Computer Support Forum

Solved: Windows antivirus, Trojan Found, Windows Security Alert

Question: Solved: Windows antivirus, Trojan Found, Windows Security Alert

Please help! For the past few months our computer has been constantly popping up virus messages. Every few seconds we get a Windows antivirus message that says windows has detected spyware... As soon as I close this box it reappears. Every 2-3 minutes we get a Windows Security Alert stating Warning! Potential Spyware Operation! And sporatically we get a Trojan Found message from McAfee VirusScan although I can not delete the infected file.

I looked through some websites and messages on this board looking for help. I downloaded Super Antispyware Free Edition and ran that program. It deleted 450+ items but the computer is running no better and the messages are popping up just as often.

Moreover, I can not access my control panel through the start menu and can not add or remove programs.

I have seen some people post similar problems and they are told to run a Hijack report. I am not sure how to do that or what that means.

Can someone please advise? Thank you so much in advance for your help!!!

Relevance 100%
Preferred Solution: Solved: Windows antivirus, Trojan Found, Windows Security Alert

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Solved: Windows antivirus, Trojan Found, Windows Security Alert

16 more replies
Relevance 91.02%

I am working on a Windows XP Pro machine. I was getting pop up ads with a Windows security alert warning, along with a few others. My time also changed to military time. I could not run any malware programs until I ran a HJT log and corrected on of the entries, something with a ip address in it, I didn't write it down like an idiot. That then allowed me to update and run Spybot , malwarebyte and superantispyware. All came back with issues. Mywebsearch, trojan.fakealert.gen, disabled.securitycenter ,Trojan.vundo,trojan.fakealert,torjan.fakealert.gen,rogue.antivirusoft.Thank you in advance for your help!Here is the DDS report:DDS (Ver_09-12-01.01) - NTFSx86 Run by jandreozzi at 11:16:57.68 on Tue 03/09/2010Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1075 [GMT -5:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Fi... Read more

Answer:Windows Security Alert/Antivirus software Alert Virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

29 more replies
Relevance 89.79%

When browsing in firefox, I suddenly got a popup in my taskbar from Windows Security Alert. Knowing that was a problem, I immediately came here and downloaded DDS and Rootrepeal. However, this malware will not let me run a program. Every time I try, I get a window popup that says "Security Warning: Application cannot be executed. The file cmd.exeis infected. Do you want to activate your antivirus software now?" And then yes/no boxes. I've since closed firefox, and can no longer open it. I get the same popup for every program I try to open. Any help would be greatly appreciated

Answer:Windows Security alert/Antivirus System Pro alert

You already stated that no matte rwhat program you try to open, you see that pop up for the scareware. You can try running Rkill first to see if you can kill some of the malware processes that are preventing you from being abel to run other security software. here are some DL links for you. LINK 1LINK 2LINK 3LINK 4Once you get it downloaded double click to launch it (With Vista you need to right click and select run as administrator). You should see a little black window open and then close. If you see that box then it worked. If you don't see the black box then delete the file and use another download link and repeat the steps.Once it runs you should be able to run MBAM and then I would run SUPERAntiSpyware as well. If all else fails try going in to safemode and install MBAM and run the scans from there to get you started.

4 more replies
Relevance 86.1%

All of a sudden today:

"Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now."

Other windows popping up:
SPYWARE ALERT!
Antivirus software alert
"Application cannot be executed. The file wscntfy.exe is infected. Do you want to activate your antivirus software now?"

Can't run McAfee, or Malware, internet won't work.....but internet sites are popping up....not good ones!

I ran Malware in safe mode. it had picked up two infections. they were removed. but still the exact same thing is happenning. and now i am getting all the pop screens plus a red-x-shield in the bottom popping up a lot too

PLEASE HELP!!!!

Answer:"windows security alert.....Windows reports that computer is infected. Antivirus software helps to protect..."

Hello.

Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.

To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.

Lets take a look with Malwarebytes

Please download Malwarebytes' Anti-Malware from here:
Malwarebytes
Please rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exe

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Double Click zztoy.exe to install the application.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log w... Read more

9 more replies
Relevance 84.87%

DDS (Ver_09-06-26.01) - NTFSx86
Run by Administrator at 21:33:23.80 on Tue 07/07/2009
Internet Explorer: 7.0.5730.13

============== Pseudo HJT Report ===============

uStart Page = hxxp://newsletters.fool.com/04/index.aspx?source=imysltlnk750252
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: scriptproxy: {7db2d5... Read more

Answer:IE hijacked with porn sites; antivirus system pro alert keeps popping up; windows security alert keeps popping up

Hello pdmuhalk,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Please do this:1. Download HijackThis? here:http://www.trendsecure.com/portal/en-US/th.../hijackthis.php2. Click 'Do a System Scan and Save log'.The HJT log will open in notepad.Thanks,tea

4 more replies
Relevance 84.46%

While online an antivirus scan pop up appeared on my computer. Shortly after I was unable to access the internet. I have read many forums of programs to install to help, however with this virus I have been unable to run any executable file. I get a message windown security alert application cannot be executed. The file _.exe is infected. Do you want to activate your antivirus software. In addition I cannot access task manager as the same message applies. I cannot access add/remove programs. I cannot boot up in safe mode. Not one program will run, from as simple as the calculator or itunes, to word documents. I always get the application cannot be executed. File calculator.exe, itunes.exe is infected. I reinstalled firefox which now allows it to run. I am looking for any suggestions as I am not sure what to do with a virus that does not allow any other program to be executedI have gone through steps A and B and steps 1 through 6. Step A. My antivirus software was out of date so I tried to download each program one at a time. I was able to download each however when I go to run them I get an error - application cannot be executed. The file __.exe is infected. Do you want to activate your antivirus software. Step B. Same as with trying to open an antivirus program, file __.exe is infectedStep1 - Can go to control panel but add/remove programs will not come up - the file rundll32.exe is infected is what pops upStep2 - CCleaner downloaded but when trying to execute 'the cclea... Read more

Answer:Windows Security Alert - Antivirus scan pop up

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.Save Rkill to your desktop.There are 4 different versions. If one... Read more

1 more replies
Relevance 84.46%

I believe I have a virus on my computer. It constantly has a message up that say Windows Security Alert and tries to send me to this website named antispyeye.com to purchase antivirus software. It will not let me run my own Antivirus and will not allow me to access the majority of my programs. I ran Sybot search and Destroy and Avira in safe mode with nothing but avira coming up with a large amount of "warnings." I downloaded Malwarebytes Anitmalware but it will not run due to two errors. 1) MBAM_ERROR_EXPANDING_VARIABLES (0,9) and 2) MBAM_ERROR_MISSING_FILE (3,0,mbamswissarmy.sys). I also downloaded hijack this and have the log. Im not quite sure what to do and would appreciate any help. Thanks

Answer:WIndows Security Alert/ Fake Antivirus

Hi there,Boot your computer into safe mode ( By pressing F8 key in start) and then goto add/remove programs and remove anything you find suspicious. Clear your browser cache and then give a try else you need to scan your system with some good antivirus like Esset Nod32 .Best of luckImran Khanhttp://www.laptop-accessories4u.co.uk

3 more replies
Relevance 84.46%

While online an antivirus scan pop up appeared on my computer. Shortly after I was unable to access the internet. I have read many forums of programs to install to help, however with this virus I have been unable to run any executable file. I get a message windown security alert application cannot be executed. The file _.exe is infected. Do you want to activate your antivirus software. In addition I cannot access task manager as the same message applies. I cannot access add/remove programs. I cannot boot up in safe mode. Not one program will run, from as simple as the calculator to itunes, to word documents. I always get the application cannot be executed. File calculator.exe, itunes.exe is infected. I reinstalled firefox which now allows it to run. I am looking for any suggestions as I am not sure what to do with a virus that does not allow any other program to be executed

Answer:Windows Security Alert - Antivirus scan pop up

Read here: http://www.computerhope.com/forum/index.php/topic,46313.0.htmlStart new topic here: http://www.computerhope.com/forum/index.php/board,7.0.htmlDo NOT post any logs in THIS thread.

1 more replies
Relevance 83.23%

My computer has been infected with something called "Windows security alert". About every 5 second a warning pops up and wants me to to do a safety scan.
Also a window called antivirus soft pops up. I cant use Internet Explorer and my one virus program, Norton 360, has also been damaged.
Can anybody help me to remove this?

[b]
My DDS-file:
DDS (Ver_09-12-01.01) - NTFSx86
Run by Emma at 13:00:20,96 on 2010-02-09
Internet Explorer: 8.0.6001.18882
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.46.1053.18.2046.917 [GMT 1:00]

AV: Norton 360 *On-access scanning enabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton 360 *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C... Read more

Answer:Infected with Windows security alert/Antivirus soft

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 83.23%

I'm currently running windows xp home sp1.I have a a notification message on my toolbar that's constantly popping up that reads:"Windows antivirusWindows has detected spyware infection!It is recomended to use special antispyware tools to prevent data loss. Winodws will now download and install the most up-to-date antispyware for youClick here to protect your computer from spyware"On a potentially related note, I also receive an error message popup about every two minutes that states there is a windows security alert.I ran adware 2007 on it last night and deleted about malicious/spyware files.Here is my HJT log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:51:22 AM, on 11/26/2007Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\shell.exeC:\Program Files&#... Read more

Answer:Windows Antivirus Toolbar Popup/security Alert

I found this topic that seems related to my issue, though i don't want to do anything that may be unnecessary/harmful for my particular situation.http://www.bleepingcomputer.com/forums/lof...5B/t107817.html

3 more replies
Relevance 82.82%

Hi all

Recently've had a piece of spyware that gives me a message box from the system tray saying things like "Security Alert: Spyware Found" or "System Alert: Malware Threats". It's bvious it's spyware cos it's trying to flog a removal tool and the spelling isn't all there...

After searching the foums for a solution, and going on what's been done on previous, similar cases, i've tried what's been said to them (HijackThis, SmitFraudFix & Spy Sweeper) All to no avail. Below are the results of Hijack this and SmitFraudFix respectively. Can anyone give me an idea of how to get rid of this?

