Computer Support Forum

Solved: Malware Security Toolbar 7.1 Removal

Question: Solved: Malware Security Toolbar 7.1 Removal

Hi,

Thanks in advance for any help. I will do my best to provide all the necessary info. Last week, I got the Outerinfo and Internet Speed Monitor infections. I used online tutorials to remove these items using ComboFix and AVG Anti-Spyware, etc. Yesterday I got Security Toolbar 7.1 infection that causes pop-ups (with the little yellow triangle) and slows the system down, and I cannot seem to remove it. I ran the ATF cleaner and created a system restore point. I ran an updated version of AVG Anti-Spyware (but I cannot find the log). I tried to run Super Anti-Spyware but got an install error. I ran Panda Active Scan. I have updated the security patch for XP. I still have this infection.

Here are the logs I can provide:

First is Panda scan log:'
Incident Status Location

Adware:adware/searchaid Not disinfected c:\windows\winshow.exe
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d37f2pwb.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d37f2pwb.default\cookies.txt[hc2.humanclick.com/hc/51325817]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\James\Cookies\[email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\James\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\James\Cookies\[email protected][1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Ji\Application Data\Mozilla\Firefox\Profiles\7mxar26h.default\cookies.txt[.go.com/]
Adware:Adware/TTC Not disinfected C:\qoobox\Quarantine\C\Program Files\NetMeeting\mevohuted4444.dll.vir
Adware:Adware/TTC Not disinfected C:\qoobox\Quarantine\C\Program Files\NetMeeting\mevohuted83122.dll.vir
Adware:Adware/TTC Not disinfected C:\qoobox\Quarantine\C\WINDOWS\TTC-4444.exe.vir
Virus:Generic Trojan Disinfected C:\qoobox\Quarantine\C\WINDOWS\WebAssist.dll.vir
Virus:Generic Trojan Disinfected C:\qoobox\Quarantine\C\WINDOWS\xhelper.dll.vir
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
Adware:Adware/Amera Not disinfected C:\WINDOWS\system32\bbc1\bsasven2.exe[ISMPack6.exe]
Adware:Adware/BaiduBar Not disinfected C:\WINDOWS\system32\iAYE0u7s.dll
Virus:Trj/BHO.O Disinfected C:\WINDOWS\system32\nxbcpTN4.dll
Adware:Adware/TTC Not disinfected C:\WINDOWS\system32\rv2\gcbb83122.exe
Virus:Generic Malware Disinfected C:\WINDOWS\system32\ss1\rw1002bc.exe
Virus:Trj/BHO.O Disinfected C:\WINDOWS\system32\Up12bFbQ.dll
Virus:Trj/Downloader.QNW Disinfected C:\WINDOWS\tsitra1000106.exe
Virus:Trj/Downloader.QNW Disinfected C:\WINDOWS\tsitra77.exe

Next is Hijack this Log:

Logfile of HijackThis v1.99.1
Scan saved at 2:25:06 PM, on 10/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\yacpower.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\system32\PRPCUI.exe
C:\WINDOWS\winshow.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\vlcitmfd.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [YAMAHA AC-XG Power Utility] yacpower.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ISMPack6] "C:\Program Files\ISM2\ISMPack6.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: c:\windows\system32\efcdedb.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\tpntiqhr.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

Again, thanks in advance for any help...I tried to do as much as I could on my own before asking for help.

Relevance 100%
Preferred Solution: Solved: Malware Security Toolbar 7.1 Removal

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Solved: Malware Security Toolbar 7.1 Removal

10 more replies
Relevance 69.29%

HI
could you please help me in solving my system problem.

when i start the computer it says the following message

The path'c:\WINDOWS\o4251227.exe' does not exist or is not a directory.

Windows cannot find "'C:\WINDOWS\o4251227.exe'".Make sure you typed the name correctly, and then try again. To search for a file, click the start button, and then click search

then when i click on the browsers it open very late.

Next is if i goto for google search and when i click the result it will open the websites like

'http://goldenmango.com/fine.cfm?pt=2&rpt=1&kt=1'
http://216.133.243.28/2.php?sid=677...LaW5nZG9tCUdC&objTimStr=0.22215900+1203094488
http://www.uncoverthenet.com/search/?q=fine'

unrelated links..

