Computer Support Forum

W32/Trats!inf gone from bad to worse

Question: W32/Trats!inf gone from bad to worse

Hi, I was wrestling with an infection of W32.trats!inf on a laptop - Windows XP home.

Norton Antivirus keeps finding it and has been unable to get rid of it, so I was attempting to remove it manually.

vtstr.dll is in the Windows/system32 folder along with various registry entries related to it

I just tried to boot into safe mode, and it now will not log in and says "Unable to log you on because of an account restriction" in both safe and normal boot modes

Any suggestions?

Thanks!

Relevance 100%
Preferred Solution: W32/Trats!inf gone from bad to worse

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: W32/Trats!inf gone from bad to worse

16 more replies
Relevance 47.97%

My icons are disappearing
The computer is running slow
Viruses have completely taken over my computer
I am going through financial difficulties right now and would REALLY appreciate help.
I understand computers therefore I can take direction fairly well..
Just please tell me what I need to do.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:43 AM, on 5/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\svcd\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDO... Read more

Answer:It's Getting Worse & Worse. PLEASE. I cannot afford to bring it anywhere:( LOG INSIDE

7 more replies
Relevance 47.97%

Hi all,

I started the day on a high note, before turning on the computer that is, thinking I was going to get some things done. This was not to be: So we start at:

FAIR:
After XP loaded it said that it had recovered from a serious error Product ID _251... so I did some digging around and got some info from microsoft's web pages complete with registry fixes (deleting bad entries, etc.)

I did a quick scan with malwarebytes and it found some stuff that I deleted and when I did a restart it didn't come up correctly.

Went into safe mode and it came up.
(made a HUGE mistake here. Did not copy files I wanted to save when I had the opportunity)
Closed out of safe mode and let it start normally.
Would not boot normally.
Tried to boot in to safe mode and now its recycling back to POST, we have gone to...
BAD:
Hmmm. So I thought how about putting the XP disk in and then do an install leaving file system intact.
When I got to the point of doing the install I chickened out because it said that it might delete the My Documents folder (had some things in there I didn't want to lose) I've done this procedure before and perhaps I should have taken the second opportunity to recover gracefully but I did not.

I hit F3 to cancel out of the install to try and boot from my other HD that has XP (but with some driver issues that I had yet fixed.)

I went into the CMOS to change boot order and notice that the hard drive (the one that I was trying to boot into is not showing ... Read more

Answer:HD/Filesystem prob:Went from fair to bad; then to worse, much worse

Test the HDD with the drive manufacturers disk tools (preferably using a different PC). Run the short and long tests. If either test fails or has errors, the drive is faulty.

4 more replies
Relevance 46.33%

i've had verizondsl for about half a year or so now, and from last month to present, the connection has been horrible.. sometimes it would just hang for up to a minute at a time, with the modem activity light blinking slowly (loss of connectivity).. before it started, speeds were decent, and although slow compared to the optimum cable i was used to, it was sufficient. now it's just pure garbage. if it weren't for the fact that we're getting free cable, i would immediately switch to roadrunner

i figure asking you guys is probly much more helpful than those scripted outsourced fools at tech support. i tried all that "reset your modem" "unplug the ethernet cord" "make sure you're computer is on" crap already and would like some REAL answers..

PS- at my old house, we used to have verizon as well, and after a while it just stopped all of a sudden and when we called to see what happened, they said since there was construction in the area, they must have switched our phone line over to one with a further CO, and we were now too far to service. verizon is teh gay.
 

Answer:verizondsl getting worse and worse speeds

Well try plugging the modem into the demark jack if you have one (by where the phone line comes into your house). See if this still happensl. If it doesn't maybe something happened to your internal phone lines. (this probalby won't be the issue I'm betting).

Beyond doing that phone your ISP and get them to file a support ticket or whatever they call it there. When I was having trouble with my DSL connection a couple years ago I phoned up, they sent a guy from the telephone company to test the line and they replaced a device at the CO and the connection has been perfect ever since.




The [H]orde needs You!
 

15 more replies
Relevance 46.33%

I bought a Think Pad in April last year which does not start anymore, no lights,nothing.I wanted to send it back to Lenovo for guarantee.Ther ist only ONE problem, there is no sticker on the laptop which shows me the serial numer. Obviously there supposed to be on, but it is missing!!!I do have the invoice which shows the purchase date, but no serial either.I already quit wasted some time to with this bull**bleep**, I hopefully do not need a layer for that.Here you see the last response of the "support" manager -Dear Michael Mueller,Unfortunately I have to inform you that you have no guarantee for this machine.Repair of machines that do not have a sticker can only be carried out by a Lenovo service partner.Lenovo Service Partner:https://pcsupport.lenovo.com/de/de/serviceproviderIf you have any further questions about this service case, please send us an e-mail to [email protected] or call us on the free phone number DE 0800 - 500 4618 / AT 0810-100-654 / CH 0800-55-54-54. Lenovo regularly conducts customer surveys on service quality.If you are selected, please take a few minutes to answer the questions.We thank you in advance.  Yours sincerely, Davor KrpanLenovo Technical Support IBM Hrvatska d.o.o. za proizvodnju i trgovinuMiramarska 23, 10 000 Zagreb, HrvatskaUpisan kod Trgova?kog suda u Zagrebu pod br. 080011422Temeljni kapital: 788,000.00 kuna - upla?en u cijelostiDirektor: ?eljka Ti?i??iro ra?un kod: RAIFFEISENBANK AUSTRIA d.d. Zagreb,... Read more

Answer:guarantee handling - bad worse than worse

I just forgot to mentioned, that the purchase was done through the Leonovo online shop itself -  VERSANDBESTÄTIGUNG Ihre Bestellung wurde versendetSehr geehrte(r) Michael Müller,vielen Dank für Ihre Bestellung im Lenovo Online-Shop, der von Digital River unterstützt wird.Die folgenden Produkte wurden versendet.Bestelldatum14. April 2017Bestellnummer23856585462Tracking-nummer1ZAF68846704024055Folgende Artikel wurden versendet: BestellmengeProdukt-SKUProduktnameVersandmengeVersandmenge gesamtBetrag120J1CTO1WWThinkPad 13 2G11800,52EURWenn Sie per Kreditkarte bezahlt haben, wurde Ihre Karte nun belastet.

1 more replies
Relevance 46.33%

Initially it was Edge not working properly, now it mostly crashes. Even the new "amazing" feature of tab previews doesn't work properly. Imagine, I moved back to Chrome after so many years of being a happy IE user. Cortana was a bit iffy with "Hey Cortana". Now she doesn't listen to what I say at all, even when I press the button. The notification center has its own mood. Often decides to hide until I restart for absolutely no reason at all. Same goes for the sound volume and other flyouts on the desktop.
In short, there is massive degradation of various major features with every new build. And since I post all the issues I find using the feedback app, I know it is not just me experiencing these things. This is disastrous.
So, is it just me or you experience similar issues yourself?

Answer:Is it just me or does Windows 10 get worse and worse with every new build?

It's just you.

10 more replies
Relevance 46.33%

Hi everyone,
My bottom fan on my PC was being very loud, so I opened up my case and unplugged the power supply, and flicked off the power switch on the back. I unscrewed the bottom fan and dusted it a little bit, and then I put it back together how it was before.

The part that I unscrewed also contained my hard drive, and now that it is reseated I cannot boot.


At first I got an error when booting:
Loading operating system . . .
disk boot failure, insert system disk and press enter.

THEN, I tried making sure everything was connected well and tight, and now I am not getting anything displayed on my screen.

Apologies for the lack of knowledge and thanks for the help.

Jeremy
 

Answer:Boot problem, getting worse and worse

It is possible that when you removed the fan and hard drive, you plugged the hard drives SATA cable into a different SATA port on the motherboard. Get into the bios, and make sure that the hard drive is being detected properly
 

1 more replies
Relevance 46.33%

I was curious if anyone out there knows anything about this...

I have a self-built computer, three years old now...and day by day it's getting worse and worse!

AMD Athalon XP @ 1.1 GHz
512MB PC2700 DDR-SDRAM
Windows XP Pro.
Radeon 9500 Pro. 128MB DDR

The problems started about six months ago--every time I'd turn on the computer, it'd scan the hard drive for errors, claiming an improper shutdown. Then, two months ago, it started going to a black screen saying a windows file is corrupt, use the XP CD to restore the file--but simply restarting the computer at that point would get it going (only came up on a fresh start).

Then in the recent times, the screen is completely black. I turn on the computer, and no signal is sent (I'm guessing) to the monitor, so it's just flashing the power light...but after waiting approximently 10seconds, and restarting ('reset button'), it would go to the other problems--file corrupt screen, then the error scan...and this latest time, it took 4 resets for the screen to catch a signal...

All wires are plugged in good, and everything seems to be functioning properly, except for, of course, this problem I have...and I really have no idea where to start on fixing this. I planned on keeping this computer for another year or so--and hope this can be fixed! Anyways, any ideas/suggestions, please let me know!

Thanks,
-X

Answer:My Computer - Getting Worse & Worse! Is there hope?

take the graphics card out and insert it back in firmly making sure it is sat properly in its slot. check the manufacturers websites for your motherboard and graphics card and see what the bios updates do, and see if they have any FAQ's to check if anyone else has been having similiar problems to you in terms of people who have the same motherboard or graphics card??

Email the manufacturer(s) for your motherboard company and graphics company.

2 more replies
Relevance 44.69%
Question: w32.trats!inf

Cheers everyone I have a virus and norton internetsecurity 2008. When I start up my computer its really slow and norton keeps saying it removed or blocked w32.trats!inf. It does this every time i start up. If anyone has some spare time i would very much appreciate your help in removing the virus. Below is my hijackthis log thingy. thanks in advance for any help.
EDIT:
Computer specs:
Windows XP SP2
2gb RAM
300gb HDD
intel core2duo e6600 2.4ghz
512mb nvidia 7950gt
creative audigy 2
if i missed something please ask

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:33 AM, on 1/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WIN... Read more

Answer:w32.trats!inf

I did a norton 2008 full system scan and after scanning all 418 000 files norton found nothing yet my computer is still slower than death. any suggestions?
 

3 more replies
Relevance 44.69%

W32.Trats!inf

I scan my computer with Antivirus and that always comes up no matter what. I can't find anyway to get rid of it. I'm not really sure what it is or what it does, but i'd rather not have it. i'm not really sure what to do at this point.

I'm sure there are other problems along with it, but this is the most re-occuring one.

Anyone know what I should do?

Answer:Cant Get Rid Of W32.trats!inf

According to the Symantec website it is a virus that infects exectutable files and attempts to contact a remote computer.Having never dealt with this kind of virus before its hard for me to tell you exactly what to do.http://www.symantec.com/security_response/...-99&tabid=3Take a look at this removal guide, i'm sure it will give you some assistance.Good Luck

1 more replies
Relevance 44.69%

Hey there. This is my first post. I've had the w32/trats virus for a few weeks now and it's steadily getting more annoying. At first it was just pop-ups, then my computer started running very slowly and browsing has become a paint at times. Now, I'm also getting both fake Security Software advertising and also pornographic advertising being replaced in areas where regular web ads appear, even on some sites as Yahoo. Need help.

Thanks,

Raf

Answer:Need Help With W32/trats

Please follow the instructions here to remove your SmitFraud problem.http://www.bleepingcomputer.com/forums/ind...mp;#entry103417Please do an online scan with Kaspersky WebScanner.Hold down your "Shift" key and click on this link: Kaspersky WebScanner, to open the Kaspersky WebScanner in a new window.Click on "Kaspersky Online Scanner".You will be prompted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files.Once the files have been downloaded click on "NEXT".Now click on "Scan Settings".In the scan settings make that the following are selected:Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)Scan Options:
Scan Archives
Scan Mail BasesClick OK.Under select a target to scan, select "My Computer".This will program will start and scan your system.The scan will take a while so be patient and let it run.Once the scan is complete it will display if your system has been infected.Upon completion, click on the "Save as Text" button.Save the file to your desktop.Copy and paste that information in your next post.