Thanks

Logfile of HijackThis v1.99.1
Scan saved at 12:41:03, on 14/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.ex... Read more

Answer:Security Alert: Spyware/Malware/Trojan Found

NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

Download this file :
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall

=====================
Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others as they were.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found a... Read more

1 more replies
Relevance 82.41%

I know you can help me with this - but I'm entirely lost.I'm getting notifications/pop ups from AV security suite saying my computer is infected, "Application cannot be executed. File xxxx is infected. Do you want to activate your antivirus software now?."Odd thing - This is happening on two machines, which to the best of my knowledge have never shared a removable drive, and haven't even visited the same websites for months - my desktop running XP and my wifes laptop running Vista.I'm also seeing the (I assume) associated windows security alerts and spyware alerts windows.In the AV suite window I'm seeing malware names such as "Backdoor win32, and Downloader win 3...On my XP machine I had it in to the "Easy Techs" a short time ago - for a virus removal [trojan AV] which obviously didn't remove it. I haven't experienced any of the Trojan AV virus on wifes laptop and the AV suite thing is new and started on both  (seperate machines) at the same time?I haven't downloaded any fixes or requested any help anywhere else for this issue.can you help please?

Answer:I too have AV security suite and Trojan AV issue, windows security alert, etc

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.Save Rkill to your desktop.There are 4 different versions. If one of them won't run then download and try to run the other one. Vista and Win7 users need to right click Rkill and choose Run as Administrator You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.* Rkill.exe* Rkill.com* Rkill.scr* Rkill.pifOnce you've gotten one of them to run then try to immediately run... Read more

14 more replies
Relevance 81.59%

Okay, I come home. I go on my computer my anti-virus bitdefender alerted me of a trojan attacking my system. It said it could not disinfect it so it deleted but it still keeps poping up. I see my windows security center was a big red X in my task bar so i checked it and Malware protection wont turn on it lags and then says it's uncompatable? Then it says my anti virus bitdefnder 2009 internet security is reporting its status to WIndowSecurity Center in a format that is no longer supported. Use the program's automatic updating feature, or contact the program manufactuer for an updated version. I have no idea what this means... I have windows vista ultimate 32bit. I had something on my computer a week ago and i had pop ups and i had an msa.exe virus i got rid of it but not my anti virus is not working... I am sacnning with malwarebytes but so far nothing. Another thing is i assighned bitdefender as my virus protection now it is all saying it's uncompatible and windows defender has takin over. I have a high jack this log here.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:10 PM, on 20/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\s... Read more

Answer:Everything in security center not working had trojan alert. Cannot open antivirus.

16 more replies
Relevance 81.18%

Guys,
This problem has been around for a while and I somehow contracted it last night or today on my desktop. I have a Dell 2350. I cannot launch any applications including IE without getting a message that says:

"Application cannot be executed. The file "name such as mswinext.exe" is infected.Do you want to activate your antivirus software now?"

I am on a laptop to try to get help. The problem seems to get worse the longer I leave my desktop on trying to fix it... I tried booting in safe mode but no luck. The only thing that it appears I can do is run msconfig before the problem gets started. I have the list of items in my startup if one of you guys could take a look and see if you recognize the problem. I saw in some other post the recommendation to disable something in the startup list but it wasn't in my list.

Please let me know your thoughts. This is rediculous...
Thanks,
Brad

Answer:Please Help! Trojan - Windows Security Alert

Here is the list of items I see on the startup tab when I run msconfig:

igfxtray
hkcmd
hpwuschd2
psdrvcheck
isw
sprtcmd
blsloader
avgnt
groove monitor
vvx3000
qttask
nmctxth
nmapp
mswinext
defmgr
setpoint
ctfmon
nmbgmonitor
msmsgs
google update
google toolbar notifier
tivo transfer
asl
nwmh fopaffm
aawtray
adobe arm
adobe reader speed launcher
itunes helper
logitech vid
logitech quick cam ribbon
nero check
skype
super anti spyware
tivo server
tive transfer
win amp agent
mcafee security scan plus
mcafee security scan

5 more replies
Relevance 81.18%

I have a big problem i think my computer is infected by a virus and i cannot get rid of it.

A windows security alerts pops in all the time to make me purchase some products. I keep running SPYBOT and Adaware but it keeps coming back.

I dont know how to get rid of it. Please help me. I ran Anti Malware Malware. It detected more 100 malwares. I got rid of all of them but i've got couple of them left that i cannot get rid of. Here's my Hijack this log. Please Please help me i'm desprate. I have windows Vista.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49:21 PM, on 8/23/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\ProgramData\bkhgdmxu\dyxitohk.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\pqhmdclw.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Awar... Read more

Answer:Windows Security Alert Trojan

16 more replies
Relevance 81.18%

i have got some kind of virus/trojan. in the toolbar its shows a windows security alert reporting my computer's infected. its also prevents any anti virus running as a security warning pops up saying

'application cannot be executed teh file msiexec.exe is infected. do you want to activate your antivirus software now?'

i have an unknown process running in the task manager:

dqsymdotssd.exe

When i end the process the entire pc freezes and so i have to restart.

i've tried running malwarebytes but the security alert pops up and prevents it running. same thing with smitfraudfix.

i would appreciate any help removing this please.
 

More replies
Relevance 81.18%

Our Windows XP machine is getting pop ups which have the heading Windows Security Aleart and that we have a Trojan. The actual trojan differs each time last time it was Trojan-downloader.Win32.Agent.bz.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:17 PM, on 13/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Cisco Sy... Read more

Answer:Windows security Alert - Possible trojan

16 more replies
Relevance 80.36%

I was infected by the Anitvirus XP 2008 malware.I did the following1) Spyhunter to remove it. 2) SDFix to put my settings back. Task Manager back, Windows back ground back.3) Ran ComboFix.This seemed to fix 99% of the problems. ButWhen I open IE sometimes the Window Security Alert pop with some form of trojan=spy-win.32.keylogger.aa warning. I know this is probably just malware directing me to a site to purchase software but want to be sure before logging into any sites, which I have not done.Seems I have run everything there is to run to remove this.Hope someone can help remove this.RandyHere are the Deckard's System Scan filesDeckard's System Scanner v20071014.68Extra logfile - please post this as an attachment with your post.---------------------------------------------------------------------------------- System Information ----------------------------------------------------------Microsoft Windows XP Professional (build 2600) SP 2.0Architecture: X86; Language: EnglishCPU 0: Intel® Core™2 Duo CPU T7250 @ 2.00GHzCPU 1: Intel® Core™2 Duo CPU T7250 @ 2.00GHzPercentage of Memory in Use: 21%Physical Memory (total/avail): 2046.11 MiB / 1615.01 MiBPagefile Memory (total/avail): 3938.23 MiB / 3674.1 MiBVirtual Memory (total/avail): 2047.88 MiB / 1921.37 MiBC: is Fixed (NTFS) - 146.47 GiB total, 131.97 GiB free. D: is CDROM (UDF)E: is Removable (FAT)\\.\PHYSICALDRIVE0 - ST9160821AS - 149.05 GiB - 3 partitions \PARTITION0 - Unknown -... Read more

Answer:Windows Security Alert -trojan=spy-win.32.keylogger.aa

Hello help2008,I apologise for the delay, the forum is too busy.----------------------------------------------Download and Run HijackThis Download HJTInstall.exe to your Desktop. Doubleclick HJTInstall.exe to install it. By default it will install to C:\Program Files\Trend Micro\HijackThis . Click on Install. It will create a HijackThis icon on the desktop. Once installed, it will launch Hijackthis. Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. Copy/Paste the log to your next reply please.Don't use the Analyse This button, its findings are dangerous if misinterpreted. Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

2 more replies
Relevance 80.36%

Hey so today I turn on my computer and I have this awful trojan that doesn't allow me to open any programs for more than .2 seconds or do much of anything except get spammed by constant 'Windows Security Alerts' filling up my toolbar and the unavoidable popup "Application cannot be executed. The file _____ is infected. Do you want to activate your antivirus software now?" Also occasional popups to adult sites which I've never had before....The problem seems to be getting worse and worse and I'm in serious need for help. The creator of this threadhttp://www.computerhope.com/forum/index.php/topic,95177.0.htmlseems to have had the same problem as me. But when I get to the step where he was told to run Rkill I can't get any of them to open. I also can't get the superantispyware or emisoft programs to run either to help me get rid of my problem... ive also tried spybot snd and Avira to no avail. I've also tried running in safe mode(which works) and deleting all my temporary files(not 100% sure if I did it right). I know I'm not supposed to try to fix this by myself so im coming here for your help, please save me! http://www.computerhope.com/forum/index.php?PHPSESSID=3ffee808e87822e364bca900fba99709&/topic,46313.0.html

Answer:Windows Security Alert Trojan??? Critical need help!

Please reboot to Safe Mode with Networking (tap the F8 key just before Windows starts to load and select the Safe Mode with Networking option from the menu).Then, do the following...Please visit this webpage for a tutorial on downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixSee the area: Using ComboFix, and when done, post the log back here.

3 more replies
Relevance 80.36%

Hey all,Working on my girlfriend's dad's (there's a tongue-twister) IBM laptop - he has the fake Windows Security Alert virus described at http://www.bleepingcomputer.com/virus-remo...ssentials-alert.I've gone through that guide, as well as a few others related to this specific piece of malware, to no avail. The malware is blocking almost any exe file from running, including taskmgr and regedit - it doesn't even allow the other window to open, it just moves its own window to the top and refuses to close. No Firefox, no IE, no nothing.Every link to every renamed rkill iteration has not worked for me - the window opens and closes instantly, returning to the fake antivirus screen. exeHelper stays open and appears to run fine, but does not cause the malware to close. When I run ComboFix, the blue bar pops up and fills up next to the cougar logo, but then disappears and pops back to the fake antivirus.(Sorry for running ComboFix unrequested - just figured I'd try everything myself before I came crying for help. I've built two PCs so I'd like to think that I wouldn't have bricked someone's laptop armed with only ComboFix.)Despite the program not closing, I decided to try the Malwarebytes program - which removed a couple of other pesky bits of malware he was dealing with, but did nothing to the fake Windows Security Alert. Not sure if I'll be able to post logs at the moment - the laptop currently doesn't have a working web browse... Read more

Answer:Fake Windows Security Alert trojan...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

2 more replies
Relevance 79.95%

After turning my computer on this morning I received a Balloon pop up from Windows security Centre (red shield in the system tray) informing me that No antivirus and firewall are currently running. I have online armour and AVG Free installed and running (and have had for years). I have tried deleting the contents of WINDOWS\system32\wbem\Repository so the data base could be rebuilt upon start up, no success.

Please note:
- I Have XP professional with Sp3 installed
- AVG and online armour are running fine
- I do not wish to tick the monitor my firewall/antivirus Option found in windows security centre recommendations
- I installed Skype’s whiteboard meeting app last night, besides that nothing has changed from yesterday.