After going thru these website i have installed the Hijack This and the report is

Logfile of HijackThis v1.99.1
Scan saved at 10:08:41 PM, on 2/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\C... Read more

Answer:Solved: System is in a big trouble. security and malware removal

13 more replies
Relevance 66.83%

My PC has gained te dreaded Scurity Toolbar. Originally it was Security Toolbar 7.1 but now just states Security Toolbar. It redirects my browser to 'blank page' but I cannot access the internet. The page just hangs, and if I type a different address into the address bar, it just hangs. Because of this I am unable to download programs from this site to help clear the problem. I have attempted to access this site from my PSP using a neighbour's wireless connection, but for whatever reason I am unable to do so. I am thinking the best thing for me to do is to take my PC to someone else's house, and use their PC to download the tools and then transfer them to my PC using a memory device. The problems I foresee here are the extra time this would take (not really an issue as otherwise I have no internet access) and the possibility that I will infect my friend's PC in some way.

Is this a feasible solution to my situation?
 

Answer:Security Toolbar/Security Toolbar 7.1 removal

I can now access the site with my PSP so if there's anything worth doing from home please tell me
 

13 more replies
Relevance 66.42%

I recently got this real pain toolbar/virus on my system (Security Toolbar), I have read many "maybe" solutions accross the net. Most don't work, or you have to pay. Try this, it worked for me:

Go into windows/system32/

click on Date Modified (the Column descriptions at the top of the window)

A bunch of recently added Dll's or INI files will show up, basically since the toolbar popups started, look for any dll's that have vutu, vutuuv, etc. Enter these dll's in google to confirm they are not vital windows dll's. You won't be able to delete them, but write them all down.

These are the files I found and deleted in windows/system32 which stopped the Security Toolbar (However, they may vary and you won't be able to delete them, but write them all down.):

vtutu.dll
vbzip10.dll
wvuvuut.dll
oclqgxjc.dll
xdivnisv.dll
opnmlk.dll
lskcpxgo.dll
oqxpcksl.ini
xdivnisv.dllbox
ututv.bak1
ututv.bak2
ututv.ini

You will not be able to delete most of these as they are in use, boot from your WIN XP cd and then delete them. Insert your windows xp boot cd, re-boot the computer and boot from the XP cd, go into the repair using recovery console "R" in the selections, manually using dos, go into the c:/windows/system32 folder and delete the Dll's. Here is an example below:
cd windows "enter"
cd system32 "enter"
del "name of dll's" repeat this line until you have deleted all the dll's
exit
Reboot... Read more

More replies
Relevance 66.42%

Please help with removal of the Security Toolbar 7.1 malware!See hijackthis log below.Thanks!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:41:43 PM, on 10/22/2007Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINNT\system32\drivers\CDAC11BA.EXEC:\WINNT\System32\svchost.exeC:\WINNT\system32\hidserv.exeC:\WINNT\system32\cba\pds.exeC:\Program Files\LogMeIn\x86\RaMaint.exeC:\Program Files\LogMeIn\x86\LogMeIn.exeC:\Program Files\SSC\NSCTOP.EXEC:\WINNT\Explorer.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\system32\stisvc.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\system32\mspmspsv.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\ams_ii\hndlrs... Read more

Answer:Security Toolbar 7.1 Removal

Hi and welcome,I need to look at another log please.You got more troubles than "security toolbar" Download this tool to your desktop: http://www.uploads.ejvindh.net/rootchk.exe Run the program. After a short time a logfile will turn up. Copy the contents of the log into the thread.If your antivirus or firewall starts asking questions... let this app (and reg.exe) do what it wants. It is not malicious and changes are temporary.Thanks.One of the malwares present is a backdoor.This allows unauthorised access by others to your PC.http://www.sophos.com/virusinfo/analyses/w32rbotdpg.htmlNo doing any sensitive stuff like banking and such till cleaned up.Keep it offline as much as possible till cleaned up.

16 more replies
Relevance 66.42%

My friend has a laptop running Vista Home Premium and has somehow managed to get infected with the Security Toolbar 7.1 thing. Please could anyone recomment any good removal program to get rid. Also, would anyone recomment a good free antivirus for Vista as I use AVG and ZoneAlarm on my XP machine but don't know whether they are any good for Vista? Many thanks

Answer:Security Toolbar 7.1 Removal

Use this click heres.yahoo.com/question/index?qid=20070517161725AA8qnXM

6 more replies
Relevance 66.42%

Hi,

My computer has been infected with Security Toolbar 7.1 and I need urgent help to fix this. If I do system restore to before I was infected, will it fix it??
 