11 more replies
Relevance 44.69%
Question: W32.trats!inf

A few weeks ago I picked up W32.Trats!inf (at least that's what Norton tells me). I have done everything I can to try and remove it. I have used Norton 360 and Internet Security well as Adware, Spybot, and a couple of online scanners (House Call & Bit Defender) on it. A guy on another forum also had me run VundooFix but it just won't go away. Bit defender is the only program I used that found it and told me it couldn't fix it, the rest said something to the effect of "problem solved" (of course it wasn't). I also read through a post on this site from someone with the same problem, but his Hijack This logs aren't the same as mine, so I can't use it as a guide line for what to remove. I am running Win XP SP2. I have never used this forum before so any help you can give me would be great. Here's my Hijack This log, Thanks Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:44:40 PM, on 1/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS ... Read more

Answer:W32.trats!inf

Hello askanes,Download CCleaner and install it. (default location is best). Do not run it yet! CCleaner Tutorial*******************************************Select the following with HijackThis. With all windows (including this one!) closed (close browser/explorer windows), please select "fix checked" O2 - BHO: Dcads Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dllO2 - BHO: (no name) - {3D3B8B84-E7AE-4E50-959E-53446EA545F1} - C:\WINDOWS\system32\ddayy.dll (file missing)O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32\nsd1E49.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: browser optimizer superiorads - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - C:\WINDOWS\system32\spads.dll (file missing)O2 - BHO: {4b38547a-bcf0-863a-a834-b2be968e966f} - {f669e869-eb2b-438a-a368-0fcba74583b4} - C:\WINDOWS\system32\otafvxma.dll (file missing)O4 - HKLM\..\RunServices: [winlog] winlog.exeO4 - S-1-5-18 Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Andre\Local Settings\Temp\{71FB93A4-4C75-4753-BC96-F441EC48C6A2}\{907B4640-266B-4A21-92FB-CD 1A86CD0F63}\ATR1.exe (User 'SYSTEM')O4 - .DEFAULT Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Andre\Local Settings\Temp\{71FB9... Read more

26 more replies
Relevance 44.69%

Here is the log file for this thread:http://www.bleepingcomputer.com/forums/t/135093/need-help-with-w32trats/Ive been having w32/trats and vondu infections for a couple of months now and can't seem to get rid of them. tried stinger, mcafee, ad aware. smitfraud. nothing works. i'm getting popups all over the place, and have XP with service pack 2.I use firefox as my browser, but still getting popups in that, and also IE keeps popping up. Ads are even being replaced within pagesby malware and porn ads. any help is greatly appreciated. -----------------------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:28:14 AM, on 3/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\VTTimer.exeC:\WINDOWS\AGRSMMSG.exeC:\WINDOWS\ALCXMNTR.EXEC:\Program Files\iTunes\iTunesHelper .exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\Rundll32.exec:\program files\common files\mcafee\mna\mcnasvc.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\InterMute\PopSubtract\PopSub.exeC:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exec:\PROGRA~1\COMM... Read more

Answer:Need Help With W32/trats

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.When posting your logs please post them directly into the reply. Do not attach them.Also make sure you have already followed the steps outlined below:Preparation Guide For Use Before Posting A Hijackthis LogThank you for your patience.

1 more replies
Relevance 44.69%
Question: W32.trats

Hello, today without warning Norton picked up a W32.Trats infection, which it said it removed but it seems not to. I did a full system scan and it found two Trojans, which it removed, and I've also followed the other steps that lead to posting a new topic. I've been here once before with a bad W32.Trats!inf infection and you guys were amazing! I'm hoping that since this just happened today that it is not as infected as last time.I'm getting popups and it is also difficult to type because it seems that every few letters I have to go back and correct spelling, as my system is quite bogged down.I have no idea where these infections are coming from - I practice safe internet policies and do regular virus/spyware scans. I'm also losing a lot of faith in Norton because it's not doing a very good job at stopping infections!Thank you for any help you can give!!! HijackThis LogLogfile of Trend Micro HijackThis v2.0.2Scan saved at 10:03:26 PM, on 2/16/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files&#... Read more

Answer:W32.trats

Hi, Wellcome to Bleeping Computer Forums!You might want to save this page on your favorites, so you can find it again when you return.Please take note of the following:I will be handling your log and helping you, please do not make any system changes yet. The process is not instant. Please continue to review my answers until I tell you that your computer is clean. Be patience.The fixes are specific to your problem and should only be used for this issue on this machineIf there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.Please reply to this thread. Do not start a new topic.Please give me some time to look over your log and I will get back to you as soon as possible.

22 more replies
Relevance 44.69%
Question: W32.trats

I am running windows vista on a laptop I have norton internet security and it has picked up w32.trats infecting my computer. My atempts at removing myself have failed it keeps comming back. Attached is a HJT log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:40:26 PM, on 03/01/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16575)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\System32\mobsync.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\Windows\system32\Macromed\Flash\FlashUtil9e.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Common Files\Symantec Shared\ccLgView.exeC:\Users\Owner\Desktop\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.rd.yahoo.com/customize/ycomp/def...://ca.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.castanet.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://... Read more

Answer:W32.trats

Hello xcalibur and welcome to BleepingComputer!Apollogies for the delay. The forum has been very busy lately. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log.Please also post the problems you are having.Thanks,Johannes

14 more replies
Relevance 44.69%
Question: W32.Trats!.inf

Need help removing this virus. Please help
 

Answer:W32.Trats!.inf

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide
 

21 more replies
Relevance 44.69%

A few days ago I picked up W32.Trats! (at least that's what McAfee tells me). I have done everything I can to try and remove it. I have used McAfee and Internet Security well as Adware, Spybot, and a couple of online scanners (House Call & Bit Defender) on it. A guy on another forum also had me run VundooFix but it just won't go away. Bit defender is the only program I used that found it and told me it couldn't fix it, the rest said something to the effect of "problem solved" (of course it wasn't). I also read through a post on this site from someone with the same problem, but his Hijack This logs aren't the same as mine, so I can't use it as a guide line for what to remove. I am running Win XP SP2. I have never used this forum before so any help you can give me would be great. Here's my Hijack This log, Thanks Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:55:31 PM, on 1/28/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Bonjour\mDNSResponder.exeC... Read more

Answer:Got W32.trats Help!

Hi,

I'm sorry for the delay, the forums are very busy. If you still need help, please post a new HijackThis log and give a description of how your computer is currently running.

2 more replies
Relevance 44.69%
Question: W32.trats

I have been readinf all of the posts regarding w32.trats as I was infected as well. I beleive I have removed most of it, however me computer still is very slow logging off and booting up. I think I still have something in my reg file. I have attached my lastest hijackthis.log.

Thank you for the assistance...... I really appresciate it........ I have been fighting with this for almost a week now.

RPITA

Answer:W32.trats

Please disregard request for assistance. I have formatted the drive.

RPITA

2 more replies
Relevance 44.69%
Question: W32.Trats!inf

W32.Trats!inf How is this nasty thing removed
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:35:10 AM, on 1/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCal... Read more

Answer:W32.Trats!inf

Help i'm not sure if i removed the virus Norton says there is no virus but the Kapersky says it's infected still
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, January 09, 2008 9:15:09 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/01/2008
Kaspersky Anti-Virus database records: 504750
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 63126
Number of viruses found: 2
Number of infected objects: 2
Number of suspicious objects: 2
Duration of the scan process: 01:39:49

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip/Yazzle1552OinUninstaller.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\volatile.DAT Object is locked skipped... Read more

1 more replies
Relevance 44.28%

Please help! My PC has recently become infected with w32 trats and I can't seem to get rid of it. I have McAfee Virus Protection running at all times on my computer. It detects and removes files, but moments later, it's still messing up. I have disable system restore, started in safe mode, rescanned, but it's still messing things up. Also, it has disabled some of the McAfree protections (real-time virus protection included).

I have also tried cleaning with AdAware and Super AntiSpyware...same thing. They detect and "clean" but ultimately it's not fixed.

The PC is running slow. Popups are frequent, even with a pop-up blocker. It keeps opening up additional tabs in IE. Now it keeps throwing up something about Windows Installer (seems to be tied to Microsoft Office, which appears to be working fine).

Please help! I have read in some threads about using regedit, but I am unfamiliar with it and am afraid to mess something up without guidance. Below is my HJT log. Any assistance you can provide would be appreciated!

Thanks,
Stacy
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:23:38 PM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:... Read more

Answer:Need help removing w32 trats

14 more replies
Relevance 44.28%

For the past few weeks I've been having trouble with going on the internet. Norton kept picking up something about W32.Trats!inf as a security risk. Sometimes it would block it, sometimes it would take no action, but no matter what it does I'm getting fullscreen popups galore and at times it gets so bad that Internet Explorer freezes up entirely. I have run a Norton scan under Safe Mode and it detected and removed W32.Trats!inf, however it continues to come back and seems to be getting worse. I read and did the preparation guide except for Step 5 (the malware/spyware scans) because Internet Explorer freezes before the scans are complete.Thank you for any help you can give me! You guys are my last shred of hope! HijackThis Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:36:02 PM, on 1/7/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\devldr32.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\Program Files\Common Files\Symantec Sha... Read more

Answer:W32.trats!inf Issues

Hello RockOn81Impala, This computer is really infected, so this will take multiple steps. Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will shutdown your computer, click OK. Turn your computer back on. Please post the contents of C:\vundofix.txt and a new HiJackThis log.

28 more replies
Relevance 44.28%

hey all my girlfriend downloaded this some how i am have trouble getting rid of it.

i ran nortan 360 and ad aware pro they didnt really seem to help.

here is my HijackThis log i hope you can help before i have to format

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:11:02 AM, on 1/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\DU Meter\DUMeterSvc.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\CPU stuff\Files\alcohol\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\system32\RUNDLL32.EXE
C:\CPU stuff\Files\iTunesHelper.exe
D:\WINDOWS\mgrs.exe
C:\CPUSTU~1\Files\ACTIVE~1\wcescomm.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\MSN Messenger\MsnMsgr .Exe
C:\CPUSTU~1\Files\ACTIVE~1\rapimgr.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\Logite... Read more

More replies
Relevance 44.28%

A real mess! I won't go into all the details, but first Norton started displaying warnings for "vundo." Then something called "ccCommon" started trying to install everytime I started up. Then I got warnings for something called Trats!inf. Now Norton Antiprotect won't load.

Anyway, here's the HijackThis log. I would REALLY appreciate any help! THANKS!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:10 PM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe... Read more

Answer:vundo and Trats!inf

Closing duplicate thread. Please continue here: http://forums.techguy.org/malware-removal-hijackthis-logs/668977-trat-inf-adclicker.html
 

1 more replies
Relevance 44.28%

A few weeks ago I picked up W32.Trats!inf (at least that's what Norton tells me). I have done everything I can to try and remove it. I have used Norton 360 and Internet Security well as Adware, Spybot, and a couple of online scanners (House Call & Bit Defender) on it but it just won't go away. Bit defender is the only program I used that found it and told me it couldn't fix it, the rest said something to the effect of "problem solved" (of course it wasn't). I also read through a post on this site from someone with the same problem, but his Hijack This logs aren't the same as mine, so I can't use it as a guide line for what to remove. I am running Win XP SP2. I have never used this forum before so any help you can give me would be great. Thanks

Answer:W32.trats!inf Issue

Hi askanes and welcome to bleeping computer.Please download VundoFix.exe to your desktopDouble-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.Try this first and then let us know how things went.