Any Help on this would be greatly Appreciated.
Thanks,
Tom

Answer:False 'No Antivirus' and 'Firewall Running' Alert from Windows Security Centre (system tray)

Never used it myself but this may help: How To Use Dial-a-fix To Repair Windows Internals Problems http://www.bleepingcomputer.com/forums/topic160132.html

16 more replies
Relevance 79.54%

Thunder, I ALSO have a virus that pops up and says Windows Security Alert and trojan-spy.win32.keylogger.aa or trojan-spy.win32.bankfraud.aa and a few others. The only thing it lets you click on is enable protection. That screen then takes you to a site that offers some virus removal software. I'm not sure if I should be doing the same instructions that where given to hawks32 on August 24th 2008 under the same title but I have cleared my caches and temp files and generated my logs :Thank you in advance for any help!-HIJACKTHIS:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:02:49 PM, on 9/2/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS ... Read more

Answer:Windows Security Alert And Trojan-spy.win32.keylogger.aa

Hello and welcome to BC...Please download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.

13 more replies
Relevance 79.54%

Hello!

I am a new and reluctant member of the trojan/malware/virus world and certainly appreciate your assistance!

Suddenly, Firefox kept opening on its own, either as a tabbed page or its own window, and would open to some seemingly random advert.

The bug is bringing up a "Windows security alerts" red shield with an x on it on my icon tray (lower right of the start bar). Clicking on the icon brought up a faux-microsoft page telling me that my computer was infected and that it wanted me to download a file to fix the problem. I did not do so.

Also, Windows Automatic Updates is switched off when I click on the red x-shield icon on my start bar, BUT when I check Windowns Automatic Updates via the Control Panel, it looks as if they are on...

Following the instructions on another thread in this forum, I ran Malwarebytes and Spybot multiple times, fixing the errors after each run. HOWEVER,
I still have the red-x-shield on my icon tray.

I am running Windows XP Home Edition Version 2002 Service Pack 2.

HERE IS THE LOG FROM MALWAREBYTES RUN #1.Malwarebytes' Anti-Malware 1.31
Database version: 1550
Windows 5.1.2600 Service Pack 2

12/28/2008 5:15:46 PM
mbam-log-2008-12-28 (17-15-30).txt

Scan type: Full Scan (C:\|)
Objects scanned: 269614
Time elapsed: 3 hour(s), 58 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 11
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Inf... Read more

Answer:fake Windows Security Alert - Trojan/Malware

16 more replies
Relevance 79.54%

I have a virus that pops up and says Windows Security Alert and trojan-spy.win32.keylogger.aa or trojan-spy.win32.bankfraud.aa and a few others. The only thing it lets you click on is enable protection. That screen then takes you to a site that offers some virus removal software. Please help!Here is my hijack this log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:30:48 PM, on 8/24/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Lexmark 1300 Series\lxdcamon.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\knwbwdar.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDO... Read more

Answer:Windows Security Alert And Trojan-spy.win32.keylogger.aa

Hello Hawks32 and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed... Read more

7 more replies
Relevance 79.54%

I have a Windows Security Alert box pop up every time I use the internet and randomly while I'm on the web. It always says something about a Trojan-spy.win32.keylogger.aa or Trojan-spy.win32.bankfraud.aa, the only option it gives is to "enable protection." But that only takes you to a website to download a fake anti-spy program. Anyone know how to get this off?

Answer:Windows Security Alert - Trojan-spy.win32.keylogger.aa

Hi hawks32,Two things: First, the infection Trojan-spy.win32.keylogger.aa is a key logger. It looks for certain keystrokes and the emails them to its originator. It is designed to look for financial information. If you do on-line banking, or other financial transactions on this computer, please contact those institutions immediately and check to see if your accounts have been compromised. Here is the write up I found via Google : Trojan-Spy.Win32.KeyLogger.aaSecond, I noticed you have an open HJT log. you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make may cause confusion for the member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally... Read more

1 more replies
Relevance 79.54%

I have the same problem that hawks32 had on August 25th but mine started showing up yesterday on a fake Windows Alert for Trojan-Spy.Win32.Keylogger.aa. I know it is fake by the block and unblock were grayed out ... Now how do I get rid of this??? ...

I have systematically been trying to fix this box since the 25th that started with the joke.blushod. I have downloaded and researched everything to get rid of the first one including malware. It did get rid of it at first then showed back up yesterday with a lot more.

I ended up buying Kaspersky Internet 2009 ... got rid of some of the problem. Then Spyware Detector got rid of some more. The windows XP automatic update is failing due to requesting MicroSoft Professional location for FrontPage even though this is Windows XP Home Edition.

I then ran sdfix (which finally grabbed the identified .exe for joke.blushod and deleted. I then ran combofix. But after combofix ran norton did not come back even after a reboot though Kaspersky's is back up. I don't know how to interpret the combofix log and since the fake windows alert is still happening and the windows updater won't work I am assuming that I cleaned up more ... but still not all.
I would appreciate any help I can get to fix this issue as one of the windows updates was to fix a security breach.

Please help as I know this box is infected with more and I have three other computers on this home network and want to protect them !!!!

Answer:Windows Security Alert - Trojan-spy.win32.keylogger.aa

Block and unblock were grayed out on what? Kaspersky virus warning?I have systematically been trying to fix this box since the 25th that started with the joke.blushod. I have downloaded and researched everything to get rid of the first one including malware. It did get rid of it at first then showed back up yesterday with a lot more.Would like a little more data here. What programs did you download and run to try and get rid of the joke BSOD?I then ran combofix. But after combofix ran norton did not come back even after a reboot though Kaspersky's is back up. I don't know how to interpret the combofix log and since the fake windows alert is still happening and the windows updater won't work I am assuming that I cleaned up more ... but still not all.Running combofix without experience with it is VERY dangerous to your system. There is a warning at the top of your post in big bright blue letters:When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.AND FINALLY, to get rid of the win32.keylogger.aa, try this:1. Download Malwarebytes? Anti-Malware (mbam-setup.exe) and save it on your Desktop.2. After downloading, double-click on mbam-setup.exe to install the application.3. Follow the prompts and install.4. Before the installation completes, che... Read more

4 more replies
Relevance 78.72%

I continue to get popups that tell me i have a Windows Security Alert.The following items are listed:Trojan-Downloader.win32.agent.bqTrojan-Spy.win32.greenscreenTrojan-spy.win32.keylogger.aaTrojan-clicker.win32.tiny.hI have downloaded and run Malwarebytes' Anti-Malware. It initially found 8 infections and removed them. Upon reboot i continue to get the same popups. When i now run Malwarebytes it does not find any infections yet the pop ups continue.I have used ATF cleaner to remove all temp files, cookies, etc....I have downloaded and run HiJackThis.Below is the log from that session:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 01:52, on 2008-08-27Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\IPSSVC.EXEC:\Program Files\ThinkPad\ConnectUtilities&#... Read more

Answer:Need Help Removing: Windows Security Alert - Trojan-spy.win32.greenscreen And Others

HIPlease post the log from Malwarebytes' Anti-MalwareThen ... Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-O4 - HKCU\..\Run: [dben] C:\WINDOWS\system32\ormfqzcv.exeO4 - HKCU\..\Run: [AppGenAdm] C:\WINDOWS\system32\lqzwbsvc.exeTHEN ...Please run a Kaspersky Online Scan Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner Click AcceptYou will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make sure that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard)
Scan Options: Scan Archives Scan Mail BasesClick OK Now under select a target to scan: Select My ComputerThe program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button:Once finished, save the log to your Desktop as filename KAV.txtTHEN ...Please follow these directions to run Combofix & post a log.http://www.bleepingcomputer.com/combofix/how-to-use-... Read more

2 more replies
Relevance 78.31%

Hello, all

I've got this little yellow triangle in my tray (bottom right corner) that continues to flash and tell me things like "security alert: spyware found, PSW.x-Vir trogan" .
My browser has been hijacked, trying to sell me a cure.
After searching these threads for a real cure, it looks as if each case is different.
any help is welcome
Thank You, jpass
 

Answer:Solved: Security Alert: Spyware found

16 more replies
Relevance 78.31%

i got a virus acting up that was fixed for someone else so i am starting a new thread for mine...i followed the initial instructions in the other thread so mabye someone can help me from there.....
thanks in advance and i will be heading to work soon so will check back later.

Logfile of HijackThis v1.99.1
Scan saved at 6:19:54 PM, on 4/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Video ActiveX Object\pmsnrr.exe
C:\Program Files\Video ActiveX Object\isamntr.exe
C:\Program Files\Video ActiveX Object\pmmnt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Video ActiveX Object\isamini.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.e... Read more

Answer:Solved: Security Alert: Spyware found

16 more replies
Relevance 78.31%

I keep getting these bogus virus alerts from my icon tray trying to sell me bestseller antivirus software. I have kasperky and spysweeper installed and neither find this. I tried restarting in safe mode and running smitfraudfix after turning off automatic updates and here is what I got:
SmitFraudFix v2.253

Scan done at 15:05:06.53, Sun 11/18/2007
Run from C:\Documents and Settings\BB\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5AE64F42-8EEE-4802-964E-D839E4387B96}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5AE64F42-8EEE-4802-964E-D839E4387B96}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5AE64F42-8EEE-4802-964E-D839E4387B96}: DhcpNameServer=192.168.1.2... Read more

Answer:Solved: Security alert: spyware found

10 more replies
Relevance 77.9%

after a reinstall of windows xp sp2 (not clean install, repair type but not automated something repair) i got two new tray icons. if you mouse over the yellow triangle says "your computer is infected," and the red circle with the x says "windows has detected spyware infection. click here to protect your computer from spyware." a popup keeps jumping in saying "windows antivirus saw you got someone else cleared so thought i'd ask for some help. i did forget to turn off mcaffee prior to that reinstall. wondered if i should just turn it off and try the reinstall again. tried combofix without any change. tried smitfraud also without benefit.
 

Answer:Solved: windows antivirus alert persists

here's the hijack this log
Logfile of HijackThis v1.99.1
Scan saved at 1:42:43 PM, on 05/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\AOL\1157685862\ee\AOLSoftware.exe
C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FAPIEXE.EXE
C:\Program Files\Ameri... Read more

2 more replies
Relevance 77.9%

Hello and thanks in advance for your help.

Every few minutes, I get a different Windows Security Alert popup notifying me that my firewall has detected activity of harmful software. The names on the popup alerts are as follows:

Trojan-Clicker.Win32.Tiny.h
Trojan-Spy.Win32.KeyLogger
Trojan-Spy.Win32.GreenScreen
Trojan-Spy.HTML.BankFraud.dq
Trojan-DownLoader.Win32.Agent.bq

When I click on the available popup action, it takes me to a spammer site (http://www.antispyware-review.biz/). I ran Ad-Aware (the free version) and it found/quarantined a couple Trojans, but didn’t take care of the popups.