Answer:Security Toolbar 7.1 Removal Help

Hi, justin000.

Welcome to TSG.

Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

3 more replies
Relevance 66.42%

I have a bar called Security toolbar 7.1 on top of my internet explorer 7 window and it display adds for anti-spywares...how t remove it?
 

More replies
Relevance 66.42%

HI! I've been trying to reach out to a few people on here in regards to this virus that a lot of people on here seem to have also. But no one has responded back. After researching this whole forum, so far I have downloaded SUPERANTISPYWARE (cuz someone said Norton isn't good enough) and it has detected and removed a number of things. But I still have the Security Toolbar as a homepage and the warning still pops up along with it. Every time I run a SUPERANTISPYWARE scan it finds a few things each time, and I've scanned every single day now. SO PLEASE CAN ANYONE PLEASE READ MY LAST LOG AND TELL ME HOW TO PROCEED. PLEASE!!!!!!!!!!!!!!!!!!!!!!!!

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/16/2007 at 11:28 AM

Application Version : 3.9.1008

Core Rules Database Version : 3324
Trace Rules Database Version: 1325

Scan type : Complete Scan
Total Scan Time : 01:15:37

Memory items scanned : 525
Memory threats detected : 0
Registry items scanned : 6584
Registry threats detected : 6
File items scanned : 81676
File threats detected : 10

Trojan.Media-Codec/V4
HKLM\Software\Classes\CLSID\{CFE15135-C591-4000-A55E-A50E5F9F82BC}
HKCR\CLSID\{CFE15135-C591-4000-A55E-A50E5F9F82BC}
HKCR\CLSID\{CFE15135-C591-4000-A55E-A50E5F9F82BC}#xxx
HKCR\CLSID\{CFE15135-C591-4000-A55E-A50E5F9F82BC}\InprocServer32
HKCR\CLSID\{CFE15135-C591-4000-A55E-A50E5F9F82BC}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\VIDEO ADD-ON\ISFMDL.DLL
HKLM\Software\Microsoft\Windows\Cur... Read more

More replies
Relevance 66.42%

hi i recently added the security toolbar 7.1, not realising what it actually is now removing it has seems that i would require an IT qualiification can anyone help me in getting rid of this tool bar.
I have Nortons symantec and it stopped the messages just the homepage and the toolbar still exsist.
 

Answer:Security toolbar removal

Welcome to TSG

Please click Here to download HijackThis to your desktop.

Click the Download button. When the Trend Micro HJT install box appears, double click on the HJTInstall.exe. Click on Install.

It will be installed by default here: C:\Program Files\Trend Micro\HijackThis

A shortcut to the application will also be placed on your Desktop.

The program will open automatically after installation.

You can double-click the icon that was placed on the Desktop to run subsequent HijackThis scans or you can use the icon inside the folder. The folder HijackThis is where you will find the HJT logs that you save. When you use the application to remove anything, you will also find the backup copies made by HJT inside this folder.

Close all other windows except HijackThis.

Click on "Do a system scan and save logfile" When the log pops up in Notepad, copy and paste that file back here.

Do NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.
 

1 more replies
Relevance 66.42%

I've checked on google, i've downloaded 6-7 different free programs that all claim to do the job, but i still have this horribly nasty virus and cannot seem to get rid of it!!! Why???

What do i do? How can i get rid of it? I don't have money to buy any programs.. please help! This thing is really killing me and my patience!

Thanks!
 

Answer:Removal of Security Toolbar 7.1

Welcome to Majorgeeks!

Follow the below guide, the software listed are all free ( 1 or 2 maybe trials but you only need then for a short while ) then once finished the guide as stated, dont skip steps.. attach your logs and one of our malware experts will help you remove the malware on your PC.

Does your AntiVirus tell you th ename of this Nasty virus, if so what is it called?

Do you have other symptoms that you could tell us about, like random popups, re-directs in the browser, strange icons in your system tray, the more info you can give the better informed we are to assist you.

Why are they not being removed you ask, well these days malware is sneeky adn not only are you infected with 1 malware but multiples and some even tho they are said to be removed will re-sporn again as you may not have killed the main malware thats causing the problems.



Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you... Read more

1 more replies
Relevance 66.42%

Hello,

Can somebody please help me remove the Security Toolbar 7.1 on my Internet Explorer window? When I tried removing by right-clicking on the "Protection Bar", the checkmark is never unchecked. Please help! Below is my HijackThis log for your reference. I am currently running Windows XP.