4 more replies
Relevance 44.28%

I have reviewed several of the other posts concerning this virus and I need help. I have downloaded HiJack this and am including the log from it. Here is the history.

I am helping someone recover their computer that was "running real slow" and suffering from "lots of pop ups." I approached this from the spyware angle first but all attempts to eliminate the spyware that was found was fruitless as it always returned. I updated their McAfee and started scanning for viruses. McAfee identified files infected by W32/Trats and it also found Vundo. As I though W32/Trats was contained when the files that were infected were cleaned or removed I focused on vundo that could not be removed. I ran FixVundo and VundoFix to clean it up and that seemed successful, so I was surprised when McAfee kept complaining about W32/Trats and a new trojan called generic dropper.

The system is a Dell desktop running Windows XP Home.

As I said I have reviewed several of the other posts about this virus and realize the the solution is similar but not always the same. I have downloaded HiJackThis and ComboFix awaiting advice on how to run it. I have disconnected the PC from the internet becuase IE is unreliable and the trojan is very active while the PC is connected.

Any help is greatly appreciated.

[ CODE]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:56:47 PM, on 1/28/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)... Read more

Answer:Need help removing W32/Trats

14 more replies
Relevance 44.28%
Question: trats & pupur

I installed a piece of software around a week ago. Since i rebooted i have been getting reports of various trojans, viruses. I would be very grateful for your assistance.

My mcafee software since has been behaving erratically. Attempting to send emails to recipients, none of whom i recognise from the log. Other symptoms were corrupt mcafee files, and i could not upgrade.
Tried mcafee's latest sdatnnnn.exe via a dos safe mode. identified and cleaned supposedly, pupor, bot i think, and trats virus, however they still appear to be present. nb. ran their scan process until the log was clean.
Also had the "you have 5 minutes to reboot" and can't stop it after that comes up.

ccleaner identified and removed startup issues, and the other stuff.
defrag performed
combofix run and log attached nb. last night.
spybot search and destroy ran and cleaned stuff last night.
avg anti spyware left running overnight until it completed and turned off pc. nb. I have the control center version. the log recorded in the virus vault catchme 2008-01-18*.zip does not exist.

spybot auto started this morning and was supposedly clean.
mgtools run and log attached.

Symtoms so far this morning are my mcafee software is identifying a buffer overflow in c:\windows\system32\services.exe. I am currently leaving that warning open while yr cleanup processes are running.
still getting a pupur warning via mcafee
 

Answer:trats & pupur

Further to this, I received a letter today from my ISP that spam was being reported from my connection.
My mcafee software initially reported a number of failed attempts to unknown addresses, but I have no track of any that might have been successful.
I guess these are coming from my ISPs provided email address, which I do not use.

Help guys! Thanks
 

19 more replies
Relevance 44.28%

I am suffereing from a W32.trats!inf. Other files that I'm finding with this is the Downloader, trojan.adclicker, and the trojan.vundo. After doing the scans It seems that I have rid my computer of the bugs, but I'm not to sure. So far I have not seen any of the popups that I've been seeing previously. here is a copy of the log file from hijackthis.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:40:31 PM, on 1/12/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\system32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Program Files\Common Files�... Read more

Answer:I Have A Problem With W32.trats!inf

Hi, and Welcome to Bleeping Computer My name is jpshortstuff. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following: I will working be on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for the issues on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic.As I am still training here, my posts to you will be checked by an Expert member. This will ensure that all advice and instructions I give you are accurate and safe. This may mean that my replies may take a little longer.Sorry about the delay in responding If you still need help:Show all hidden files:Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Cli... Read more

2 more replies
Relevance 44.28%

I keep getting the Norton AV pop-up on start-up that says I have a w32.trats!inf file on an executable file. Here is my HJT log. Please help me.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:39:41 PM, on 1/13/2008Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\CTsvcCDA.EXEC:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\hphmon05.exeC:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exeC:\WINDOWS\BCMSMMSG.exeC:\WINDOWS\System32\hphmon05 .exeC:\Program Files\Common Files\Symantec Shared&... Read more

Answer:Help Wanted With W32.trats!inf, Here Is The Hjt Log. Please Help If You Can.

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are absolutely snowed under with logs.If you still require help,please post a new Hijackthis log into your next reply.

1 more replies
Relevance 44.28%

Hi,My system has been infected with the w32.trats and w32.trats!inf viruses according to my Symantec Endpoint Security 11.0. Both the virus and my antivirus had rendered my PC unstable and were causing lots of problems with the fight for domination over my PC. Eventually I uninstalled Symantec Endpoint Security and ran norton removal tool to remove all traces of symantec software. System has stablised and I have been working on my PC only in safe mode. I ran hijackthis and removed lots of unwanted stuff and the dlls related to w32.trats. Have been successful so far. But I do not want to boot into normal mode yet, since, there is a chance for the infection to return as I haven't found the modified exe files. I have read many posts on this site and have noticed that I should use RenV.exe file to find those files. But i'm having a problem when running the RenV.exe app and can't find any support topic for this app. Therefore, could someone help me out.My hijackthis log is as follows, but please not, I've removed the domain names and name server ip addresses from this log for the security of this my network. I'm attaching this log just to be sure from you guys that the infection has been cleared:================================================================================Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:54:52, on 29/01/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: Safe mode with network su... Read more

Answer:W32.trats Infection

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you.
I apologize for the delay getting to your log, the helpers here are very busy.

If you still need help, please post a fresh Hijackthis log, in this thread, so I can help you with your malware problems.
If you have resolved this issue please let us know.

2 more replies
Relevance 44.28%

Hello. I am getting the worst ads popping up. I'm running Symantec AntiVirus Version 10.0.0.359. Everytime I restart the system, it appears that Symantec is configuring for setup. Auto-protect results show 4 or 5 entries of the w32.Trats, action taken: deleted, and various filenames, usually something like TMP6.tmp, or gebyw.exe. Many times I have started Windows in Safe-Mode and ran the antivirus (after updating definitions), and it always finds the w32.Trats!.inf, action: Partial, filename: vptray.exe. I also run Adaware in Safe mode. however, nothing seems to work. If I use Mozilla Firefox, the ads don't pop up as much. The system is running slow, and Windows IE just bogs down horribly. Any suggestions would be greatly, greatly appreciated. Thank you.
 

Answer:Solved: w32.Trats!inf

16 more replies
Relevance 44.28%

I keep getting the Norton AV pop-up on start-up that says I have a w32.trats!inf file on an executable file. Here is my HJT log. Please help me.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:39:46 PM, on 1/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\System32\CTsvcCDA.exeF:\Program Files\NavNT\defwatch.exeF:\Program Files\NavNT\rtvscan.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\UAService7.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\MsgSys.EXEF:\Program Files\Creative\S... Read more

Answer:Help Wanted With W32.trats!inf

Hi, Wellcome to Bleeping Computer Forums!You might want to save this page on your favorites, so you can find it again when you return.Please take note of the following:I will be handling your log and helping you, please do not make any system changes yet. The process is not instant. Please continue to review my answers until I tell you that your computer is clean. Be patience.The fixes are specific to your problem and should only be used for this issue on this machineIf there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.Please reply to this thread. Do not start a new topic.Please give me some time to look over your log and I will get back to you as soon as possible.

5 more replies
Relevance 43.87%

Hi,

This is my first time on this forum and first time using hijackthis, so please be patient with me, haha.

This is the situation that I am in right now. A couple of days ago my computer became infected with a trojan vundo virus. Norton pick it up and I guess dealt with it, then told me to restart my computer. It did this repeatedly several times, then I booted into safemode to run a full system scan, nothing came up.
After using the computer little more in normal mode the vundo trojan came back. I downloaded from symantec the vundo fix scanner program and it came up clean. Then I disabled system restore, which deleted my prior restore points, which for some reason were only 2 points.

I also ran spybot and that came up with nothing. I read online that a certain ursrp.exe program was the culprit so I searched for it and came up with ursrp.dll. Using spybot bho viewer I saw that one of the bho was caused by ursrp.dll so I have disabled it. As well as under internet explorer.

Looking around online I read that Ewido, which is now AVG anti-spyware could fix this. So I downloaded it and ran it. It only came up with cookies and an ancient file I have on my computer that according to it was infected with a Sadmind worm. I quarantined it off and restarted.

Now here I am sorry that I did not keep better track of things. Sometime in between what I was doing, windows installer kept on poping up and telling me that it needed a file for symantec antivirus to run. Also I noticed that ... Read more

Answer:Solved: Vundo and W32.Trats!inf

I would like my thread to be deleted due to inactivity
 

1 more replies
Relevance 43.87%

Please help me get rid of this virus and trojan. I run McAfee, it detects the W32\trats Virus and Vundo Trojan but can not remove it. I have been working on this for 2 weeks and I am at the end of my rope! PLEASE HELP.
 

More replies
Relevance 43.87%

Hi, I am having a similar (same?) problem as the person in this thread, but couldn't post a reply and decided to start a new thread in case its not the same problem.

As in the other thread, my symantec keeps finding and fixing Trojan.Vundo, but it keeps coming back. I also tried the symantec trojan vundo removal tool with no success. However, where my problem differs is that I have also had symantec find W32.Trats which symantec says it got rid of but apparently didn't.

Anyway, below is my Hijack This log if it helps. Any suggestions to my problem are greatly appreciated and I will also keep an eye on the other thread for solutions. Also, it may be nothing, but I seem to notice the symantec popup more when I am using IE instead of Firefox, maybe its nothing though.

Thanks, Scotty B

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:11:55 PM, on 1/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Mic... Read more

More replies
Relevance 43.87%

God I hope you all can help me!! I have been 3 days now trying to get rid of W32/Trats and jkklk.dll.They are both viruses supposedly and NOTHING I do gets rid of them.I am at my wits end and don't know where to go on this or what to do.I use McAFee as a virus scan and I have used quite a few different spyware removals and what have ya.I need to get this off my computer.I have quit using IE for the time being and have installed Firefox.I just need to know how to get this/these things off my system.Any help will be appreciated.I know alot about computers but am yet still illerate in the removal of a virus that don't seem to want to go away.
Thank you
LisaRose122
 

Answer:W32/Trats and JKKLK.DLL Viruses

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide
 

26 more replies
Relevance 43.87%

I've been dealing with a virus for quite some time. Just when I think it's gone, it pops back up again and then some new ones. It seemed it popped back up after downloading MySpace Messenger. I got rid of Messenger, thought I got rid of the virus and then downloaded Windows Live Messenger and now there's a new virus and Messenger doesn't work at all. I did a virus scan and it said there were 15 viruses (took over 5 hours to do a virus scan this morning ???). I recently received a warning box that said the following:

Malicious code found in file C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP19\A0005859.exe.
Infection: Virus.Win32.Trats.d
Action: failed.


On a side note, I had a virus called mlljk.exe. I've gotten rid of it several times (it's currently not listed), but it's come back atleast 3 times in the past.

Thanks for any help. Here is my HJT log. Also attached is a copy of my ActiveScan file.



Deckard's System Scanner v20071014.68
Run by Katrina Dobrolinsky on 2008-02-07 18:39:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as Katrina Dobrolinsky.exe) ---------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:39:49 PM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
... Read more

Answer:Virus.Win32.Trats.d

Anyone? Please help!!

19 more replies
Relevance 43.87%

I've been infected by w32.trats. I've followed the outlines for removal on the Symantec website to no avail. I'm running Norton Internet Security. It causes my explorer.exe to either freeze up, or completely disappear, at which point Norton blocks w32.trats. After this I have no (apparent) trouble until I reboot. It also causes some tray icons to disappear, notably the ones for num/caps/scroll lock.