I’ve read a similar post of an infected PC and realize that there are several steps in identifying the correct files and registry entries, which may be unique in each instance.

Below I’ve included my HijackThis log and HiJackThis Uninstall List. The ComboFix.txt file will be sent in a subsequent post since I've exceeded the character length in this post.

I’d appreciate your help in walking me through the process!

---------------------------
Here is my HiJackThis log
---------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:28 AM, on 10/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System3... Read more

Answer:Windows Security Alert popup: Trojan-Clicker.win32.tiny.h

Here is my ComboFix.Txt file referred to in my previous post.
Thanks again for your help.

ComboFix 08-10-19.04 - HP_Administrator 2008-10-21 11:38:56.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1440 [GMT -7:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-09-21 to 2008-10-21 )))))))))))))))))))))))))))))))
.
2008-10-21 11:28 . 2008-10-21 11:28 61,224 --a------ C:\Documents and Settings\HP_Administrator\GoToAssistDownloadHelper.exe
2008-10-21 10:09 . 2008-10-21 10:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-20 09:57 . 2008-10-20 09:57 <DIR> d-------- C:\Program Files\Lavasoft
2008-10-20 09:57 . 2008-10-20 09:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-20 09:55 . 2008-10-20 09:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-19 09:46 . 2008-10-19 09:46 <DIR> d-------- C:\Program Files\ynewmsc
2008-10-19 09:46 . 2008-10-19 09:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\pupmfody
2008-10-19 09:46 . 2008-10-19 09:46 77,824 --a------ C:\WINDOWS\system32\bcrcxuhe.exe
2008-10-19 09:46 . 2008-10-19 09:46 156 --a------ C:\Documents and Settings\HP_Administrator\delself.bat
2008-09-28 16:06 . 2008-09-28 16:06 <DIR> d-------- C:\Documents and Settings\Patty\Application Data\McAfee
2008-09-24 08:05 . 2008-09-24 08:05 <... Read more

1 more replies
Relevance 75.85%

Hello,
A few minutes after starting my computer I get a pop up that reads:
----------------------------------------------------------------------------------------------------
Windows Security Alert
Warning! Potential Spyware Operation!
Your computer is making unauthorized copies of your system and Internet files. Run full scan now to prevent any unathorized access to your files! Click YES to download spyware remover...
-----------------------------------------------------------------------------------------------------
I can not close it and it remains on top of anything on the screen. I have tried ctrl+alt+delete to get the task manager to end program it has no effect on the pop up.

I need to know how to get rid of this.

I have read some of the other posts concerning this problem and the solution seems to vary from system to system. The one thing they all had in common was to ask for a hijackthis log
So I downloaded and ran this on my computer the results follow...
Thank you.
------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:29:53 PM, on 10/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.e... Read more

Answer:Solved: Windows security alert pop up.... help

10 more replies
Relevance 75.85%

hey guys I'm new to using hijackthis but after some searching i found out it would be good to use for this situation. I keep having recurring popups titled "Windows Security Alert" and "Spyware Alert" they seem to pop up almost every minute. When i try to close them or hit "No" when they ask me to download their software, they automatically redirect me to a web site (luckily i have the network unplugged so it cant download anything silently...)

I'm hoping you guys could help me out with discovering where the problem is... ive used msconfig to turn off anything i could find and ive run 2 antivirus programs (avast and trendmicro) and Spybot S&D and Ad-Aware... Ive also tried to turn off almost all processes in Task Manager while the system was running just to see if it would stop but i havent found out which process does it.

Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:43 PM, on 8/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RU... Read more

Answer:Solved: Windows Security Alert pop ups

11 more replies
Relevance 75.85%

Hi

I have a persistent pop-up which appears every couple of minutes. If anyone can help I'd be very grateful.

The exact text in my pop up is as follows...

Warning! Potential Spyware Operation!

Your computer is making unauthorized copies of your system and Internet files. Run full scan now to prevent any unathorised access to your files! Click here to download spyware remover...

There is also an icon in the task bar which shows the following message....

Your computer is infected!

Windows has detected spyware infection!

It is recomended to use special antispyware tools to pervent data loss. Windows will now download and install the most up-to-date antispyware for you.

Click here to protect you computer from spyware!

I searched Google and it led me to this website where someone has posted a thread re a similar problem and received this response from user MFDnNC

download HJTInstall.exe
Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hija... Read more

Answer:Solved: windows security alert pop-up

16 more replies
Relevance 75.85%

Every time I restart I get the notice that my MSE is not turned on. It Has done this for about a year and thru two reinstalls. Nuisance). Any ideas please ?
 

Answer:Solved: windows security alert

16 more replies
Relevance 75.85%

I recently experienced a “Windows Security Alert” pop-up.

It listed following “Detected spyware and adware on your computer: “………….. Filename:
……………………Trojan.Vundo!gen5………………………………………..keyboard.sys
[email protected]Win.exe
……………………Suspicious.MLApp…………………………………………cdplayer.ini
……………………Trojan.Thuxeme!inf………………………………………....bootstat.dat
……………………Backdoor.Tidserv…………………………………………..nsreg.dat

The pop-up was on a web page with following address…
http://www1.firesavez6.com/~~~~~~~~ (followed by a whole bunch of characters )

I got real suspicious when it wanted me to [remove all] and I did nothing. I exited out of the page and performed a system check with my virus program. (Found nothing!)
Ran Spybot S&D and Ad-Aware. ( Found nothing!)

The system is running great and haven’t had this pop-up since.

Has anyone info on this? It’s a first for me.
 

Answer:Solved: Windows Security Alert??

You browser probably got hijacked....happens to me sometimes....just get out of it and don't click on anything

but just to check you can post your hijackthis log

You could post your HijackThis log and see if anything shows up
Download HijackThis to your desktop

Double click on HJTSetup.exe on your Desktop
Click Run and Install
It will install to Program files by default
it will launch Hijack This
Click on "scan system and save a logfile" usually in notepad
Copy and Paste the logfile in your next post
Using Ctrl+A to copy All and Ctrl+C to copy and Ctrl+V to paste.

 

3 more replies
Relevance 75.85%

Hello all,
this is driving me crazy--
i used use Iolo system mechanic pro. didnt like it and tried to uninstall it as per there instructions.
decided to try avg. it wont install because it says iolo is still there.
Windows security alerts says
Iolo antivirus is on but is reporting its status to windows security center in a format that is no longer supported..
ive tried to find any files related to this and deleted the ones i saw.
im worried about not having any antivirus protection.. i dont what to do..
i am using a dell laptop inspiron 1525
vista home.all up to date on windows updates..
ive read related posts nothing has worked for me.
can someone please help me.
thank you.
 

Answer:Solved: Windows security alert

12 more replies
Relevance 75.85%

My wife is running Windows XP, Norton Internet Security 2009 and uses Mozilla Firefox as her browser. She got an alert window from something calling itself "Windows Web Security" saying her computer was at risk, she tried to close the window but it ran a scan instead, reported that it found numerous trojans and prompted for action. She tried to close that window too with no luck.

Also, may be related, Norton keeps alerting that the advanced protection setting is off, when turned on, it will not stay on.

Here are the things I think you need to give me some direction on fixing this it it is indeed a problem or infection.

Thanks,

DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 13:49:00.51 on Mon 06/01/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.332 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program... Read more

Answer:[SOLVED] Windows web Security Alert?

Update mon the previous post - This morning her Norton Internet Security did not start and when I manually started it, reset the settings and tried to apply these changes, they all went back to the "off" position. So currently she cannot use e-mail or any other internet based process because they are not being scanned by Norton. Help!

1 more replies
Relevance 75.03%

I keep getting what I believe is a fake windows security alert, which reads:
Warning! Potential Spyware Operation!
Your computer is making unauthorized copies of your system and Internet files ....

I cannot access Control Panel. Cannot print and the computer does not recognize me as the administrator.

Please HELP!!!!!!!!!
 

Answer:Solved: Fake windows security alert

15 more replies
Relevance 75.03%

I noticed problems after I visited a website that was associated with 'Zango'. A box with an agreement was required to be acted on in order to continue to the website. The options were backwards, the 'ok' button would close the window and the 'cancel' button would download the Zango software. Quickly acting, I made the mistake of clicking 'ok' and within a few minutes my firewall had unexpectedly turned OFF.

Then shortly after, my virus protection (McAfee VirusScan Enterprise 8.50i) automatically turned OFF. I quickly went into Windows Security and turned both back on. Then I opened McAfee and ran a scan on 'Local Drives', several detections as trojans (I don't have the names) came up, they were shown to be cleaned and deleted. However, that did not solve the problem.

I restarted and another Window Security Alert popped up as Automatic Updates as OFF. I tried several different ways to enable this, all of them failed. I ran another scan with McAfee, this time a full scan and nothing came up. Meanwhile, windows with advertisements were popping up.

I have WinXP SP3, any help would be extremely appreciated.

I followed the instructions below.



DDS (Version 1.1.0) - NTFSx86
Run by Owner at 0:29:38.20 on Sun 12/21/2008
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.551 [GMT -6:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\s... Read more

Answer:[SOLVED] Windows Security Alert/Malware

Hello, and welcome to TSF.

I am currently reviewing your log. I will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

12 more replies
Relevance 74.62%

My computer was recently infected with the System Security trojan and Windows Anti-Virus Pro.....I downloaded and ran Malwarebytes but still have problems with it..... Please help. Some of my main problems are that I cannot create any system restore points...I also have Norton Antivirus installed however it will not scan my computer...
DDS (Ver_09-07-30.01) - NTFSx86
Run by Britt Bodensteiner at 10:29:45.12 on Fri 07/31/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_14
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3002.1400 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32... Read more

Answer:Trojan/Malware - system security/windows antivirus pro

Hello bjboden and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resu... Read more

2 more replies
Relevance 74.62%

Hello, I have a bunch of fake anti spyware viruses, they won't let me download things like malware bytes or such and also mess with my browser by sending it random places. I also receive a bunch of messages that say " there's a trojan attacking you, download and buy protection here," and popups with the same gist. By name they are paladin antispyware, xp pro 2010, a windows security fake, and possibly more that I just can't see. I'm having trouble downloading programs that are necessary to removing the viruses, which makes it all more difficult. It's also not starting in safe mode, for whatever reason. here's the DDS AV: Paladin Antivirus *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exeC:\WINDOWS\system32\igfxtray.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\EeePC\ACPI\AsTray.exeC:\Progra... Read more

Answer:paladin, xp, windows security trojan "antivirus programs

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

7 more replies
Relevance 74.62%

I seem to have a common problem that I think I have partly fixed but still have some problems. Here is my tale of woe.