Thank you!

Fuzzyforever

Logfile of HijackThis v1.99.1
Scan saved at 10:02:29 AM, on 7/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec\ClientVPN\vpnservices.exe
C:\Progra... Read more

Answer:Removal of Security Toolbar 7.1

Hi, Welcome to TSG!!

Please download (save) SmitfraudFix (by S!Ri) to your desktop.
Extract the content (a folder named SmitfraudFix) to your Desktop. Select all of the contents and Extract them
to a new folder called SmitfraudFix.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
 

1 more replies
Relevance 66.42%

how to i get rid/remove the security toolbar 7.1 on my pc, please help.
 

More replies
Relevance 66.42%

I have gone to Hijack this site and saved a log. I have attached same. Can you please guide me as to how to delete this pain.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:48:13 PM, on 08/07/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.castanet.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKLM\Software... Read more

More replies
Relevance 66.01%

I have windows xp, zone alarm firewallSpybot search and destroyAVGfree antivirusSpycatcherSpyblasterAVG Anti-spyware 7.5HijackthisRogueremoverand something called spynomoreI've ran everything and still I am getting pop ups like my computer is infected, please download these great programs.. I say no all the time but continue to get pop ups it has slowed my computer down tremendouslyHere is the Hijack fileLogfile of HijackThis v1.99.1Scan saved at 8:00:45 PM, on 11/6/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\... Read more

Answer:Security toolbar 7.0 pop up, malware pop ups and online security center

I'll take a look..

9 more replies
Relevance 64.37%

Security Toolbar 7.1 at the top of IE installed itself as well as System Warning Messages (yellow triangle) saying "System performance monitor:Warning" and continuous IE windows popping up advertising / warning about spyware as well as Internet Explorer Warnings with OK or Cancel options. Have tried multiple virus scanning software / spyware scanning software to no avail. Have also tried Smitfraudfix.exe to no avail. Also haven't identified any new programs in add/remove programs to remove.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:34 PM, on 28/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Prog... Read more

Answer:Security Toolbar 7.1 and Yellow Triangle Warning Removal

Not to worry.
Problem fixed with the help of miekiemoes from www.bleepingcomputer.com
 

1 more replies
Relevance 63.55%

I have Security toolbar 7.1 on my computer and cannot remove it. I have tried using AVG Anti-Spyware but it has not helped

I have ran a HJT scan but i dont know what to do now.....
 

Answer:Security Toolbar 7.1 and Malware

Please post hjack logs in quick reply - not attach
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file wi... Read more

1 more replies
Relevance 63.55%

it all started two days ago with a sudden addition of Security toolbar 7.1 and progressed to a virus alert from an unknown source and then windows opening to direct me to a site that will sell me a fix for it. I currently have 17 pages open from this in only 5 minutes. I hope you can help. I have used:AVG free;Spybot S&D;Ad-aware;Smitfraud fix;Vundo fix;SuperAntispyware;AVG antis-spyware;ccleaner;Stinger;and others,I haven't been able too stay online long enough to use Trends or Panda. I get about about 25 to 30 pop up windows in 15 minutes.Soon it causes my IE to crash. It is a malicious spyware that is popping warnings to me abouthaving critical problems and opens pages to a site that is supposed to sell me anti-spyware that will get rid of it.Here is my hijack this log and the logfile from Superantispyware. It has two parts because I ran it before I read your directions.Logfile of HijackThis v1.99.1Scan saved at 12:36:48 AM, on 7/5/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\a-squared Free\a2service.exeC:\Program Files�... Read more

Answer:Security Toolbar 7.1 And Other Malware

Welcome to the BleepingComputer HijackThis Logs and Analysis forum texasville My name is Richie and i'll be helping you to fix your problems.Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Also post a new Hijackthis log please.

5 more replies
Relevance 63.55%

Hi everyone, When I turned my computer on thismorning I discovered a problem. I have a new toolbar(security toolbar 7.1) that has hijacked my internet homepage and keeps posting fake security reports. I believe it to be smitfraud. My McAfee, Adaware, Webroot Spysweeper, and Spybot cannot get rid of it. Also spybot reports myway.mywebsearch, but cannot get rid of it. I am running Vista on an HP Media Center M800n. I have included my Hijack this report. If you have any ideas how to get rid of this please help me. I've tried everything I know to do and have had no luck. Thank you for any advice you may have.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:45 PM, on 10/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Video Add-on Setup\icthis.exe
C:\Program Files\Video Add-on Setup\isfmntr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Video Add-on Setup\icmntr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Video Add-on Setup\isfmm.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Progr... Read more

More replies
Relevance 63.55%

Hi folks.