My HijackThis logfile:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:43:25 PM, on 1/29/2008
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C... Read more

Answer:Solved: Infected with w32.trats

13 more replies
Relevance 43.87%

NAV shows infections with W.32.Trats!inf and Adware.purityscan.I downloaded and ran Combofix. The Combofix AND Hijackthis logs are below. Thanks for any help you can offer! ComboFix 08-01-02.1 - Owner 2008-01-01 19:18:24.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.201 [GMT -5:00]Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\system32\ctfmon.exe.tmpC:\WINDOWS\system32\dgrgiuxq.dllC:\WINDOWS\system32\geebx.dllC:\WINDOWS\system32\kfcjhtwl.dllC:\WINDOWS\system32\ljjhifg.dllC:\WINDOWS\system32\RCX29.tmpC:\WINDOWS\system32\rlls.dllC:\WINDOWS\system32\xbeeg.iniC:\WINDOWS\system32\xbeeg.ini2.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\LEGACY_FOPF((((((((((((((((((((((((( Files Created from 2007-12-02 to 2008-01-02 ))))))))))))))))))))))))))))))).2008-01-01 19:15 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe2008-01-01 18:55 . 2008-01-01 18:55 <DIR> d-------- C:\Program Files\Trend Micro2008-01-01 13:12 . 2008-01-01 19:50 487,456 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat2008-01-01... Read more

Answer:W.32.trats!inf And Adware.purityscan

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are absolutely snowed under with logs.If you still require help,please post a new Hijackthis log into your next reply.

1 more replies
Relevance 43.87%

Hello, I was on a MySpace site (using Firefox) when I got infected with the first virus, W32.trats!inf. Symantec put it in quarantine and then started acting screwy. Now everytime I access Symantec, another window pops up and it tries to install itself and then error 2718 finally comes up. Symantec seems to be running okay except for the constant stream of errors 2718.Symantec and ZoneAlarm are the only two programs that I have running on start-up.I did some online research and discovered that W32.trats "infects executable files located in the startup folder to run itself when windows starts." So I thought I would outsmart it and disable it from start-up by unchecking it through start>run>msconfig. Boy was that a mistake. Then ZoneAlarm started acting funny and Symantec accused it of being a virus. So I went back in a re-enabled "vtutu.exe" in startup, so you will probably see that in my log. Here are the following anti-virus programs that I've run.SymantecCCleanerAd-AwareSpy-Bot S&DHousecallAVG Anti-SpywareTrojanHunterStingerI have ZoneAlarm firewall running and Symantec.Only Symantec and TrojanHunter found vtutu.exe. They were both able to quarantine it but neither has been able to get rid of it completely. Note I also disabled the system restore utility, per Stinger's instructions. Also, the one thing that I'm unable to do is get the latest patches from Microsoft Windows because I don't have a key to Microsoft (I don't have a legit copy of... Read more

Answer:Infected With W32.trats!inf Or Vtutu.exe

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are absolutely snowed under with logs.If you still require help,please post a new Hijackthis log into your next reply.

23 more replies
Relevance 43.87%

I'm a high schooler, with barely any professional computer experience. Over the course of the last few days my anti-virus, CA, have been picking up these files in my Temp files infected. I.E.C:\Users\user1\AppData\Local\Temp\ddaya.dll - Win32/Vundo.LF trojan. Deleted.File infection: C:\Users\user1\AppData\Local\Temp\ddaya.exe is infected with Win32/Trats.A virus. C:\Users\user1\AppData\Local\Temp\TMPD609.tmp is infected with Win32/Trats.A virus.Some of them were deleted, but most of them weren't. I ran HijackThis. Here's my log: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:09, on 2008-01-23Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16575)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Adobe\... Read more

Answer:Vundo? Trats? Ddaya?

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are extremely busy.If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.If you have not followed the info in the link below prior to posting your log then please do so now:Preparation Guide for use before posting a HijackThis Log:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/If you still require help,please post a new Hijackthis log into this topic in your next reply.Also post a detailed description of the issues you're experiencing.*Note*Post all reports/logs directly into this topic,not as attachments,thanks.

1 more replies
Relevance 43.87%

Hello. I?m infected! My computer has become increasingly slower over the last few days and I have been unable to make much progress trying to clean it up. I am running Windows XP-SP2 with Norton AV (with current updates). After starting Windows, I started getting error messages (GEBCC.DLL not found, PMNNM.EXE not found, etc.) and erroneous Windows Installer requests (see step 14 below). I have run Norton scans and attempted cleanup as detailed below in preparation for running HijackThis. (Unless you can fix me first!) I?m getting soooooo frustrated. Can you please help?Norton has identified and attempted to clean up the following: Trojan.DesktophijackTrojan.AdclickerTrojan.HorseAdware.ISMonitorW32.Trats!infBackdoor.TrojanDownloaderAdware.Purityscan1. Ran cleanmgr to clean up Temp files2. Downloaded and updated Ad-Aware. Ran Full System Scan and cleanup20080207 10-24-44 : Full scan started.20080207 11-10-55 : Full scan ended.20080207 12-42-59 : Tried to Quarantine an infection.20080207 12-43-04 : Successfully Quarantined Root: HKCR Path: clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} belonging to Virtumonde20080207 12-43-06 : Successfully Quarantined Root: HKLM Path: software\microsoft\windows\currentversion\explorer\shellexecutehooks Value: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} belonging to Virtumonde20080207 12-43-06 : Successfully Quarantined Root: HKCR Path: clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} belonging to Virtumo... Read more

Answer:Infected With W32.trats!inf, Virtumonde, And Others?

Seems to me like its startup enteries that haven't fully been removed.
I had this problem on my old pc with virkosun.dll , a virus.
After getting rid of it i kept getting The Specified Moudule could not be found message.
The way i fixed it was:
Start>Run> Type "msconfig" without the quotes.
I pressed the 'startup' tag, and unticked virkosun.dll
Try seeing if GEBCC.DLL, PMNNM.EXE etc. are there and if they are, untick them, apply, and reboot.
Upon reboot, a System Cnfig utlility window will appear when you next log in.
Tick the check box and press ok.
Hope this helps,
Vegeta.

7 more replies
Relevance 43.87%

Hello from a newbie to this forumI slaved the hd then scanned from symantec but the scan was terminated by the virus. ?? not sure how that happened but..returned the hd to master and rescanned again, same result from symantec site but did get a list of 549 files infected with various vermin. Ran spybot s&d which also got clobbered during "fix problems" deletion. hmmm, nasty little guys, so OK.Ran hijackthis then slaved the drive again onto a clean computer with latest defs from norton 2008 which quarantined most all of the infected files then returned hd to master. symantec site rescan found even more than original infected files replaced or reinfected. SoI then downloaded combofix, that seemed to do the trick, rescanned again from symantec site and cleaned up last 30 files combofix didn't delete. Ran spybot again and terminated the last adware found. Please check through these logs and let me know if you find any remaining problem programs or files I may have missed.thanks in advancememnoch*****************************************symantec virus scan: Virus Status: Infected!Your computer is infected with at least one known threat. 188058 files scanned, 549 file(s) infected on your disk drives. No viruses were detected in memory.Your computer is free of known threats. Virus Detection does not check compressed files.Your computer appears safe for now. For real-time protection from viruses, hackers and privacy threats, upgrade to ... Read more

Answer:W32.trats!inf And Trojan Vundo Among Others

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.When posting your logs please post them directly into the reply. Do not attach them.Also make sure you have already followed the steps outlined below:Preparation Guide For Use Before Posting A Hijackthis LogThank you for your patience.

1 more replies
Relevance 43.87%

picked up this nasty bug, been at it for days and no luck getting rid of it. Running Win Xp Pro, tried deleting with Symantec in safe mode and restore off but it's still there. Checked the forums and downloaded and ran hijack, here's the logfile - please help, I'm pulling my hair out here.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:48:55 PM, on 2/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\accoca.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\HP Tools\Agent L... Read more

Answer:help - desperate to clean W32.trats.inf

bump
 

1 more replies
Relevance 43.05%

I have NOD32 antivirus which detected these viruses, but after that NOD32 is no longer working properly. My brother-in-law tried to help me, but I am still having trouble.

Below are my hijack this and combo fix logs. Any help you can provide is greatly appreciated. Thank you.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:03, on 2008-01-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\TOSHIBA\My Documents\My Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://toshibadirect.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHe... Read more

More replies
Relevance 43.05%

I've tried EVERYTHING to remove this.. including Semantics Vundo Removal Tool, and VirtumundoBeGone, and Vundofix 6.77. I hope I am posting this right.. I have literally been working on this PC for 2 days straight... I need you guys.. that Know's what their doing!Here's my HijackThis Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:48:31 PM, on 1/12/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\WINDOWS\system32\slserv.exeC:\WINDOWS\wanmpsvc.exeC:\Program Files\Java\jre1.6.0_04\bin\jusched.exeC:\Program Files\Dot1XCfg\Dot1XCfg.exeC:\WINDOWS\System32\alg.exeC:�... Read more

Answer:W32.trats!inf Virus... Help! Hijackthis Attached

Hi, and Welcome to Bleeping Computer My name is jpshortstuff. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following: I will working be on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for the issues on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic.As I am still training here, my posts to you will be checked by an Expert member. This will ensure that all advice and instructions I give you are accurate and safe. This may mean that my replies may take a little longer.Sorry about the delay in responding If you still need help:Show all hidden files:Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Cli... Read more

2 more replies
Relevance 43.05%

My situation:Constantly in both IE and Mozilla in lieu of other ads, this one appears: At first that ad was only replacing other ads, but now it replaces pictures on sites like Google Image SearchMy computer is slowing to a crawl and new popup ads will occasionally appear for anti-spyware products. McAfee was ineffective in stopping it, so I uninstalled it and uploaded Norton. Norton is constantly noting that there is a W32.Trats or Downloader virus and blocks it, but the problem will then still sprout every now and then.Here is what I've done:- Downloaded the new Java 6.4- Cleaned out all temp files- Ad-Aware deleted some malware- Spybot deleted some firewall malware- Ran Housecall and Stinger with little results- Vundofix found viruses in my system32 file in Windows, but after deletion they soon returned upon a second scan- ddaya.dll was discovered and deleted after numerous reboots (wouldn't let me manually delete since it was being ran elsewhere), but now a similar file in mllmm.dll has taken its placeThe problem still occursHere is my hijack log. Any help would be greatly appreciated:********************************************Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:30:48 PM, on 2/18/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\... Read more

Answer:W32.trats / Ddaya / Downloader / Vundo

Hello thr6758,Welcome to Bleeping Computer 1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Thanks,tea

2 more replies
Relevance 43.05%

I got a suggestion from Shaba to join this forum and upload a log from hijackthis. I have a computer with Norton antivirus who is INFECTED and it seems I have done all I know to try to clean it. I'm detecting mmllmk and can't delete it because it ?in use". I have tried in safe mode with no success. I run norton and detect viruses that are quarentined and when I initiate windows in normal mode thay all come back again... Please help!I'm attaching my hijackthis here... Thanks in advance!I was told that the hijackversion version I had was an old one. I had version 2.0.2 which I think is the newest. Any way, I unistall and downloaded aga. Here is the new log.******************************************Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:45:21 PM, on 2/28/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LVComsX.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program ... Read more

Answer:Infected With Malware - Vundo - Trats!inf

Every time I open IE the security level is to its minimum. I keep reseting it.My windows definitions are up to date, windows firewall is on. I have run:Norton (many times). Definitions are up-to-dateSpybot (many times)Pandaspysweeperstingerbitdefenderfixvundo from symantec (does not do ANYTHING)Ad-ware 2007 (4 times)I also downloaded autoruns.The file that is driving me crazy is mllmk. Autoruns tells me that the dll is under:HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication PackagesGrrrrr I have never seen one here!The vptray of norton is infected so, if I delete the infections it won't work! I keep unistalling ot and re-installing I really need to get this solved... do you guys thik I should just format the computer? I have post so many topics in so many forums and haven't got not even ONE reply!!!Here is my new log. If you guys do ot know what can be done, would you please let me know so I just go ahead and format this monster? An please don't even think I'm disappointed... I'm just sooooo frustrated and tired.. I use my pc for work! ahhhhhhhh Thanks again!******************************************************Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:43:35 PM, on 2/29/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS... Read more

13 more replies
Relevance 43.05%

My Norton Internet Security 2008 removes the virus but it reappears on startup. I tried disabling system restore and restarting in safe mode and a full scan, removing the virus and rebooting in normal mode but nothing, i think i'm doing something wrong, im not experienced in using regedit.