I had the "Windows Security Alert: Warning! Potential Spyware Operation..." popup along with the restriction of my access to the Control Panel and to Windows Updates and it changed my default browser to IE and my homepage to Google. I booted in Safe Mode and ran Spybot and AVG Antispyware and deleted whatever they found, then ran AVG Antispyware 7.5 which found a Trojan that I quarantined. I booted normally, still got the popup, still had no access to Windows Update, but gained access to Control Panel although most features were restricted. As well, during bootup I got a message in a box with a title bar of "16 Bit MS-DOS Subsystem" and the box text was
"C:\WINDOWS\System32\command.com
C:\WINDOWS\SYSTEM32\AUTOEXEC.NT. The system file is not suitable for running MS-DOS and Microsoft Windows applications. Chose close to terminate the application."
I chose close and bootup continued.

I then went to Run: gpedit.msc and was able to restore access to my Control Panel contents and to Windows Update, installed the most recent Windows updates, rebooted, and now the popup is gone. However, now every time I bootup I get a box with the title bar "C\WINDOWS\system32\printer.exe" and box text "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." Other... Read more

Answer:Solved: Bogus Windows Security Alert Popup

16 more replies
Relevance 74.62%

I posted here in mid-July and MNDnNC helped me tremendously. Unfortunately, whatever source started this thing got hit again by one of my kids and I'm infected again.

I've done the following:
New Vundo Fix
New ATF Cleaner
New Combo Vix
Run SuperAntiSpyware

Here are the logs:

Hijack This:
Logfile of HijackThis v1.99.1
Scan saved at 2:27:48 PM, on 8/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Gateway Wireless Monitor\WLService.exe
C:\Program Files\Gateway Wireless Monitor\WLan... Read more

Answer:Solved: Its Back...The Fake Windows Security Alert

8 more replies
Relevance 74.21%

Someone please help me! I keep recieving a n error message saying "security alert: spyware found" on my task bar, it has a little yellow triangle with an exclamation mark in the middle. It says click baloon to remove PSW.x-Vir spyware. then it opens up to Virusblast, or several different other anti virus ware. I have anti virus protection installed, spyware protection and all my scans come back clean. I've already lost one hard drive due to a virus, lost everything because I did not back up and this time I dont want to make same mistake. can anyone help me get rid of this? also, I keep getting dirty pictures that just seem to pop up on my computer, I leave the room and when I come back there it is porn pictures. I dont visit these sites. what is going on with my computer???
 

Answer:Solved: Security Alert: PSW.x-vir trojan popping up!

16 more replies
Relevance 73.8%

Hi, I hope someone can help me with this. There are several similar posts but the resolution seems to be system specific and not being very savy I wanted to have someone check.
Two days ago I started receiving the following pop-up:

Windows Security Alert Warning! Potential Spyware Operation! Your computer is making unauthorized copies of your system and internet files. Run full scan now to prevent any unautorrized access to your files! Click YES to download spyware remover...

I have access to Task manager but lost access to Control Panel. After running the current version of SpybotSD tonight the control panel reappeared in the settings menu but I cannot access Add/Remove Programs or System Settings. I get a window stating: This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator. Of course I am the administrator as this is a home computer. I have been making the popup go away by clicking No (I realized now this may be no better than clicking Yes).

I have run the Hijackthis log and it is pasted in below. My system is as follows (don't laugh)
Dell Dimension XPS D300 pentium II - Windows XP Pro (SP1) - 384meg/80gb harddrive. I use AVG virus scan (current version), and BSafeonline internet filter with popup and firewall protection. I scan with Ad-aware SE personal and spybot routinely.

Thanks in advance for any help you can give me.

Brass Man

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:41:2... Read more

Answer:Solved: Windows Security Alert Pop-up; no control panel access

10 more replies
Relevance 73.8%

I keep getting a Windows Security Center-Alert pop-up about every 5 min. When I try and close this pop-up I get redirected to an Antispywarenetwork page(www.antispynet.com). I've tried to get rid of it a few times but it keeps coming back. Any help will be greatly appreciated. Thank you in advance.

WinXP, service pack 2

Logfile of HijackThis v1.99.1
Scan saved at 12:22:52 PM, on 8/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\ThemeManager\wbload.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\a... Read more

Answer:Solved: Windows Security Center-Alert(pop-up), hijackthis log included

14 more replies
Relevance 72.98%

Access to control panel is blocked, and "Windows Security Alert" keeps popping up. I have already tried SmitfraudFix, SDFix and ComboFix after reading other threads reporting the same problem, but the problem persists.

Below is my hijackthis.log. Please kindly help. Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:25:02, on 26/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\msanton... Read more

Answer:Solved: Control Panel Access Blocked & Windows Security Alert

Click here to download Dr.Web CureIt and save it to your desktop.

Doubleclick the drweb-cureit.exe file and allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:

If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new HijackThis log.

 

3 more replies
Relevance 72.98%

Hello,
My windows security alert says that my AV (VirusScan Enterprise + AntiSpyware Enterprise) is out of date. I right-clicked the McAfee shield in the system tray, selected update, and the download ran successfully. I restarted my computer, and the security alert is still there. Is there something I am missing?

Also, since the security alert has been up, my CPU usage has been very high - up to 100% at times. According to my task manager, the culprits are generally McScript_InUse.exe and vstskmgr.exe. I would like help getting it back to normal.

Thanks in advance!
 

Answer:Solved: McAfee issues: Windows security alert still up despite AV update; CPU usage @

10 more replies
Relevance 72.57%

please help! ive tried a few "fixes" ive found online but have had no luck - im still getting the annoying phishing scam "windows security" bubbles on reboot, and im being told by mcafee that windows\system32\spoolvs.exe is infected by the "new malware.j" trojan and cannot be cleansed.

Can anyone help?

I've posted my hijackthis log in this thread, i really dont know much about that but im gathering that thats a good spot to start getting help smile.gif Ive also downloaded smitfraudfix (which was something i noticed in another thread) and have a log from that i can post as well. i was hesitant to use the fix mode on it until getting advice from those who may no more than me on this topic - rsvp and thanks much!

____________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:01 PM, on 4/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\All Users\Application Data\zudchujm\bmpevyfq.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShi... Read more

Answer:trojan that fakes windows security messages. malware / "windows antivirus"

Hi, Welcome to TSG!!
Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of SDFix and make sure you are disconnected from the Internet after downloading the program but before extracting the files.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
Instead of Windows loading as normal, the Advanced Options Menu should appear
Select the first option, to run Windows in Safe Mode, then press Enter
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Serv... Read more

1 more replies
Relevance 72.16%

Fake Alert, Ultimate windows security alert malware just to name a few of the names of the pop up windows i saw. I am using XP SP3 and have successfully used Combofix on another machine at the advise of a network admin friend. This time however i wanted to have this log reviewed by the pros on here because the malware on this machine was formidable! The windows security alert popped up and my spouse unknowingly clicked yes on it. Things just went down hill from there. We disconnected the internet cable and started the process.

As i mentioned before I have used combofix however this time every time i tried to click it the malware would pop up and say this "combofix" file is infected would you like to start the antivirus download? So i couldn't get it to start. I downloaded combofix w/ different machine and changed the name to combo-fix during the download, then used jump drive to put it on the infected machine. Since either combofix nor malwarbytes anti-malware would execute when clicked due to pop ups i restarted the system in SAFE MODE. The microsoft recovery console is already installed on this system. Once in safe mode i clicked on the renamed combo-fix file and it then started, during the start up it stated there are "CD emulators" running on this system and comobfix must disable them before continuing which casued it to re-start the computer and then it completed it's scan. So i have a log to post if you would allow me. Also, af... Read more

Answer:Fake Alert, Ultimate windows security alert malware Help needed

"Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored."So are you saying there is no one here willing to help me?

4 more replies
Relevance 72.16%

Hello!

I have Windows XP and I've recently been having a couple problems with my internet, which I will list below.

Problems:
-Window pops up saying "Your system is probably infected with the latest verion of Spyware.CyberLog-X.
-System alert popups from my desktop, including ones for Trojan-Spy.win32, Malware threats, [email protected], coming from an icon which is a yellow triangle with an exclamation point in it
-Shortcuts for Live Safety Center and Online Security Guide show up on my desktop even after deletion
-Data Execution Prevention window pops up, closing explorer on me
-Sygate keeps alerting me to new .dll files that Internet Explorer is trying to open, even though I only use Firefox
-These usually are eight letters long, followed by .dll
-I have at least once seen something referring to Dr Watson Postmortem Debugger
-I recently got rid of (I think) a virus that caused internet explorer pages for, ie, "Perfect Love Match" to pop up- I haven't seen it for a while, so I may have gotten rid of it, but I don't know if that has anything to do with these.
-The computer tends to run pretty slow, with CPU usage sometimes hitting 100%

I have done the following, which have not worked:

-Installed Sygate personal firewall and had it alert me to new .dll files.
-Ran Spybot SD, Ad Aware SE, VundoFix, SuperAntiSpyware, Stinger, Security Task Tanager, and Symantec Antivirus

Notes:
Computer *seems* to run OK if I disconnect the ethernet cable... Read more

Answer:Solved: Security Alert Trojan/Data Execution Prevention/Possibly Others

10 more replies
Relevance 70.93%

I downloaded a crack for Rollercoaster Tycoon 3 and scanned it for viruses and didn't find any. the program ran fine for a day. Today it will not work. I scanned my computer with AVG 7.1 and it found a trojan. Please help me remove it.

Here is a hijackthis log of my computer,

Logfile of HijackThis v1.99.1
Scan saved at 7:44:58 PM, on 31/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Daemon\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft... Read more

Answer:Solved: antivirus found a trojan. please help remove. hijackthis log included.

11 more replies
Relevance 70.52%

My sister has suddenly gotten the dreaded red shield indicating a security issue on her Win XP Home system. I believe she's up to SP3. She's using CA anti-virus (I can find out the exact flavor if need be).

It started this morning. She emailed me telling me she's got the Antivirus 2009 malware. I instructed her to get MalwareBytes' mbam. She ran it and said it didn't find it. She said there was the red circle with the white x on it.

Well, after going around and around all day (while I'm at work!), I think what's really going on is that that is really a Windows red shield, not a circle. In the Security Center it's telling her that her AV is out of date. She insists it is not. She's manually run the update and CA reports being up to date.

It dawned on me that today is the 2nd Tuesday. Maybe Microsoft has released some update that conflicts with CA? Anybody else having any issues like this? Any other thoughts?
 