I am stumped why i have security toolbar 7.1 & malware on my laptop. I am running windows XP home edition. I have never had this snag before. i take it that it is serious. Can anyone please give advice or no how to remove it. thanks
 

Answer:what is security toolbar 7.1 & malware

8 more replies
Relevance 63.55%

Hi,I have tried many ways to get rid of some Malware that has only recently infected my PV. I hope someone can help me as this is my work PC and I need to plug back into my office network in a few days, but think this would be a bad idea at the moment.The problem first showed itself by insisting I had many viruses etc, and I should install Internet Security 2010. I have installed Malware Bytes removal tool, and installed as instructed. It found the above, said it was removed, but still it appears to exist, although the name of the infection has changed a few times, and is currently redirecting my brower to a similar page to the above malware. A popup now shows that I should install Cyber Security to remove the infections. This is obviously another malicious antivirus/malware program.I have McAfee Enterprise installed (which I can't seem to disable)I have also run SuperAntiSpywarePlus, which did the trick removing a similar problem about a year ago on a different PC. However, although this program also finds problems, and supposedly removes t5hem, the problem is still there.Please help. I have shown Hijackthis log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:58:42 PM, on 29/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\... Read more

Answer:Cyber Security removal; Malware removal not working

Hi,I have tried everything I know of to remove this pesky piece of malware. It seems to keep changing names, starting out as Internet Security 2010, and redirecting me on a google search to a webpage trying to convince I was riddled with viruii and malware, and then trying to sell me thier software, which is really just a scam. I ended up here after a few days of tearing my hair out, almost beaten. I went through the tutorials, but unfortunately that was before I fired off a post in desperation. Please delete my previous post, as I have now followed the suggested path, and run the utilities to help diagnose my problems. The resulting files are attached.Please help. I hope the files uploaded can provide an insight into whats happening.Apologies for jumping right in and posting a Hijackthis log before I had read the tutorials.ntents belowDDS.txt contents pasted belowDDS (Ver_09-12-01.01) - NTFSx86 Run by Greg.Middleton at 15:30:23.26 on Tue 29/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.3063.2330 [GMT 9.5:30]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\windows\Syst... Read more

3 more replies
Relevance 62.73%

I have been attacked by this "Security Toolbar 7.1" which has hijacked everything from my homepage to my internet settings to uncontrollable pop-ups and beyond. I don't recall visiting any webpages outside of my usual activity, so I'm really unclear as to where I picked this virus up. I've run McAfee, Spybot S&D, Adaware, McAfee Stinger, Panda Anti-Virus, and Super Antispyware with no real results. Each program "cleaned up or removed" a few infected files, but nothing that has resolved the numerous problems I'm experiencing. I've also used CCleaner to clean up the registry as well as delete any temp files that it may be hiding in as well. I'm unable to find any other files in my computer that would point to where this virus is living. Any assistance in removing this nasty thing would be greatly appreciated. I'm attaching the "Hijack This" log that I ran last, so hopefully someone with knowledge beyond my scope can identify how to rid my computer of this. Thanks for your time.

Answer:Security Toolbar 7.1 Virus/Malware

Hello pwhitWelcome to BleepingComputer ========================Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

1 more replies
Relevance 62.73%

I am infected with this isfmdl.dll and "Security Toolbar 7.1" an Explorer Hijacker. I have tried Spyware Doctor and it removed some of the offending files but this hijacker still remains.
I read the search results and attempted to resolve by downloading the SmitFraudFix file and using it in Safe Mode but it will not open apparently because I am using Vista Premium on my Dell XPS M170 Laptop.

Is there another way to remove this awful bug if you have Vista???