My computer is running slower. It started off when my aol spywware detected pro rat 1.9 which i believe i have gotten rid of by installing the program itself then click on the brush icon and remover the server and downloader. I just need to get rid of w 32.trats.

Here is my log, hope you can help.

- Matt.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:24:16, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe
C:\WINDOWS\system32\svchost.exe
C... Read more

Answer:W 32 trats removal help needed (contains Hijack log)

8 more replies
Relevance 43.05%

I need help in removing this visious virus. I have attached my HiJack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:50 PM, on 12/31/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\ctfmon .exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Promise Technology, Inc\Promise Array Management\MsgSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:/... Read more

Answer:Solved: Help remove Win32.Trats!inf

16 more replies
Relevance 43.05%

Hopefully someone can help me. My son was using the computer and it got infected, he does not remember what exactly he was doing at the time. Symantec Antivirus Corp. Edition warned that it was infected with Win32.Trats, but it could not remove it only quarantine. I was also getting a rundll error loading C:/windows/system32/bjlpinkm.dll access denied and C:/windows/system32/jkkjh.exe is not a valid win32 application. Also I could only get internet access via one profile on the computer (my son who started this) which is an administrator account.
I ran the malware removal procedures and I removed five adware programs you had in your list via the add/remove programs. Also Symantec Antivirus would not let me remove 72 threats in quarantine saying that they were being used by another process. After running SpyBot I started getting the error message C:/windows/system32/autoexec.nt The system file is not suitable for running ms-dos and microsoft window applications. I attempted the fix recommended when running gtools and it did not fix the problem. I now at a loss.
I tried to find the SASlog.txt file but I cannot find it. I will run SuperAntiSpyware again and then attach it. Sorry.
 

Answer:Win32.Trats:Totally clueless

Here is the log from superantispyware that I could not find. Please help me.
 

2 more replies
Relevance 43.05%

I am having trouble removing the W32Trats.dll virus. It can be detected but not removed. Path name given when detected is

C:\Documents and Setting\Mike\Local Settings\Temp\winrkqztv32.dll

Here is the file from the DSS program

Deckard's System Scanner v20071014.68
Run by Mike on 2008-03-29 13:08:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
28: 2008-03-29 17:08:16 UTC - RP28 - Deckard's System Scanner Restore Point
27: 2008-03-23 02:13:50 UTC - RP27 - Spybot-S&D Spyware removal
26: 2008-03-23 01:00:21 UTC - RP26 - System Checkpoint
25: 2008-03-20 23:48:08 UTC - RP25 - System Checkpoint
24: 2008-03-16 18:19:59 UTC - RP24 - System Checkpoint


-- First Restore Point --
1: 2008-02-26 00:40:14 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Mike.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:10:58 PM, on 3/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C... Read more

More replies
Relevance 43.05%

So, I am going crazy here, b/c I am only so literate on the computer. Now not able to connect ot internet on my PC (using my laptop as a backup) at all. Spybot comes keeps showing smitfraud-c. McAfee and Ad-aware, and SUPERAntispyware all come up clean. Also, used FixVundo. Got the internet up and running yesterday, w/ limited abilities and a few pop-ups, but now I have nothing. Any advice or suggestions would be greatly appreciated. Please help!!Here is my hujackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:54:26 PM, on 2/4/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\McAfee\MBK\MBackMonitor.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\C... Read more

Answer:Dealing W/ Smitfraud-c/trats/vundo/and Probably Some Others!

FYI---HijackThis StartUp report.StartupList report, 2/4/2008, 4:17:45 PMStartupList version: 1.52.2Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXEDetected: Windows XP SP2 (WinNT 5.01.2600)Detected: Internet Explorer v7.00 (7.00.6000.16574)* Using default options==================================================Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\McAfee\MBK\MBackMonitor.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeC:\PROGRA~1\McAfee\MSC\mcpromgr.exec:\PROGRA~1\COMMON~1&#... Read more

3 more replies
Relevance 43.05%

Hello,

My desktop PC (WIN XP HE) has some type of virus.

Here is what is happening:

1.) As soon as my Win XP loads one of these viruse filenames is caught under NAV and it puts them in Quarantine (W32.Trats, TMP2.tmp, vtuts.exe, 5_swp[1}.htm, A0179516.exe) and other variations of these. When I delete these in NAV they keep coming back even when I shut the PC off and reboot.

2.) NAV is still running in the background but the icon that is normally next to the time display at the bottom right corner is missing. When I try and Load Norton Antivrus Services manually by checking the box a new window pops up saying "Norton Antivirus service is not responding. If you are trying to unload NAV services, you need to have Adminstrator rights to unload a WIN NT service."

3.) When I'm online I keep getting popup windows every few minites and one specific one telling me I have a virus and redirects me to the MALAWARE ALARM site.

4.) A lot of the icons that were next to the time display in the bottom right corner are now gone (NAV, MSN & Yahoo messenger, Weather channel) etc.

I have tried using the following software to fix the problem but to no avail:

WinCleaner One Click CleanUp, Ad-Aware 2007, Norton Antivirus Corporate Edition

Any help would be appreciated .. thank you!

Answer:Pc Has Vttuts.exe Tmp2.tmp W32.trats Viruses

Here is Synamtecs Description of W32.trats http://www.symantec.com/security_response/writeup.jsp Although you seem to be having more trouble than that suggests. It infects your startup programs And sends your info to a remote web server.One of the files looks like it has infected your system restore folder. Norton will not be able to remove that as windows blocks all access to the System Volume Information folder where system restore is hidden. To clear system restore:Right click My computer and open properties, then go to the system restore tab and and check "turn off system restore on all drives" This will clear the system restore folder on shutdown. After rebooting turn it back on again.Then start your computer in safe mode and launch NAV there. Run a full system scan and remove the malware it finds.NAV will not be able to remove two registry keys that are generated by the virus. BACKUP YOUR REGISTRY, to do this go to Start -> Run: regedit.exe. Once open click file -> export... and save the file in a safe place (make sure that under what to export you have all selected and not current branch). Then navigate to and delete:HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\"load" = "[RANDOM CHARACTERS].exe"Also edit:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\"Notification Packages" = "scecli [RANDOM CHARACTERS].dll"Double click to ... Read more

2 more replies
Relevance 43.05%

Hello,PLEASE NOTE: Some changes have been made to this post and they are in Bold. thanks.My desktop PC (WIN XP HE) had or still has the viruses W32.trats, Virtumonde, Vtuts.exe. I'm not sure if they are still there. I still have the Trojan.Vundo virus which is being caught by NAV but can't be cleaned or quarantined.Here is what was happening:1.) As soon as my Win XP loaded one of these virus filenames was caught under NAV and it put them in Quarantine (W32.Trats!inf, vtuts.exe, TMP2.tmp, 5_swp[1}.htm, A0179516.exe) and other variations of these. When I deleted these in NAV they kept coming back even when I shut the PC off and reboot. 2.) The viruses have disabled my NAV however auto-protect is still running in the background but the icon that is normally next to the time display at the bottom right corner is missing. When I try and Load Norton Antivrus Services manually by checking the box a new window pops up saying "Norton Antivirus service is not responding. If you are trying to unload NAV services, you need to have Adminstrator rights to unload a WIN NT service." 3.) When I'm online I would get various popup windows and one specific one telling me I have a virus and redirects me to the MALAWARE ALARM site.4.) A lot of the icons that were next to the time display in the bottom right corner are now gone (NAV, MSN & Yahoo messenger, Weather channel) etc.5.) I believe my msconfig file is still infected also because when I try to run it I get a Windows can't ... Read more

Answer:Pc Infected With W32.trats, Virtumonde, Vtuts.exe

Welcome to the BleepingComputer HijackThis Logs and Analysis forum jag123My name is Richie and i'll be helping you to fix your problems.Your version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest version of Java Runtime Environment (JRE)2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 4'.3. Click the "Download" button to the right.4. Check the box that says: "Accept License Agreement".5. The page will refresh.6. Click on the link to download 'Windows Offline Installation jre-6u4-windows-i586-p.exe' [15.12 MB] and save to your desktop.7. Close any programs you may have running - especially your web browser.8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.10. Click the Change/Remove button.11. Repeat as many times as necessary to remove each Java version.12. Reboot your computer once all Java components are removed.13. Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.If you have previously downloaded ComboFix,please delete that version now.WarningYou should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidanc... Read more

46 more replies
Relevance 43.05%

Well, a couple of days ago, my Symantec AntiVirus detected Trojan.Vundo and W32.Trats. I have run BitDefender and Ewido, and even VundoFix, but none have worked very well. I get ads when I go on Firefox, and also, my I get prompts telling me to install "Symantec", and telling me to "Please wait when the computer configures Symantec" automatically. Here's my HJT log. Thanks for any help!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:55:41 PM, on 1/30/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\svcho... Read more

Answer:Infected With Trojan.vundo And W32.trats

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are extremely busy.If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.If you have not followed the info in the link below prior to posting your log then please do so now:Preparation Guide for use before posting a HijackThis Log:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/If you still require help,please post a new Hijackthis log into this topic in your next reply.Also post a detailed description of the issues you're experiencing.*Note*Post all reports/logs directly into this topic,not as attachments,thanks.

1 more replies
Relevance 42.64%

Hello my new bestest friends. I need help ! (as does everyone who comes here) My computer has been running like a bag of you know what for about 3 weeks. IE became corrupt and will not start even after uninstalling and re installing Versions 6 & 7. However this is not the problem as I am currently using safari and finding it great. The problem lies with my computer and it's sluggishness, ever since IE became corrupt my computer seems to have slowed. I am getting occasional Internal memory (blue dos screen) errors and several other little glitches like windows XP's search program will not close after I perform a file search. I have performed several Virus & spyware checks such as AVG and Spyware Doctor also several registry progs like registry Booster.AVG comes up clean, however Spyware Doctor and Registry Booster both show a lot of Registry errors inluding heaps of lnk file and url files. I removed most of these the first time around but discovered it to have deleted all my shortcuts and bookmarks that I much needed (well not so much the shortcuts) It did not remove the actual .exe files but was a major hassle as my dektop shortcuts where wiped. So I performed a system restore and now have everything back.I am wondering are/have these files become corrupt or is this just overkill on the software (spyware Doc & reg booster) behalf?? I have also noticed in my Hijack this log that there are several (missing files).I am so in need of help as i use my computer to p... Read more

Answer:Need Help Computer Getting Worse And Worse!