Answer:Solved: Windows Security Center - CA Antivirus

12 more replies
Relevance 70.52%

Hello all,
Kinda newbie here. I have a new HP Pavilion dv5 Notebook 32 bit OS Windows Home Premium Vista. The Norton Antivirus that came with the laptop has just expired. I checked the Windows Security Center and turned on the Firewall and windows Defender but obviously I don't have antivirus on. a) How good is windows Security firewall and defender? and b) as far as Antivirus goes, I checked out some reviews, user comments and also read some antivirus software forums. I was concerned that it seemed a lot of people were having issues with Vista and latest versions of antivirus specifically Zone Alarm and Bit Defender, where they had to download older versions of the antivirus until resolution is in place for the issues. For those on this forum that have Vista can you tell me which antivirus software you seem to be happy with and have had limited issues. We use this notebook for a small start-up businss and personal. I sure would appreciate your input. I'm almost thinking I'll just buy the Norton since it seemed to work pretty good on this notebook (although I've already removed it with the removal tool).
Thanks in advance for suggestions and your opinions.
P
 

Answer:Solved: Vista add on antivirus to Windows Security

11 more replies
Relevance 69.7%

I did a spybot search and this was the only 'problem' it found, I was just curious because I just did a clean install of XP and all of the recommended updates. Is this a problem and if not will it conflict with any antivirus installed on the system??
 

Answer:Solved: Windows Security Center. Antivirus Override

I almost forgot it is located in the registry
 

2 more replies
Relevance 69.29%

Hi i do not know where to put this but i have went to a site to download a halo 2 map editor to see what it was and it turned out it was just a trojan

i have no virus protection at all so that might be why i got this but it is located in c:/windows/services.exe and microsoft antispyware said it is a windows directory trojan and everytime i click remove it comes back and i keep trying and it comes back (i am gonna keep this warning up ) so i do not know what to do i have left my computer on the whole time and never turned it off in case it might not turn on again i want to know how to remove it and what else needs to go from my computer so here is a new hjt log file i wanna remove as much space as possible i use road runner as my isp

Logfile of HijackThis v1.99.0
Scan saved at 8:36:32 PM, on 1/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\W... Read more

Answer:Solved: c:/windows/services.exe trojan found

16 more replies
Relevance 67.65%

Hi, My system is affected by trojan vundo h and trojan fake alert, I formatted my system twice but virus seems to reappearing, i installed almost half a dozen anti viruses and malware removers without any help, Also a website called "http://www.meetlocalpeople.org/" automatically opens every time i reboot my machine or every time i reconnect to internet. Malware Bytes also detects Vundo H in my ecternal HDD's system volume information, Please help me remove this virus...Thanks!!

My PC runs on Windows XP SP3
Browser - Mozilla firefox 3.5.2
Antivirus - currently Quick heal and Malware bytes

Malware Bytes log:

Malwarebytes' Anti-Malware 1.41
Database version: 2922
Windows 5.1.2600 Service Pack 3

10/9/2009 1:20:19 PM
mbam-log-2009-10-09 (13-20-12).txt

Scan type: Full Scan (C:\|D:\|E:\|G:\|)
Objects scanned: 126867
Time elapsed: 17 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\qsivhrgr.dll (Trojan.Vundo.H) -> No action taken.
\\?\globalroot\systemroot\system32\gasfkykwxxpixn.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\hvwkbsb.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Hel... Read more

Answer:Need help!! found trojan vundo h & trojan fake alert

10 more replies
Relevance 67.65%

I have a windows 7 toshiba satellite notebook and it has been infected with that dreaded Antivirus security Alert trojan. In the past when i got it i was able to use malware bytes to get ride of it but this time it has halted anything i can do on my computer. I started it in safemode and ran malware bytes and Super antispyware free edition. It found a few adware and removed it but when i restarted the compuer the antivirus sotware alerts started popping up again. I can't click on any program or files because it says everything is infected. This is the 2nd time i've gotten this virus and I don't understand how I keep getting it. I watch no movies and I download no music. I only use it for typing papers for college and facebook and I open no apps from facebook. Please tell me what do i need to do first.

Answer:Antivirus Security Alert Help Please!!!

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean!
Please do not run any scans or install/uninstall any applications without being directed to do so.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

http://download.bleepingcomputer.com/grinler/rkill.exe
http://download.bleepingcomputer.com/grinler/rkill.com
http://download.bleepingcomputer.com/grinler/rkill.scr

Note:

You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message. Run rkill repeatedly until it's able to do it's job. This may take a few tries. You'll be able to tell rkill h... Read more

19 more replies
Relevance 67.65%

Hi, I'm having a problem with pesky malware of some kind. It started with bogus "Windows Security Alert" messages, "Antivirus Software Alert" and "Infiltration Alerts", and "Security Warning / Application cannot be executed. The file xxxx.xxx is infected. Do you want to activate your antivirus software now?". It would also redirect me to different websites in IE8.Based on that info, I found the sticky forum on here that deals with that virus, and I ran RSKill, MalwareBytes, and also Spybot, etc. but the problems come back after the next reboot. I ran through the removal routine several times, but it keeps coming back.At the present time, the computer takes a very long time loading upon reboot, and IE8 blanks out whatever site address I type in -- it replaces the address with "http:///" and returns with a "the address is not valid" page. At the moment, the "Infiltration Alerts" are not happening, so I don't know if that first virus is gone, but it let another one in the door in the meantime, or if this is just a different manifestation of the original virus?I tried running DDS.SCR program as asked in the Preparation Guide. But it just flashed me the little black window with the DDS introduction for a few seconds, but never gave me the DDS.txt or Attach.txt results. I tried several times, without success.I was able to run the Gmer program on the second attempt. The first attempt ended after a... Read more

Answer:bogus Windows Security Alert messages, Infiltration Alerts, Security Warnings

Hello johntee, Welcome to Bleeping Computer. My name is fireman4it and I will be helping you with your Malware problem.Please take note of some guidelines for this fix: Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post. I will be analyzing your log. I will get back to you with instructions.

39 more replies
Relevance 67.24%

Thanks in advance for any and all help. :)

This one got me by surprise.
Either somethg snuck past Kaspersky, or I clicked on something other than Deny by mistake when a Trojan warning popped up (which was probably the case).

When booting up my computer,
I was greeted by a Windows - No Disk - exception processing message.
If I clicked on Cancel, it would continue to pop up periodically.

Also, the Windows Security Alert box keeps telling me Windows Updates are disabled, and that I have no Virus protection,
even though I am running a continually updated Kaspersky Anti-Virus 7,
and the Windows Update menu in the Control Panel says Updates are enabled.

After running through all the steps you have laid out,
the pop-ups seem to be at bay, and the Windows - No Disk error hasn't popped back up yet

But the machine is sluggish, the Windows Security Alert problem still persists, and my browser continually refreshes as though it is trying to load something.

Below is the HiJackThis log,
as well as the attached Panda scan log.

Thanks so much for all your help!

-------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:31 AM, on 10/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\... Read more

Answer:Infected machine? - pop-ups / Windows Security Alert problem / Windows no disk error

BUMP, please

------
Also, an update since I originally posted this.

I already had Spybot installed prior to the problem, so I loaded Spybot Tea Timer to give me some sort of added protection while waiting.
It nuked numerous attempts by Run32dll.exe to access various dll files in the System32 directory, as well as adding various strings to the Registry.

During this time, the machine was extremely sluggish, but I could still use it to some degree.

But something happened yesterday, and now my machine won't even boot up. :(
I can't boot up in regular mode or in Safe mode.
All I get is the dreaded blue screen with a C000021A error. :(

I'm fortunate enough to have a backup drive that had all my working files, so I could continue my work on another machine.
But I stopped the backup when the problem popped up to avoid infecting any of the files on my backup drive.
So all of the data from the 3 days the virus problem started up is lost to me at the moment.

Please advise.
Thanks in advance for all your help.
If we clean this up like you did when helping me a year ago on another machine,
I'll be sure to donate again, like last time! :)
Thanks!

9 more replies
Relevance 67.24%

Hi,

Symptoms:
"Windows has detected an Internet attack attempt...Protect your PC from Internet attacks, click here to download spyware remover ...

Symptoms:

1)Virus pop-up alerts. Says it?s a ?Windows Security Alert? warning:
windows has detected an internet attack attempt... somebody's trying to infect your pc with spyware or harmful viruses. run full system scan now to protect your pc from internet attacks, hijacking attempts and spyware! click here to download spyware remover for total protection
This happens very often.

2) Icons for ?Error Cleaner? ?Privacy Protector? and ?Spyware & Malware protection? all of which link to addresses starting ?viruswebprotect.com.?

3) Another pop-up, Spyware Alert ?Security Warning!? it reads:
security warning! worm.win32.netsky detected on your machine. this virus is distributed via the internet through e-mail and active-x objects. the worm has its own smtp engine wich means it gathers e-mails from your local computerand re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data. This process should be removed from your system.


Hijakthis log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:39:12, on 17.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOW... Read more

Answer:windows security alert "Windows has detected an Internet attack attempt

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

You can read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

--------------------------------------------------------... Read more

19 more replies
Relevance 67.24%

Hello, 
 
Everytime I boot up my computer, my desktop (and icons) go away and I start to receive pop ups from a fake McAfee Security Alert and sometimes Windows Security. I have ran RKill, Malwarebytes, ADWCleaner, Junkware Removal Tool, as well as Hitman Pro and none of them found anything. I have also reset all my browsers and looked for any unusual programs/processes (which I found none).
 
Not quite sure where to go from here, any help would be appreciated. 
 
Attached is my Hijackthis log.
 
Thank you!
 
 

Answer:Fake McAfee Security Alert and Windows Security popups

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.How to attach a file to your reply:In the Reply section in the bottom of the topic Click the "more reply Options" button.Attach the file.Select the "Choose a File" navigate to the location of the File.Click the file you wish to Attach.Click the Add reply button.===Please post the logs.p.s.HijackThis is no longer supported and not ready for your operating system.I suggest your remove via the Control panel > Programs > Programs and Features Applet.Use the Farbar tool from now on to report problems.<<<>>>

6 more replies
Relevance 67.24%

Hey Everyone,I dont know what else to say but I need some help. I recently had a popup show that stated I had viruses and that I needed to install Personal Security tools to remedy the situation. I closed it out and my browser opened with a fake windows security alert which showed that I had all these trojans, malware etc... I have researched this for two days now and it seems to be common. Many people are experiencing major issues as the result of this, but that is what I do not get. I have no issues except for the popup showing twice in the last few days, but I do not want it to get to that point. Everyone has processes related to personal security, bogus files and registry entries. I have none, that I know of. I searched for all the known definitons I could find, with no luck. I know a little bit about computers and have always remedied the situation, but I just dont know about this.I have a dell laptop running Vista and nortons antivirus. I downloaded hijackthis and the log is below. Any help would be appreciated. ThxLogfile of Trend Micro HijackThis v2.0.2Scan saved at 2:42:52 AM, on 1/8/2010Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v8.00 (8.00.6001.18865)Boot mode: NormalRunning processes:C:\Program Files (x86)\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exeC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files (x86)\Google\GoogleToolbarNotif... Read more

Answer:Fake windows security alert and popup - Personal Security

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions... Read more

2 more replies
Relevance 67.24%

"Windows has detected an Internet attack attempt...Protect your PC from Internet attacks, click here to download spyware remover ...

