot time scan.

I am still having issues connecting to the internet. Again, it doesn't matter what operating system it is, or how it's connecting to the internet. I can even ping any website I want...

Anyone?

2 more replies
Relevance 63.96%

Possible MBR infection that persisted from windows 7.
 
Symptoms:
 
Pandora plays for a about 5 seconds normally and then skips 30-50 seconds at a time
 
When a program tries to download new information, the download process is stopped and the content is deleted
 
Windows Defender and security updates are disabled
 
System Restore does not function, getting error 0x80070005
 
Disrupting the connection to this website
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by No (administrator) on DIEWUN8 on 22-01-2015 20:09:19
Running from C:\Users\No\Downloads
Loaded Profiles: No (Available profiles: No)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Wind... Read more

Answer:Malware blocking Dl's, flash, and security

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-22 20:09 - 2015-01-22 20:09 - 00044535 _____ () C:\Users\No\Downloads\FRST.txt
2015-01-22 20:09 - 2015-01-22 20:09 - 00000000 ____D () C:\FRST
2015-01-22 20:08 - 2015-01-22 20:08 - 02126848 _____ (Farbar) C:\Users\No\Downloads\FRST64.exe
2015-01-22 19:50 - 2015-01-22 19:52 - 00002198 _____ () C:\Users\No\Desktop\Rkill.txt
2015-01-22 19:50 - 2015-01-22 19:50 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\No\Downloads\rkill.com
2015-01-22 19:43 - 2015-01-22 19:43 - 00000197 _____ () C:\Windows\system32\2015-01-23-00-43-05.033-AvastVBoxSVC.exe-3752.log
2015-01-22 00:54 - 2015-01-22 00:54 - 00347484 _____ () C:\Users\No\Downloads\with+brani+to+lhs+564+to+pices_1421905991.vap
2015-01-21 17:20 - 2015-01-21 17:21 - 00000197 _____ () C:\Windows\system32\2015-01-21-22-20-40.079-AvastVBoxSVC.exe-4420.log
2015-01-20 20:01 - 2015-01-22 19:37 - 00000000 ____D () C:\Users\No\AppData\Local\Slopey.com
2015-01-20 20:01 - 2015-01-22 02:48 - 00000000 __SHD () C:\Users\No\wc
2015-01-20 20:01 - 2015-01-20 20:03 - 00000000 __SHD () C:\Users\No\AppData\Roaming\wyUpdate AU
2015-01-20 20:00 - 2015-01-22 19:37 - 00000000 ____D () C:\Users\No\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slopey's ED BPC
2015-01-20 20:00 - 2015-01-22 19:37 - 00000000 ____D () C:\Program Files (x86)\Slopeys ED BPC
2015-01-20 20:00 - 2015-01-20 20:00 - 00001943 ____... Read more

3 more replies
Relevance 63.96%

Hi ive been having alot of trouble with a malware that is blocking my computer from fixing it. It disabled system restore and antivirus updates. It also redirects me while browsing the internet. I have tried avast, malwarebytes, and avira. sometimes they detect 1 or 2 files but deleting them has not fixed the problem yet. antivirus updates and system restore is still disabled. it even tried stopping me from posting on this website.
 Attach.txt   10.13KB
  0 downloads
 gmer.log   148.07KB
  2 downloadswhen i try to post the dds scan it wont let me post on this website, so im forced to skip this step for now.it disables my connection when i try to attach the dds.log or post its contents. if there is a way to get around this and show you the contents please tell me and i will do it.im still checking back on this daily if somebody wants to try and help me.EDIT: Posts merged ~BP

Answer:Unkown malware blocking antivirus

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not d... Read more

2 more replies
Relevance 63.96%

http://forums.techguy.org/windows-vista-7/851509-vista-administrator-problem.html

In the Vista forum at the link above, I posted a problem I was having where it seemed that I didn't have administrator privileges even though I'm logged on as an admin. It was suggested to me that I might have some kind of malware infecting my laptop, so I'd appreciate any help. I copied my HijackThis info below. I should also note that when I tried running HijackThis, I got an error message saying "for some reason your system denied write access to the Hosts file". It then instructed me to run HijackThis as an administrator and I was able to get a log file. Any suggestions? Thanks in advance for any help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:35 PM, on 8/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Google\GoogleToolbarNotifi... Read more

More replies
Relevance 63.96%

This virus seems to be slow when the computer starts. As soon as the browser window is opened, it seems to kick in full throttle. Closing the browser window does not slow this virus down and block the CPU almost 100%. I tried scanning with Ad-aware, avast, spybot; Spybot removed some cookies and that was all. I still see the issue. Here is the Hijackthis log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:08:32 PM, on 4/15/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\WLTRAY.exeC:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:... Read more

Answer:Trojan/Virus/Malware blocking CPU

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

10 more replies
Relevance 63.96%

Hi. My problem is that, after a bout of some nasty adware/spyware/trojans, I can't get windows to accept that I actually have a working ethernet card. I've tried updating the drivers, but that didn't help.

I was wondering if maybe there is something I missed? This is my hijack this log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:08 AM, on 11/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet ... Read more

More replies
Relevance 63.96%

I am working on my Son's computer.  Initially we noticed that "automatically detect (proxy) settings" was unchecked and proxy settings had been set.  On changing these settings they would revert back.   I could go into safe mode and change the settings ... as soon as I booted into normal mode the settings would be changed back.   So I posted here ... http://www.bleepingcomputer.com/forums/t/588730/malware-changing-the-proxy-settings/#entry3806100
 
these solved the settings being changed.  However, the computer still will not go online in either chrome or IE in normal mode AFTER the startup is complete.  It will if I open them quickly but then it will give me the error message that network access is denied.
 
So I was instructed to do some other things and post here.   This was run in safe mode... 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015
Ran by Tiara (administrator) on TIARAS-COMPUTER (03-09-2015 22:40:42)
Running from C:\Users\Tiara\Desktop
Loaded Profiles: Tiara (Available Profiles: Tiara & Administrator)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entr... Read more

More replies
Relevance 63.96%

I have a malware thats blocking the use of anything on my comp , including hjt, unless im in safemode. Any help or suggestions?
 

Answer:Malware program blocking the use of hjt can i get help to get hjt up and running?

Bump
 

2 more replies