Hello Krisso,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies
Relevance 42.64%

I recently got this annoying virus..W32.Trats!Inf how do i remove this, after an hour looking through the net, i found the program HiJackthis and was told to post the log in this forum. Thank You in advanceLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:49:01 AM, on 2/10/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Common Files\Sonic Shared\CineTray.exeC:\Program ... Read more

Answer:W32.trats!inf Invaded My Computer, Hijack This Log: Please Diagnose

Hi,Ive been looking around for threads that has similar problems to mine, i have dl/ed combofix and hijackthis but it seems i cant get rid of this virus. (virtamonde and W32.Trats!Inf)So if someone could help me fight these things, that'll be a great help.I tried to understand the steps on how to detect and delete this things but just ends up confuse.So again, any help will be appreciated.Here is my HiJackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:47, on 2008-02-10Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Intel\Intel Application Accelerator\iaantm... Read more

2 more replies
Relevance 42.64%

My computer has been lagging lately so I did a deep virus scan with Avanquest Fix-It and found no viruses. Searching through my files to see if anything seemed out of the ordinary I saw a number of pos*.tmp files in the C: Hard drive. I used Fix-It to remove these files and it only got worse. When my computer boots up my windows .wav file plays slow and distorted as does the shutting down .wav file. My music files all play slow and distorted and any music played on websites is the same. I also found that when I went into the properties of my wireless internet connection and found that I cannot access my firewall settings. This message appears:Windows cannot display the properties of this connection. The Windows Management Instrumentation (WMI) information might be corrupted. To correct this, use System Restore to restore Windows to an earlier time (called a restore point). System Restore is located in the System Tools folder in Accessories.I went to my system restore to find it was not turned on and I had no restore points. My fiance had purchased this laptop from a coworker and I have been dealing with viruses and minor problems since we got it but nothing this serious. It now takes eight to ten minutes for the computer to fully boot up where before it was within a minute or two. I have since turned on system restore but in the condition the computer is now in there is no good restore points to go back to. I have ran the Kaspersky Online Scanner and here is the log:KASPERSKY... Read more

Answer:Infected With Trojans, Vundos, Trats, Virtumond And More

Hi RickWe can clean out the malware, but you biggest problem may be the corrupt (WMI) Windows Management Instrumentation ...This is an integral part of windows and almost impossible to repair manually ... I've tried ... with only about a 50% success rate ... with no restore points, then uninstalling and reinstalling SP2 would be worth a try ... SP2 downloads a new repository (WMI) ...Or alternatively, is a format & reinstall an option for you ?Go to start > Run > type msinfo32 & press Ok ... does system information open ? ... I doubt it ...I'll get you to run a couple of programs & then let me know how you want to proceed ?Please Download Malwarebytes' Anti-Malware from Here :-http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlor here :-http://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Quick Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.* The log is automatically saved ... Read more

30 more replies
Relevance 42.64%

I let my friends 8 year old use my computer. I thought she was on Hannah Montana but who knows. Anyway, after she left I could not use the computer at all. Pop ups every second, so fast I couldn't close them fast enough to open a screen. What my friend calls a "pornado" haha. Most from OuterInfo and ShellCon but some others too. And the computer was so slow it couldn't even reboot or clear out temp files. I have downloaded 2 free programs "Spybot Search and Destroy" and "Ad-Aware". they could not detect anything. I then paid for SpyHunter 3. That can detect the Purityscan and a Trojan but cannot Remove. I also paid for RegistryBooster2 by Uniblue. They both seemed to help somewhat but not enough. now I can use the computer but it is VERY slow and it keeps trying to dial out on its own. This is my Log File. Can you help?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:12:04 PM, on 1/7/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\Pr... Read more

Answer:Outerinfo/purity Scan/pe-trats.a /troj_vundo.aca/

Hello Sallyann, Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new HijackThis log. Thank you for your patience.

3 more replies
Relevance 42.64%

I tried replying to the initial win32.trats thread but it is not letting me for some reason. I have posted my issue followed by a reply with the log files from ComboFix and HJT

I have been trying to rid my PC running Windows XP of Vundo and variations for weeks now.

I have installed stopZilla, AVG, Kaspersky, HiJackThis, Adaware, ComboFix, VundoFix

Needless to say, this thing is a pesty little bugger!! I use firefox but IE be popping up regularly. I am not even really sure where to start at this point. I am running a fresh Kaspersky scan. I can post the log file. Anybody, Jintan especially, please advise and THANK YOU. I am glad to have found this forum.
 

Answer:Win32.trats x Vundo - ATTN Jintan =)

16 more replies
Relevance 42.23%

I think Vundo was removed sucessfully, but McAfee can't get rid of Trats (it can't quarantine nor remove it, but scans it on restart repeatedly). Also, Ad-Aware keeps finding trojandowloader.zlob on scans, removes it, but then it comes back on the next rescan.

I will post a combofix log too.

Any help will be much appreciated---
H

Answer:Vundo Trojan/ Trats Troan/ Trojandowloader.zlob

Hi Welcome to the forum quasicompfixer.I'm not certain whose or what tool you have run so I''ll give you the full instructions. Following this should remove it.You may want to Temporarily disable both McAffee and AdAware during the following steps.NOTE: all blue wording are links to instructions/toolsFirst you will need to follow the instructions in our TutorialHow To Remove Vundo/Winfixer InfectionNow Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop .. DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to start Windows in Safe ModeDouble-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or the Opera browser click that browser at the top and choose: Select AllClick the Empty Selected button.If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.NOW Scan with SUPEROpen from the desktop icon or the program Files listOn the left, make sure you check C:\Fixed Drive.Perform a Complete scan. After scan,Verify they are all checked.Click OK on th... Read more

1 more replies
Relevance 41.82%

Problems:1. Originally had Trojan.Fructa pop-ups (now gone)2. W32.Trats Infection (repeatedly shows up in Norton as blocked)3. Missing efecy.dll & efdd.exe files4. Can?t delete BoCore.exe file (Comodo)Files removed by BoClean: C/Windows/Ehome/EHTpay.exeC/Windows/Ehome/EHMSAS.exeC/Windows/System32/MSFeedssync.exe5. Ntuser.dat.Log1 & Ntuser.dat.Log2 appeared in C/Users/Erin6. ?A runtime error has occurred. Do you wish to Debug? Line: 162 Error: the download of the specified resource has failed.? Press Ok. Unable to debug. Things I?ve done: 1. Contacted Norton, but they won?t help unless I fork over a month?s salary. (I?m a Peace Corps volunteer in Moldova. Willing to donate if I can get it fixed!!)2. Tried to follow advice from previous forums and websites to no avail. Especially since Vista isn?t compatible with Spybot Search & Destroy or AVG Antivirus or AVG Rootkit freeware. 3. I?ve tried other freewares such as Comodo, AutoRuns, SD Fix, BoClean, File Recovery for Windows, Wise Disk & Registry Cleaner, Registry Mechanic, Ad-Aware 2007, Seagate File Recovery, etc. Hopefully I didn't do too much damage in the process! After much wasted time, as the problems still persist, I?m hoping for your help and expertise! I?ve learned my lesson with shareware, and after this don?t plan to use it. Could I also have been infected from flashdrives? Thank you for helping me!Hijack Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:48:37 PM,... Read more

Answer:Vista Os Battling Trojan.fructe To W32.trats Legions Galore!

NEW Problems as of Jan. 31st:1) Errors Loading: C/Users/Erin/AppData/Local/Temp/msheogjg.dll2) Errors Loading: C/Users/Erin/AppData/Local/Temp/qopom.dll"The specified modules could not be found"3) Difficulty connecting to internet even though my computer says I'm connected to server. I can connect only one time per reboot. Strange!4) Norton AntiVirus now as problems downloading "Protection updates" & "Spyware definitions".5) Ulead Video Error pop-ups. An internal error has occurred. (Error code=%s) [15033:0:1] - I want to completely get rid of this trial software.6) Pop-up: The security information is invalid or has been modified. This program will be terminated. (Nothing happens-that I know of-when pressing OK button)Please advise! Thank you!

12 more replies
Relevance 37.72%

Norton has blocked these. I have not been able to find anything with scanning and vundo removal tool could not find anything also could not scan "Winlogon plugins".

Deckard's System Scanner v20071014.68
Run by My computer on 2008-01-05 11:10:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 2 Restore Point(s) --
2: 2008-01-04 12:44:52 UTC - RP124 - Windows Update
1: 2008-01-03 03:23:00 UTC - RP123 - Windows Update


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-05 11:12:48
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\ehome\... Read more

Answer:trojan.vundo, W32.trats, trojan.adclicker infections

Hi 3KGT

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

===============================================

Additional Downloads

Please download these additional files/programs. Do not run them until instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

=================
Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you.
Please post the "C:\Co... Read more

3 more replies
Relevance 34.44%
Question: Gotten Worse...

I know i posted about it a couple days ago with my computer going down the pooper. Well it was running real smooth untill recently. i had lots of disk drive space open now today it says i have 55.6GB of free space now i have a total of 74.5. I have been running virus protectors and spyware programs but its not working and there are icons showing up on my desktop that i cannot get rid of.... Do i have to re install windows or something? Sorry to ask again but i need help. Also i forgot to mention in my add remove programs there is a new program called search plug in and also micromedia flash player which im unfimiliar with and they are the biggest files in there.
 

Answer:Gotten Worse...

Please don't start a new thread for the same issue

If you are not getting any responses bump the original back to the top by simply posting to it...

here's the oiriginal... http://forums.techguy.org/t313054.html

closing this one

buck
 

1 more replies
Relevance 34.44%

i now cannot access my e-mail since doing an update every time i click on the e-mail icon nothing happens its just blank, nutty norm again

Answer:its seems to get worse

What email icon?????????????

3 more replies
Relevance 34.44%
Question: Bad to Worse.

Hi all,  So not only does the Control Panel on my T520's nVidia card fail to work, but safe mode doesn't either. It gets stuck in a reboot loop for memory reasons. Using last known boot configuration I can get it to boot normally but the networking cards/drivers don't work. They are detected in Windows 7 but ipconfig only gives the Tunneling adapters.  Any ideas? Or should I just send it in for servicing?













Solved!

Go to Solution.

Answer:Bad to Worse.

Hi kingofthering
 
If you need to use the machine temporary or to ensure your Nvidia GPU is defect, you could change the graphics settings in the BIOS to Integrated Graphics.
 
If you are not technical savvy or / and wish to save the hassle, it's probably good to send it in for servicing.
Have a nice day!
Peter
W520 (4284-A99)
Does someone?s post help you? Give them kudos as a reward, as they will do better to improve | Mark it as solved if the solution works for you, so it could be reference for others in the future
=====================================
Sound Enthusiast and Enhancement (Post comments, share mixes, etc.)
http://forums.lenovo.com/t5/General-Discussion/Dol?by-Home-Theater-v4-for-most-Lenovo-Laptops/td-p/6...
http://forums.lenovo.com/t5/IdeaPad-Slate-Tablets/?IdeaPad-Tablet-Sound-Enhancement-Thread/td-p/7150

9 more replies
Relevance 34.44%

I've been trying to fix this computer for several days now, and it keeps getting worse instead of better

I know from my Ad-Aware scans that it has coolwebsearch on it, but CWShredder doesnt find anything wrong when I run it. ad-Aware does and keeps fixing it, but it's back within seconds. I've also run spybot search, about buster, and pest patrol. My HJT logs are getting worse, not better.

I would be much obliged if someone could help me; I can't figure out what else to do.
Thanks!
-Vanessa

Here is my HJT log, let me know what if anything else will help.

Logfile of HijackThis v1.97.7
Scan saved at 11:41:07 PM, on 2/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program... Read more

Answer:It's Getting Worse....

I downloaded the newer version of HJT...new log file is:

Logfile of HijackThis v1.99.0
Scan saved at 12:13:41 AM, on 2/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\iety.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\msbo32.exe
C:\DOCUME~1\ness\LOCALS~1\Temp\Temporary Directory 9 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system... Read more

3 more replies
Relevance 34.44%

Ok my computer has been progressivly getting worse becuase before i wasnt able to enter my control panel becuase explorer would just crash. And now i started up my computer and restarted a couple of times and i cannot see my tool bar(the one with the start button) and my cousin is bringing my xp disk christmas.. what can i do in the meantime? oh and when i click my windows key it doesnt do anything.