Symptoms:

1)Virus pop-up alerts. Says it?s a ?Windows Security Alert? warning:
windows has detected an internet attack attempt... somebody's trying to infect your pc with spyware or harmful viruses. run full system scan now to protect your pc from internet attacks, hijacking attempts and spyware! click here to download spyware remover for total protection
This happens very often.

2) Icons for ?Error Cleaner? ?Privacy Protector? and ?Spyware & Malware protection? all of which link to addresses starting ?viruswebprotect.com.?

3) Another pop-up, Spyware Alert ?Security Warning!? it reads:
security warning! worm.win32.netsky detected on your machine. this virus is distributed via the internet through e-mail and active-x objects. the worm has its own smtp engine wich means it gathers e-mails from your local computerand re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data. This process should be removed from your system.

[U]HIJACK THIS LOGFILE

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:08:06 PM, on 1/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\servi... Read more

Answer:windows security alert "Windows has detected an Internet attack attempt.repl me soon

Hello and welcome to TSF


Apologises for the delay getting to your log. The helpers here are all volunteers and we have been very busy lately. If you are still having malware problems,follow instructions below.

============

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.
What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

======... Read more

1 more replies
Relevance 67.24%

I'm pretty sure I clicked a fake mega upload download page. All the sudden all types of fake spyware diagnostics start running. I'm also pretty sure the problem has made changes to my computer as well. I say this because on start up or shut down I get all sorts of " xxxx cannot close due to runtime error" or " xxx must close would you like to send an email to microsoft". Up to this point I have ran Rkill, Spybot, MBam and VGA. All will run without being terminated by the virus and all find and will remove several trojans and etc. However the browser is still hijacked and every once in a while I get a Microsoft Development Enviroment Run pop up but it stops and shows another error box saying " an exception of type Microsoft JScrip runtime error object was not handled.============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\Syste... Read more

Answer:Windows Security Shield Alert, windows running half speed and browser hijacked

I forgot to add there is a fake "windows security alerts" icon on my bottom right portion of my tool bar. I haven't touched it but I can tell by looking its a fake.

4 more replies
Relevance 66.83%

Hi,I am new to this forum, I hope someone can help me asap.I was browsing the web and suddenly the computer froze up. After restarting the PC I now keep getting popups telling me my computer is infected, telling me to cluck on an option to 'block the attack'. I have been clicking 'no' everytime, while running a Norton 360 scan but it doesn't pick up anything. Also it doesn't let me open IE, so I am posting this from my iPhone at the moment. Please can somebody assist me to get rid of this virus?I look forward to the response.

Answer:Windows Security Alert: Windows detects that your computer is infected...? HELP

I have searched a little on the internet and it seems the computer is infected with the 'Security Suite' virus. I hope this helps.

5 more replies
Relevance 66.83%

my mothers computer has the following message in the lower right hand corner (as well as a yellow triangle).

Your computer is infected with the last version of PSW.x-Vir trojan. PSW trojans steal your private information such as : passwords,ip-address,credit card information,registration details,documents,etc.

lord knows what other crap this trojan has installed on her pc (hjt log below), or how it got there.

i have run trendmicro scan online, it deleted some spyware, but not this. spybot didnt find it or delete it. lavasoft came up with bupkis. nortons nodda.

short of nuking the hard drive and re-installing the os, i do not know how to get rid of it, so any help is greatly appreciated.

Windows Xp is her OS.

------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:03 PM, on 2/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Sh... Read more

Answer:Security Alert : Spyware found

just a little bump to the top before bed

i do hope this is something that can be fixed, appreciate any help that can be given
 

3 more replies
Relevance 66.83%

I have been trying to rid my home computer of these virus/trojans : Cyberlog-X, [email protected], [email protected],browser advertisements,... I have run the following scans (virus, antispyware) in both normal and safe mode. I have turned System restore off.
But still I receive these messages. So I'm looking out for some "real" help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:40:43, on 10/11/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\OfficeScan NT\ntrtscan.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OfficeScan NT\tmlisten.exe
C:\Program Files\OfficeScan NT\OfcPfwSvc.exe
C:\WINDOWS\TEMP\RR197A.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.e... Read more

Answer:Security alert : spyware found

Using the combination HijackThis and AVG Spyware I succeed in removing regscan.exe, Trojan.Zlob and Internet Explorer toolbars (BHO) definitly. The messages and yellow triangles are disappeared. But you never are sure if the PC is "really" clean.
I have included the HijackThis log. Can somebody can take a look at it ?
 

1 more replies
Relevance 66.83%

Hey there,

I posted about this in a reply to someone else's similar problem. I'm not sure if I need to start a separate thread, but anyway, I have that same bubble that says:

Security Alert: Spyware found
Your computer is infected with the last version of PSW.x-Vir trojan.
PSW trojans steal your private information such as: passwords, IP-address, credit card
information, registration details, etc.
Click this balloon to remove PSW.x-Vir spyware.
This is my log file from HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 11:34:26 PM, on 9/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\WinMediaCodec\pmsngr.exe
C:\Program Files\WinMediaCodec\pmmon.exe
C:\Program Files\WinMediaCodec\isamonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\SOUNDMAN.EXE
C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
... Read more

Answer:Security Alert: Spyware found

7 more replies
Relevance 66.83%

i have this security alert on my computer. it pops up from my task bar and says "your computer is infected with the last version of PSW.x-Vir trojan. PSW trojans steal your private information such as: passwords, IP-address, credit card information, registration details, documents etc. Click this baloon to remove PSW.x-Vir spyware.

when i click on the x to close the box another pop up appears stating similar. I have to flashing icons on my task bar. one is an ! displayed in a yellow triangle and the other one i a picture of a shield with a ? and x flashing in it.

my nortons tells me everytime when I connect that a trojan.zorb has been blocked. then i get lots of pop ups on my computer that state: Internet Explorer Alert. Your computer is infected with adware or spyware that displays advertisements while you browse the Internet. Would you like to download additional software to remove malware threats and protect your system.

I have no idea what to do. I run nortons and it comes up with nothing. i cant get rid of the security alerts and if i click on them they come up with web pages that are to download security and pay for them.

what on earth is going on. how do i fix this. thanks linda

i have been using other posts as a guide and saw that sometimes this is asked for.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:03:19 PM, on 16/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Ru... Read more

Answer:security alert: spyware found. pop up

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning pr... Read more

1 more replies
Relevance 66.83%

I am getting this Security Alter message saying that " Your computer is infected with last version of PSW.x-Vir trojan. I recently downloaded this program called Microsoft Windows Malicious Software Removal Tool. Hopefully this program will help me remove this trojan, but if anyone can let me know about what programs i could use to remove or if anyone could help me remove this trojan that would be greatful. Also i am getting this message on my toolbar with an x and a question mark on top of it saying that your system detected virus activities (Critical System Error) and when i click on it, it sends me to this weblink http://www.virusburst.com/?aff=321
. As you guys can see i really need some help, if anyone could help me out i'd appreciate it...

Thank You
 

Answer:Security Alert : Spyware Found

9 more replies
Relevance 66.83%

I recently began receiving this error message I says I am infected with the latest version of Trojan PSW.x-vir trojan I am running Win Vista Home
Please Help \
Here is my log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:02 AM, on 1/7/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\Program Files\Video Add-on\icmntr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\SCANJET\PrecisionScanPro\HPLamp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
C:\Program Files\Hewlett-P... Read more

Answer:Security Alert: Spyware found!

16 more replies
Relevance 66.83%

A warning sign is flashing in my toolbar, prompting me to download security software for "Psw.x-vir" amongst other things. My homepage in ie has also been changed to a system security care site.

I have used hijackthis to create a log and would much appreciate it if you could respond asap.

Thanks.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36:03, on 14/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\... Read more

More replies
Relevance 66.83%

Security Alert: Spyware found

Your computer is infected with last version of PSW.x-Vir trojan. PSW trojans steal your private information such as: password, IP-address, credit card information, registration details, documents, etc. Click this baloon to remove PSW.x-Vir spyware

This pop-up has appeared more then 3,000 times. When i click the baloon it takes me to a webpage were can buy a anty-spyware. I've read a lot of other forums, but none of them help me. Could someone in here help me with my problem? Please
 

More replies
Relevance 66.83%

I have the same issue as bunch of others - Yellow Traingle with exclamation mark in it, labeled Security Alert: Spyware found. Need help removing it.

Here is my log from Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:17:41, on 10/27/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Shiva\Shiva VPN Client\icsrv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Common Files\Symantec Sha... Read more

More replies
Relevance 66.83%

ok mabye someone can help me too...i think i have the same thing

so i followed the initial instructions and here:

Logfile of HijackThis v1.99.1
Scan saved at 6:19:54 PM, on 4/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Video ActiveX Object\pmsnrr.exe
C:\Program Files\Video ActiveX Object\isamntr.exe
C:\Program Files\Video ActiveX Object\pmmnt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Video ActiveX Object\isamini.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Google\... Read more

Answer:Security Alert: Spyware found

Hi, Welcome to TSG!!

Please download (save) SmitfraudFix (by S!Ri) to your desktop.
Extract the content (a folder named SmitfraudFix) to your Desktop. Select all of the contents and Extract them
to a new folder called SmitfraudFix.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
 

1 more replies
Relevance 66.83%

I keep getting a security alert which keeps popping up every 15 seconds which is effectively stopping me using the computor, telling me that my virus software needs updating .I know this, and cant stop it from coming up.is this a ploy of norton to force me to send them £28 to stop it from happening? please advise as to how i can stop it.

Answer:norton antivirus Security alert.

Download AVG click hereDisconnect from the internet.Uninstall Norton.Install AVG.