Thanks,

BJL
 

Answer:isfmdl.dll and Security Toolbar Malware

13 more replies
Relevance 62.73%

i use vista operating software, i clicked on a "download active x player" i think was the icon and was infected with the security toolbar 7.1 malware...i downloaded AVG 7.5.1.43 and also spybot version 1.5.2 and have utilized both to try to remove the malware. My concern is that i might still have some of the software hidden in hard drive...was told by someone that i might have to clean and re-install everything...can u help me...i have run a dss report and will attach...please let me know if i need to include anymore info...thanks so muchDeckard's System Scanner v20071014.68Run by Don Moeser on 2008-04-13 14:32:27Computer is in Normal Mode.---------------------------------------------------------------------------------- Last 5 Restore Point(s) --13: 2008-04-13 05:44:04 UTC - RP99 - Windows Update12: 2008-04-13 01:34:51 UTC - RP98 - Windows Update11: 2008-04-13 01:22:09 UTC - RP97 - Windows Backup10: 2008-04-07 04:55:23 UTC - RP96 - Windows Update9: 2008-04-05 16:50:12 UTC - RP95 - Windows Update-- First Restore Point -- 1: 2008-03-23 20:45:36 UTC - RP86 - Windows BackupBacked up registry hives.Performed disk cleanup.Total Physical Memory: 1013 MiB (1024 MiB recommended).-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-04-13 14:34:51Platform: Windows Vista (6.00.6000)MSIE: Internet Explorer (7.00.6000.16386)Boot mode: NormalRunning processes:C:\Windows\Sy... Read more

Answer:Infected With Security Toolbar 7.1 Malware

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new HijackThis log, along with a description of any problems you are experiencing. If we do not hear back from you within a couple of days we will need to close your topic.When posting your logs please post them directly into the reply. Do not attach them.Thank you for your patience.

1 more replies
Relevance 61.91%

My wonderful husband clicked on something and for the past 3 days I have been trying to get rid of this thing. I deleted a hidden folder in windows\fonts that almost 23,000 zip files in it. Computer won't let me install House Call software. Thanks for the help!! Here's Hijack log. I will be up until about 1am eastern. I'll be home after 3pm Friday if I miss you tonight (Thursday).BeverlyLogfile of Trend Micro HijackThis v2.0.2Scan saved at 6:05:17 PM, on 11/15/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeC:\PROG... Read more

Answer:Security Toolbar 7.1 Virus/malware/trojan

Hi Beverly,Welcome to Bleeping Computer I'm a couple of hours behind you, so I have a while yet to be up if you want to have a go at this thing now. 1. Download this file - combofix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Thanks,tea

5 more replies
Relevance 61.91%

hi forum ,

hope u r doing good .

1.my system has been infected by security toolbar 7.1.it creates a tool bar just like yahoo or others and it sends unstoppable pop ups and false security messages like ur system is virus affected plz load this software or smth ...it gives many . i am fed up !
2.there is one more virus that types 5 always i mean it hacks ur keyboard u type any key "5" will be typed only .
My system config:
Xp,service pack 2 .

I have used various freeware software and ant spyware
like .... superantispyware,smithfixfraud,adware ,parentlogica,and few more but they are not able to remove this prob .
so ultimately i think i should take help .
it would be great from anyone who can help me !
Always welcome !
cherrs
Dk rajput

Answer:security toolbar malware!plzzzzzhelp!urgent

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, you shall have a proper set of logs. Please post them.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

2 more replies
Relevance 61.91%

I am recieving popups at the bottom of my screen with a little yellow triangle stating that i have been infected with numerous viruses and malware. there are intenet popups all over the place also and a new security toolbar in my browser. I have run ad-aware and spy-bot and virus detector but none have worked. I need my computer for office work and am really screwed at this point. Any help would be sooo appreciated. attached is my hijack and combofix logs. thank you.HIJACK-Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:08:29 PM, on 11/12/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\PROGRA~1\AT&TGL~1\NetCfgSv.EXEC:\Program Files\Sprint\Pantech\Sprint PCS Connection Manager\PWIUtilityService.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exeC:\Program Files\CheckPoint\SecuRemote\bin\SR_Watch... Read more

Answer:Unknown Virus And Malware W/ Security Toolbar

Hello matt2491 and welcome to BleepingComputer!My name is Johannes and I will be dealing with your log today.Please note that comments are made in green, links are in red and important things are outlined by using the blue color.Please also take note of the following:I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.The fixes are specific to your problem and should only be used for this issue on this machineThe process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.If you don't know, stop and ask! Don't keep going on.Please reply to this thread. Do not start a new topic.Please give me some time to look over your log and I will get back to you as soon as possible.Thanks,Johannes

2 more replies
Relevance 61.91%

Hi

Thanks for looking at this.