Answer:it just got worse...

looks like a virus to me
what antivirus program are you using? and is it up to date?

9 more replies
Relevance 34.44%

I tried to run a payment on a website and the submit button did nothing but make the cursor blink which it still is.  I looked under inspect Element and there was a JS file that downloaded.  I looked at it and it looked fishy.  I tried to run the normal cleaning techniques (ADW Cleaner, JRT, RKiill etc) and they all returned a messagge. "the service cannot accept control messages at this time "
 
It is slowly getting worse by the minute so I am not sure that this will even get to someone in tim,e cause I know u guys are backed up but if possible I dont know what to do I tried to use msconfig.exe , and the search functions to get safe mode to work but I just get either nothing happening or the same message.  I am afraid that if I turn off the computer to shift into safe mode that it will loack up..  Any helop would be appreciated.

Answer:I have something bad going on and ts getting worse byt the second

Sorry, but it seems that your pc is infected with a virus or malware which is going to take some more work and a deeper look. No sense running a bunch of tools here.Please follow this Preparation Guide, post in a new topic and include a link to this thread.Let me know if all went well.

3 more replies
Relevance 34.44%

I have been workin on this for several days now and I am at my wits end. I am attaching my Bitdefender log and an HJT log. I have followed all of the instructions in the "Before Posting" page. And should tell you the following. My Add/Remove programs hasn't worked in years so when necessary I use the free trials downloadable from various places.
When I try and run Microsoft Windows Defender it says I need to perform an upgrade, and will not open.
I tried running Pandascan this morning and waited for over two hours and it never did complete downloading.
As I mentioned, I am at my wits end and believe it's time for some help.
Thanks
 

Answer:The more I try the worse it gets! I need Help!

Welcome to Majorgeeks!

You did not attach your HJT log. Make sure you follow all instructions in step 7 properly and then attach your HJT log.

You should look at your Bitdefender log (change the .txt to .html and then double click on it and you can see it in your browser) You need to delete those items it is pointing out in your email.

Is your copy of Windows licensed to you and has it been activated with Microsoft?

What happens when you try to use Add/Remove programs? Be specific.
 

9 more replies
Relevance 34.44%
Question: bad to worse

Now I'm getting a little spooked.First it was just some irritating re-directs from Google searchers.Then multiple windows began propagating, sometimes blaring music, voices, phone sounds.Then, trying to work my way through the instructions in the preparation guide, I discovered that attempting to run the gmer.exe crashed me, locked up the processor, prevented me to restarting, the whole thing.Now, my touchpad has stopped responding. I uninstalled and restarted to replace the driver, but no effect. I am having to use a USB mouse, which works OK, but has not improved the touchpad.What's next?!Just curious. A question, for those of you who have experience with this forum--how long does it usually take to get help? Should I assume that all topics are addressed eventually, as folks find time? If I have failed to supply some bit of information, or violated some etiquette, I'd rather know, make my amends and start over that wait on the sidelines longer than necessary.Or should I just throw this piece-of-crap netbook out the window and get a real machine?

Answer:bad to worse

Hello pfosinger,It's hard to say how long it will take for a topic to get picked up. I know how frustrating it is when your computer isn't working properly. Let me assure you that your topic isn't lost, forgotten, or ignored. We work with hundreds of logs every day, so we have devised a means of seeing only those topics that don't have responses yet. At the moment, we have nearly 300 unanswered topics, the oldest dated Aug. 26, 2010 at 5:14 pm Eastern Daylight Savings time in the U.S.A. Your log topic is dated Aug. 30 2010 at 10:00 pm using the same time zone.Our volunteer MRT team members have various levels of expertise and training, so while we try to take the oldest DDS/HJT logs, it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us would want someone to assist you who is not familiar with your issue and attempt to fix it.Please be patient. It may take a few more days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.Orange ... Read more

2 more replies
Relevance 34.44%
Question: It's worse

my computer has been acting up for awhile running really slow, but now it's started this trick of adjusting the screen every little bit. It either moves up or down. It changes the sizes of the window as well. Then i noticed down at the bottom in the task bar, a button appears for just a second with a little icon in it. Then it disappears before i can do anything. Now, my email has started bouncing and i can't get outlook express to connect. Also, i was kicked off yahoo messenger and then all i could get was page cannot be displayed on even my home page. Here is my HJT log. I would appreciate your help.

Demi

Logfile of HijackThis v1.99.1
Scan saved at 1:01:23 AM, on 3/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Dig... Read more

Answer:It's worse

6 more replies
Relevance 34.44%
Question: Getting worse

I followed your advise to rid my computer of a BHO and virus (red circle w/white X in system tray). Now my computer takes 20 minutes to boot, asks what mode to load in, (safe, normal, MS-DOS, etc), and only loads in 640 x 480 video. I've also lost the printer driver.

Logfile of HijackThis v1.99.1
Scan saved at 12:49:56 PM, on 12/12/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\ATIPTAAB.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant ... Read more

Answer:Getting worse

hi, welcome to TSG.
you don't appear to have a firewall, even if you have a router you still need
a software frewall, downlaod the one from the link below!
Filseclab Personal Firewall Professional Edition

http://www.filseclab.com/eng/download/downloads.htm

http://www.wilderssecurity.com/showthread.php?t=92710
Download the pocket killbox

http://www.bleepingcomputer.com/files/killbox.php
Download A2

http://www.emsisoft.com/en/software/free/

update A2 and run a full scan.
*Download Cleanup from Here

http://www.stevengould.org/software/cleanup/download.html

* A window will open and choose SAVE, then DESKTOP as the destination.
* On your Desktop, click on Cleanup40.exe icon.
* Then, click RUN and place a checkmark beside "I Agree"
* Then click NEXT followed by START and OK.
* A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
* Click OK
* run cleanup

have hijack this fix these entries. close all browsers and programmes before
clicking FIX.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Ex... Read more

1 more replies
Relevance 34.44%

I just finished a download that had some pretty nasty side effects. I am getting a pop up saying "It is recommended to update you antispyware protection to prevent data loss. Please install the most up-to-date antispyware for you" then an ok button. This isn't the only one, there are about 2 or 3 that seem random, none of which seem encouraging at all. Please help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:48:46 PM, on 1/26/2009Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20935)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\LSI SoftModem\agrsmsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\TVersity\Media Server\MediaServer.exeC:\WINDOWS\explorer.exeC:\Program Files\Unlocker\Un... Read more

Answer:pop ups and probably worse

Hi,Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts. Actually, this doesn't suprise me at all.I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!This is somewhat suicidal in today's digital world.That's why I want you to install one first!!* Please install Avira Antivirus: http://www.free-av.com/This is a free Antivirus.Perform a full scan with Avira and let it delete everything it i... Read more

18 more replies
Relevance 34.44%

I've had 10 for a few months now. During that time I've had several automatic updates. Most have been unnoticeable, a few others were anti productive. The first and the last (two days ago) have been horrible. When I first downloaded 10 I immediately lost my CD/DVD drive. No matter where I look my computer can't find the old one. It also disabled sound from anything I recorded. The latest update is making me log in if I leave the computer for more than a couple of minutes. It also makes me wait before the log in window pops up. I'm beginning to think that switching from 8 to 10 was not a good decision.

Answer:Just when you think it can't be worse!

Would you consider doing an in-place upgrade install, also known as Repair install ?
Repair Install Windows 10 with an In-place Upgrade

9 more replies
Relevance 34.44%

dear all, any softwares that can fix this...

3 men go into a hotel for the night. The clerk informs them that it's $30 for the room, so they each take out a $10 bill to pay for the room. So far they paid $30, correct? You with me so far? Good.

A few moment after the men went up to the room, the manager reminds the clerk that there was a special promotion that night, and that the room was only $25. So the clerk gives the bell boy five dollars to bring back to the men. On his way up to the room, the bell boy says. "Hey, I'm not stupid, I'll give each of the man a dollar back and keep two for myself, $5 right, 30-5=25.

Well, since the bell boy gave each man a dollar back, that means each man only paid $9, correct?

Well, the last time I checked, 9x3=27, plus the 2 that the bell boy took makes 29, what happened to the other dollar??????

[This message has been edited by kokaik (edited 07-03-2000).]
 

Answer:the more you think, the worse it gets

7 more replies
Relevance 34.44%

 Can anyone help??? It all started when I installed a new game (well new for my old PC) the other day, when ever I tried to load it, once it got past the intro video it just returned to the desktop, most of the time, it did occasionally work. So I went to look on the web for advice and was told to update my sound and video drivers. My PC is an old PII 350 with windows 98. I went to ATI and downloaded what it said was the latest driver for my card, now when the game does play the colours are all wrong and blocky (I have also updated direct X above the one the game needs). So I tried a sligthly older driver, which was even worse, so I put the newer one back on. To add to this the company who made my sound card (Aureal) have gone out of business, so don't give drivers now. I have found on another page what was supposed to the the latest driver they did release, but when I load the diagnostic tool on my computer (some sort of direct X thing) when I test the sound, it says there is a fault there too. It seems that what ever I try to do, the thing just gets worse, I am starting to think about getting another PC, but when it works, it does everything I need. Does anyone have and advice how I should try and fix all this? Thanks James

Answer:It just keeps getting worse

Did you simply overwrite the videocard drivers? If yes, you may wish to thoroughly clean your computer by uninstalling them and running a program such Advanced System Optimizer V2 or Advanced Uninstaller Pro 2004 There is also a useful tool that removes drivers for you.. I'll get back to you on that once I recall the name. Even though your soundcard manufacturer has gone out of business, use Google to search for drivers. There is quite a high chance of still finding them.As for DirectX, see to it that you have the latest version from Mirosoft.Buying a new PC will not solve your problems. It is not the PC's fault, it is the users fault. Your problems will just start anew if you donot know what you're doing.

1 more replies
Relevance 34.44%

Hey all.
I am loaded with popups. I went through all my prelim scans, booted safe mode, all that jazz. I didn't notice anything for about three minutes, then it all came back. If anything, they just seem to be getting worse. Anyway, here's my log, thank you much for your time.

Logfile of HijackThis v1.97.7
Scan saved at 11:43:05 PM, on 11/27/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\mllcrap.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
C:\WINDOWS\system32\vmss\vmss.exe
C... Read more

Answer:Keeps getting worse.

Hi
You will need to get rid of the Peper Trojan first so run the PeperFix from my list..

After that
Make sure you have already run Adaware, Spybot S & D(check for updates) as these will do a preliminary clean first.Some files below may not be present after running the above programs.

Then....
Turn off your System Restore SEE HERE Reinstate it when your log is cleaned and then create a new restore point.Close your browser window and run hjt in safe mode... HOW TO RUN SAFE MODE and have "Hijack This" fix all the following items by placing a check in the appropriate boxes and selecting "fix checked".
Folders that have been highlighted RED in the log will need to be uninstalled.Check first as some folders maybe uninstalled via the Add/Remove program. Files highlighted in BLACK in the log will need to be removed from your hard drive. Make sure to have your system set to show hidden files and folders.. HOW TO SHOW FILES ..Please post a new log when finished...

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\SearchBar.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O4 - HKLM\..\Run: [W7ABA] c:\documents and settings\... Read more

5 more replies
Relevance 34.44%

Hi,

I just wanted to start by saying a very big thankyou to all of you that help people on this forum. It is very generous of you and it is appreciated.

I have been infected by this fake security application that says "Windows Security has found critical process activity on your system". It keeps redirecting our web searches. In safe mode I have ran malware bytes, super anti spyware and created a hijack this log all before finding this forum. Both these scans found problems initially however upon following the instructions of this forum no more were found. I tightened up my zonealarm resetting it to default and searching programs that try to run as they popped up, mshta.exe was one of the programs.