1 more replies
Relevance 66.83%

Background InformationA few days ago (08-18-08) I misclicked a link to a potential dangerous website. It turned out that my desktop screensaver and wallpaper had changed to a Fake Virus Infection Alert, and my computer could no longer function normally (constant crashes upon reboot). After attempting to run my computer in Safe Mode, the only accessible option on the F8 list was the "Device Controller". There, I ran a series of scans with Spybot S&D, MwbaM, Combofix and AVG. (Note: I did not run the scans simultaneously, but in a sequence beginning with Spybot). After the scans seemed to find numerous infected files, I was able to delete them and reboot normally. Now... I receive a Fake Windows Security Alert popup notfying me of a CRITICAL error dealing with keylogger.win32.aa and a few other infections that gives me the sole option of using Enable Protection. Repeated scans with the anti-virus and malware programs i've listed haven't purged the fake alert, and games such as Team Fortress 2 have just recently begun to crash on startup (which may or may not be linked to this issue).Please assist this troubled user, thank you ^^HJT Log (08-20-08)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:56:05 AM, on 8/20/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\syste... Read more

Answer:(antivirus Xp 2008 // Security Alert) Need Help !

I was browsing through other users' experiences with this same infection and followed some advice given to them. One of them being a SAFEBOOT_REPAIR which could possibly solve my issue of not being able to boot into the minimal SAFE MODE.SAFEBOOT_REPAIR LOGReg export of SafeBoot key after repair:========================Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]"AlternateShell"="cmd.exe"[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal][HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]@="Service"[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AVG Anti-Spyware Driver]@="Driver"[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AVG Anti-Spyware Guard]@="Service"[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]@="Driver Group"[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]@="Driver Group"[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]@="Driver Group"[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot�... Read more

8 more replies
Relevance 66.83%

Hey There This Just popped up on my computer while I was playing medieval 2. It started as as antivirus software alert and then also loaded up xp security center. Then I stepped away from the computer and came back to find internet explorer loaded up to some porn site. I just recently got my machine clean thanks to the help of MOLE but now it or something similar is back. . Sorry the typing is off but I have a large popup right in the middle of my screen. Any help would be greatly appreciated. Thanks.

Answer:Antivirus software alert and XP Security

I attempted to run dds but it looked like the virus I have prevented it from running. I also tried running antisuperspyware which Mole recommended for me but it hung up while reunning a scan and now will not start again. AVG, adaware, and ccleaner won't execute. Help! I saw that my post got moved because there is no log but I don't know how to get one if dds won't run. Any advice would be greatly appreciated. Thanks.

58 more replies
Relevance 66.83%

In task bar security alert is giving me a message that avg antiviurs is turned off
while I still see avg icon in taskbar (so it is running) and also when i double click on avg icon, avg window opens and there everything seems to be ok.

thanks for the help.

Answer:Security alert-Antivirus is turned off, although it is not

Why not give up the AVG and try MSE instead? It leaves a smaller footprint and runs silently in the background protecting your computer.

1 more replies
Relevance 66.42%

Need help removing the Security Warning / Windows Security Alert / Antivirus software alert.Made it to Step 7 (DDS.scr) downloaded dds.scr but when I start it the command window comes up briefly and then disappears.Trying to generate the DDS.txt and DDS.log but with no success.

Answer:Virus - Security Warning / Windows Security Alert

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

2 more replies
Relevance 66.01%

Hi All,

I have been getting frequent pop up warnings about a psw.x-Vir trojan from a flashing yellow triangle shaped icon with an exclamation point in my sys tray. It also will occasionally pull up a small Fatal Error window that reads Unhandled Exception: Invalid Operation asking me if I would like to download antivirus software. At other times an IE windows appear with what looks like windows security settings in them but they are clearly fake, sometimes they have a fake virus scan that comes back with false results all trying to get me to download antivirus software. I am running Symantec End Point Protection on the pc and have Spybot S&D installed but the scans do not seem to remove this annoying item. It all occurred after I was not paying attention on a web page and installed something called Zoomba I think- I uninstalled it via Programs from the Control Panel but of course this was left behind.

I had tried some of the suggestions in other threads on this site but the smithfraudfix seemed to have a problem running - I am guessing because this is a Vista machine.

It is Windows Vista Business no SP installed. I would just back up the data I need, blow it away and reinstall Vista but there are some programms installed that I know Ill never get again so I am trying to keep it if possible.

Here is my HJT log - any suggestions or help would be greatly appreciated.

Thanks-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:10, on 12/9/2008
Platform: Windo... Read more

Answer:Security Alert: Spyware Found on Vista

Bump thx
 

2 more replies
Relevance 66.01%

I've been getting the following balloon messages on my taskbar:

pic link 1

pic link 2

Along with these many balloon messages, I've been getting random pop-ups for spyware & virus programs, as well as the occasional other site. I ran Spybot, Spyware Terminator, Ad-Aware, and AVG Anti-Spyware 7.5.

After reading through the forums, I also ran them all in safe mode, and ran SDFix in safe mode as well.

I don't seem to be getting the pop-ups anymore, but the shield on my taskbar (in pic 1) is still there and the balloon message still comes up every few minutes.

This is my latest HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 4:43:19 PM, on 9/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsv... Read more

Answer:Solved: System Alert & Security Alert Spyware

9 more replies
Relevance 65.6%

while playing games on pogo after a while my game will freeze and I get a message saying Microsoft security essentials alert has found viruses and Trojans on my computer. I have not clicked on this yet but believe this to be malware. please help me get this off my computer

Answer:microsoft security essentials alert saying viruses found

Please download TDSSKiller exe version to your desktop. Double-click on TDSSKiller.exe to run the tool for known TDSS variants. Vista/Windows 7 users right-click and select Run As Administrator.    Click on Change Parameters and click Detect TDLFS File System.    Click the Start Scan button.    Do not use the computer during the scan    If the scan completes with nothing found, click Close to exit.    If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.    A TDSSKiller text file would be saved in Local Disk C.    Copy and paste the contents of that file in your next reply.ADW CleanerPlease download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Clean.Confirm each time with Ok.You will be prompted to restart your computer. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[S1].txt as well.Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential... Read more

2 more replies
Relevance 65.6%

I previously had a problem with constant pop ups about spyware and how to get rid of it by downloading software, and what not. I also had an issue with fake "security alerts" constantly poping up and causing more pop ups. (they only opened with windows internet explorer). I believe i ran the programs that i was instructed to on the main issue page... here is my HJT log :Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:13:44 AM, on 7/20/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\... Read more

Answer:Previously Had Fake "security Alert: Spyware Found"

* You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.* Download smitRem.exe and save the file to your desktop.Double click on the file to extract it to it's own folder on the desktop.* First download AVG Anti-Spyware 7.5 from HERE and save that file to your desktop.This is a 30 day trial of the programOnce you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.Once the setup is complete you will need run AVG Anti-Spyware 7.5 and update the definition files.Run AVG Anti-SpywareFrom the main AVG Anti-Spyware screen, click on Update, then click the Start update button.After the update finishes (the status bar at the bottom will display "Update successful")Once in the Settings screen click on "Recommended actions" and then select "Quarantine".Under "ReportsSelect "Automatically generate report after every scan"Un-Select "Only if threats were found"[/list]Close AVG Anti-Spyware 7.5, Do Not run a scan just yet, we will shortly.* If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:Ad-Aware SE SetupAgain, do NOT run a scan yet.* Next, please reboot your computer in Safe Mode by doing the following:Restart your computerAfter hearing your computer beep once during startup, but before the... Read more

10 more replies
Relevance 65.6%

Hi,
My Norton Antivirus Auto protect function refuses to enable + it gives me an E-mail scanning error. For now I don't see any other signs with the machine but I got a tip from your forum to scan online with Panda and I will post the results, as well as the results from HJT and Ewido with the hope that s.o. can help me with this. Here goes (Panda first):
Incident Status Location

Potentially unwanted tool:application/mywebsearch Not disinfected c:\windows\system32\f3PSSavr.scr
Potentially unwanted tool:application/funweb Not disinfected hkey_classes_root\clsid\{00A6FAF6-072E-44cf-8957-5838F569A31D}
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\3x1v8ioi.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\3x1v8ioi.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\3x1v8ioi.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\3x1v8ioi.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\3x1v8ioi.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents an... Read more

Answer:possible threat - Norton Antivirus + Win Security Alert affected

Hi, Welcome to TSG!!

Please post your hijackthis log.
 

1 more replies
Relevance 65.6%

Hello, I've recently been infected with "Antivirus software alert" and it's preventing me from opening any program and redirecting me from antivirus-related sites along with all the usual symptoms that occur from contracting a rogue security program. I'm having great difficulty with removing this type of malware, or even starting a removal process and will greatly appreciate any help with fixing my laptop. I'm running on Vista

Thanks!

More replies
Relevance 65.19%

I recently downloaded a movie from a non-trusted source and, voila, I now am the proud owner of the Security Suite! I am a lucky man. Anyway, I need to wipe this stuff off my laptop and haven't had any luck using the generic removal guide on this site. I use firefox and cannot access the internet (browser starts up but stalls and must be ctl-atl-delete shut down) so I'm posting from my clean desktop. I've used this fantastic site in the past and it was my first thought upon contracting this annoying bug. Any help would be greatly appreciated!

I'm getting multiple pop-up warnings on my desktop, including a "Security Warning" which states: Application cannot be executed. The file (this part can vary) rundll32.exe is infected. Do you want to activate your antivirus software now? Another pop-up is RUNDLL with a large red X on the left side. It says: Error loading cffqp.dll (this also changes depending on what I'm doing). The specified module could not be found. You can only click OK on this.

There's a pop-up on the lower right where the shield from the malware is on the taskbar. It states: Windown Security Alert with a red X to the left. Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now. (I'm not particularly impressed with their sentence structure)

It will... Read more

Answer:Windows Security Alert / Security Suite

I noticed Pandy edited this post and removed it from MR. I cannot run DDS to get a log! Read my post!

2 more replies
Relevance 64.78%

Hello and thanks in advance to all who help people like me who find this wonderful forum.A notebook (not this computer) here is infected with one or several viruses or malware - on reboot several windows pop up:- Resident Shield Alert C:\WINDOWS\SYSTEM32\IEHELPER.DLL Trojan horse BHO.JEW - Security Warning Application cannot be executed. The file avgcsrvx.exe is infected. Do you want to activate your antivirus software now?- Antivirus System Pro Alert- IE tries to go to porno.com and adult.com addresses I cannot access any place on the web (with that infected notebook) so I at least downloaded Hijackthis with this PC and burned the file to a cd and was able to install it in Safe Mode on the infected notebook so I do have a HiJackThis Log now.Please, What should I do now? This is the worst infection I have ever seen.Edit: I ran MalwareBytes plus AVG free (Only able to do this in safe mode) and still these infections remain.

Answer:Antivirus System Pro alert - Trojan Horse BHO.JEW

Topic reopened and HiJack This topic deleted. ~ OB

1 more replies