I have followed the instruction on this web site to the best of my knowledge and i will attach the logs of the various scans. All scans went well except for the combo fix scan that ran through to stage 50, flashed a page suggesting it was deleting files and then restarted my computer. I repeated it with the same result.

I now have a message that says "SQL Server could not find the default instance (MSSQLSERVER) - please specify the name of an existing instance on the invocation of sqlservr.exe." whenever i start my computer and it takes a long time before all the applications are loaded and ready to be accessed. It seems to run faster if the internet is turned off?

I am posting this from another computer.


Here are the logs - Thankyou for yo... Read more

Answer:Please Help, its getting worse

I am not seeing much in the way of malware on your system. Let's do this and see where you are after:

Download The Avenger by Swandog469, and save it to your Desktop.

* Extract+ avenger.exe from the Zip file and save it to your desktop

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present --Unless you set this.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present --Unless you set this.Click to expand...

After clicking Fix, exit HJT.

* Run avenger.exe by double-clicking on it.
* -Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:



Files to delete:
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Ta... Read more

5 more replies
Relevance 34.44%

Is a 635 slower than a 640? Is the camera worse? Is there less internal memory? What are the differences?

Answer:How much worse is a 635 than a 640?

Here's the differences compared to the 640...
The 635...
...has half the RAM, which meant Facebook and Messenger refused to run in my case on W10M, multitasking is less smooth and whatnot. But it works for the basics.
HOWEVER, there are some 635's that have 1 GB of RAM, matching the 640.
...is not supported currently so you won't be getting Windows 10 Mobile easily, although some 635's have indeed been getting it with little effort oddly enough.
...has an inferior, lower-resolution 5 MP camera with no LED flash. (the 640 has a flash and an 8 MP shooter)
...is smaller than the 640.
...does not have a proximity sensor.
...does not have double-tap to wake or Glance.
...has a smaller and lower-resolution display.
...has a smaller battery.
Although the 635 and 640 share the same Snapdragon 400 processor and 8 GB of storage + microSD.
The 640 is the better all-around phone but I your needs are very basic and the 635 is significantly cheaper then the 635 may make sense.

2 more replies
Relevance 34.44%

Hi. I hate to be a nooge, but I posted a problem I had a week ago with a single search term being redirected in Google -- only that one search term was redirected. That much has stayed constant -- I've been using Google all week and only that one search term is redirected. My post has dropped down to page 12 and I think it's pretty much off the grid by now.Tonight I tried to run Hostsman to update my Hosts file and Avast! immediately put up the Warning notice that:12/2/2009 11:40:42 PM SYSTEM 2016 Sign of "Win32:Delf-MZG [Trj]" has been found in "C:\Program Files\HostsMan\hm.exe" file.I quarantined the file, but now I'm very concerned. When it was just the one redirect it was interesting, but this has me a bit panicked.I've copied last week's post here.Can anyone help?EDIT: Okay, it looks like Avast! may be reporting false positives right now with virus database 091203-0, the one I'm using right now, according to what I read in the various forums. I'll keep a good thought, anyway.But my redirect problem IS still there, and I'd like to get to the bottom of it, if anyone can help. Thanks!Hello again -- I was here with a severe problem about a year ago. It took several weeks, and a lot of help, but I got cleaned.I also learned a few things. I have since installed the NoScript and Cookie Whitelist addons to Firefox, I installed the free version of ZoneAlarm, and I installed a Hosts file manage... Read more

More replies
Relevance 34.44%
Question: from bad to worse

please help-got a new laptop trying to use the wi fi.there is no wireless connection icon any where.maybe there no driver,im guessing. do i need to use the disc that came with my router.my other laptop works fine.maybe i need to use another keycode,i dont know please help.thanks

Answer:from bad to worse

I think you're already running a thread on this: click herePlease don't double-post.

1 more replies
Relevance 34.44%

Sorry to be such a bother but this problem is driving me bonkers!
Every turn develops into a new drama-here's the situation so far-

(1.) When I go to click on a program (any program) my computer either immediately or soon afterwards pops up a window that says "program error-process has already been exited-has generated errors and will be closed by windows. You will need to restart the program. An error log is being created." Of course restarting the process only sends me in circles-the same thing continues to happen-sometimes, obviously, I'm able to start the program but usually during the course of operation the "program error" window pops up and it's back to musical chairs again!
My system is, O/S Windows 2000 Pro, P4-1.6GHz 400MHz/P4FAN (P4-1600AR), Motherboard-D850MVL -MB Intel D850MV w/LAN, Rambus 256MB (2).

(2.) Now if I didn't already have enough problems I've apparently been infected with the Fortnight.E virus-it gets worse, in turn, I infected my ex-wife with the virus via an email (well, I'm sure you can imagine my situation-it would be better to have my nipples dipped in honey and dangled over a pool of hungry piranhas-she's pissed! Of course, the fact that the virus installed porno weblinks into her favorite file made matters even more unbearable-you'd think she was a nun or something! At any rate,
I have run a Panda On-Line AV-Scan-several Norton AV scans-SpyBot, Ad-Aware and SpySweeper-nothing works!
... Read more

Answer:Sos....from Bad 2 Worse!

6 more replies
Relevance 34.44%

Hello, I never write posts to ask questions when it comes computers, but this time I saw myself having to do so.
I have had many problems recently, and it just got to the point where stuff just doesnt work anymore.
I upgraded to Win 10 about 10 days after its launch. I loved it. I had that often problem everyone had but I could solve it.
About 20 days ago, everything worked greatly. Then, I don't remember what exactly happened, but all of a sudden I couldn't access the Groove Music App. Then I realized I couldnt open any other Windows built in apps, not even store worked. However, Edge and apps like calendar for some reason do work. So in an attempt to repair this, I messed up the Appdata folders's permissions. I had recently installed this context menu button when I right clicked, that let me take ownership of a folder, so I took the ownership "administrators."
Then, the hidden items check box in the View Tab on Explorer suddenly unchecked itself when I checked it. I looked up online and there it said it had to do with the Administrator account, but hell, I am the admin account on my PC, so this just didnt make sense. Then I read a simple reboot would help, so I rebooted and it was fixed.
This is where I mention my recent installs. Around the time, I installed this now piece of software on my pc, and this software was Bit defender Total Security. I had replaced my previous antivirus, Avast Internet Security, with this. Now, I highly doubt this program contributed to this in ... Read more

Answer:Help! My pc is getting worse

That last part went wrong somehow, here are the links:
click here
href
10-windowsstore/store-not-opening-in-windows-10-this-app-cant-open/c0de1565-9c33-4604-a1cd-b4ce18b72117?page=2&auth=1
10-windowsstore/windows-10-app-store-will-not-run-cannt-add-a-user/682d6bd8-39ae-4ee4-b0fc-c19027b44552?rtAction=1444233209744&auth=1
storeandappswontopenreregistering/
1-windowsstore/windows-store-app-not-opening-in-windows-81/9882357f-ae86-4e4d-ba37-209aa960063c

7 more replies
Relevance 34.44%

my topic is here http://www.bleepingcomputer.com/forums/t/134217/virus-and-rootkits/ and it has been a couple days since a reply, and i was told not to reply again until i get a reply from someone to help me. but my computer is now losing the whole task bar whenever i close anything...i can bring up the task manager and see everything there, and i can ALT+TAB between programs and they will come up, but when i press the windows button will not bring up the start menu. the HJT log is in that other topic. thank you for looking

Answer:I Think My Pc Is Getting Worse

Hi dizz15,I know it's frustrating, but please be patient. It may take a while to get a response, because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible.If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".To avoid confusion, I am closing this topic.

1 more replies
Relevance 34.44%

Just a curiosity question. I found an old AMD K6 chip in a scrap computer.
I would like to know if it is better/faster than my "Cyrix Instead" with MMX?
Both I think are 266's and socket 7.......

It's for my first PC that is now used for solitaire and surfing the net...

And what steps, if any, should I do to swap them, if the K-6 turns out better?
 

Answer:Better/Worse? Two old CPU's for old PC..

10 more replies
Relevance 34.44%
Question: Bad to worse

I posted a previous problem in regards to my computer shutting down at random and suspect virus. It seems things have gone from bad to worse in rapid time. I have lost internet connection, I open a program "regedit" and it closes, same with "msconfig" I cannot boot in safe mode. Suddenly all that was in my "connections" are completely gone, that folder is now blank. I know in the past I have tested your patience here but am throwing myself at your mercy once more. Sorry if this should have been posted with my previous question but I am unsure as to how protocol is.

btw forgot to give the basics.
Winxp
Medion computer.
should be current on updates.
again tia.
 

More replies
Relevance 34.44%
Question: Bad to Worse

Friends,

It appears my browser (IE/XPpro non-sp2) has been hijacked - at boot time I get an IE page that advertises WinAnti-Virus and demands I purchase. I can close the window and continue, but there are 37 processes running and the drive is constantly active, where an identical box has 28 processes running. I have downloaded (but not run) all the software you recommend, but apparently nudged the wrong bad actor and now the system won't boot at all. I have backed up some data, but don't want to loose everything if I can help it. I don't know how to use command line recovery and I can't remember the Admin password to use it anyway.

This happened once before and I let the system just run and reboot itself and after about 4 hours it was successful. I have about 4 hours on it now and no luck. I will let it run all night to be sure it doesn't heal itself.

If I reload XP, will all my data still be there?

Things started to go south about 2months ago when McAfee found Vundo and couldn't seem to kill it off.....

thanks, GearHead.
 

Answer:Bad to Worse

Hi GearHead,

Check out this link and try the removal tool from Symantec.

READ ME: Virtumundo Problems/Resolution Threads

Should that fail, I would suggest following the steps here:

READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Best luck
PP
 

2 more replies
Relevance 34.44%

new note pad mesgwhen I boot up.
[.ShellClassInfo]
[email protected]%SystemRoot%\system32\shell32.dll,-21787

I get this on start up and firefox is giving me an error

Well, this is embarrassing.

Firefox is having trouble recovering your windows and tabs. This is usually caused by a recently opened web page
Can any one help me out?

Thank you so much
 

More replies
Relevance 34.44%

Hi, I have been using PC tools for the last couple of years with no bother. However, when I wanted to put it on my laptop I lost the ability to access the internet. They told me (eventuallY) to reboot using my windows XP home edition disc. having done that I was initially able to access the internet, but I could not open links or download any thing, and now explorer won't open at all, I just get error reporting. Things have gone from bad to worse and I need some help.Thanks

Answer:going from bad to worse

sorry - spyware doctor

2 more replies
Relevance 34.44%
Question: It could be worse

I come to this forum and read all the time in search of knowledge . With the reading and help of the fine people here I have fixed many problems . Some posts I have read complain about a program taking a minute to start up . Some complain about a slow boot up . Well when I said it could be worse I found one that couldn't be . Uncle brought his PC out to me to see iffin I could make it work for him . HP Pailion with 128 ram and XP Home . Hooked it up to my monitor and turned it on . One hour and 15 minutes later I could finally do something . First thing I attempted to do was run defrag . It took 15 minutes for the menue to work enough to let me click on defrag and another 29 minutes to open defrag . Now I have it open and click on derag to run , 7 hours later it finished . Pc Was still slow . A bit better but not much . Started to empty temp folders . One temp folder took 15 minutes to empty . Emptied all the temp folders and the history then deleated some programs . Only deleted 3 small programs but with them and the temp folders I regained 17 gigs of hard drive . Did another defrag and this time it went much faster . Then I started on malware and viruses . Did the ususal scans I learned from here and took a bunch of them out . Got to the point that the PC was healthy again . Took out the 128 megs of ram and replaced it with 512 which is the max for this HP . Now it is running very smooth and probably as fast as it ever will . So when you think you are running slow do t... Read more

More replies