Security Toolbar 7.1 has appeared from somewhere.
I get pop ups telling me I have malware, trojans and various other problems and windows that look fake open up saying use this to fix your problem.

Norton picks up nothing on the scan.

My Hijack list is below/

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:46:41, on 26/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Applications\wcs.exe
C:\Program Files\Applications\iebtm.exe
C:\Program Files\Applications\wcm.exe
C:\Program Files\Applications\iebtmm.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Progra... Read more

Answer:Spybot mxt, Malware & Security toolbar 7.1 problems

14 more replies
Relevance 61.91%

security toolbar 7.1 and other malware -plz help soon
hi forum ,
i just joined today so "BIG HI" to all of u.
hope u r doing good .

1.my system has been infected by security toolbar 7.1.it creates a tool bar just like yahoo or others and it sends unstoppable pop ups and false security messages like ur system is virus affected plz load this software or smth ...it gives many . i am fed up !
2.there is one more virus that types 5 always i mean it hacks ur keyboard u type any key "5" will be typed only .
My system config:
Xp,service pack 2 .

I have used various freeware software and ant spyware
like .... superantispyware,smithfixfraud,adware ,parentlogica,and few more but they are not able to remove this prob .
so ultimately i think i should take help .
it would be great from anyone who can help me !
Always welcome !
cherrs
Dk rajput
 

Answer:security toolbar malware!plzzzzzhelp!urgent

HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:02:22 PM, on 12/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
--
End of file - 1077 bytes
 

3 more replies
Relevance 61.91%

I have had a serious virus and spyware infection, including VirtuMonde. I repeatedly ran my antivirus and anti-spyware package (F-secure), Windows Defender, Vundofix, Fixvundo, and Virtumundobegone and removed the infected files so detected. However, the file mljgd.dll remains and I am unable to delete it. I am still plagued with popups and attempts to install a Security Toolbar in Internet Explorer. F-secure and Windows Defender continually have to block dlls which try and insert BHOs into Internet Explorer. I can now no longer load Spybot S&D or a-squared and am unable to install Ad-Aware (invalid floating point error). Also, I can't boot into Safe Mode and just get a black screen. I am a total newcomer to help forums and any help directed at such a novice would be most gratefully appreciated.
 

Answer:Popups, Security Toolbar and assorted malware!

Hi uccaflp!
Welcome to Major Geeks! Please try running the following. If you can't do something, please continue with the instructions. Run what you can and post back to us. If nothing is possible, let us know that too.

Run this utility:



1. Download this file - Combo Fix
2. Double click combofix.exe & follow the prompts.
Note: Do not mouseclick combofix's window while it is running. That may cause it to stall.
3. When finished, it will produce a log for you. Attach this log to your next reply.Click to expand...

After you've run Combofix, please follow the instructions and links in the box below!



Welcome to Majorgeeks!​
Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.​
Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support​
Make sure you check version numbers and get all updates.​
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.​

If, after doing ALL of the above, you still have a problem, make sure you have booted to normal mode and run the steps in Downloading, Installing,... Read more

13 more replies
Relevance 60.27%

My dear stepson was playing games over the weekend on one of those children's websites and now we seem to have two new toolbars permanently stuck in Internet Explorer. I've run Adware, Spybot S&D, and the Microsoft Anti-Spy and got rid of a bunch of stuff, but these toolbars keep hanging around.

Could someone take a look at my HijackThis logfile and tell me what I need to do? Thank you so much!
ogfile of HijackThis v1.99.1
Scan saved at 10:19:00 PM, on 3/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Trend Micro\Internet Secu... Read more

Answer:Solved: Lop.com Toolbar Removal - Help Please!

11 more replies
Relevance 60.27%

Hi Guys I have a toolbar which installed itself. NCH software toolbar. Any ideas how to uninstall it and replace it with Firefox? I have tried to find it in add or remove programmes but cant find any sign of it in the list of installed programmes. And where can i find the Firefox toolbar?
 

Answer:Solved: Toolbar removal

10 more replies
Relevance 60.27%

hi angelfire,
let me refresh my ques once again :
hi forum ,
i just joined today so "BIG HI" to all of u.
hope u r doing good .

1.my system has been infected by security toolbar 7.1.it creates a tool bar just like yahoo or others and it sends unstoppable pop ups and false security messages like ur system is virus affected plz load this software or smth ...it gives many . i am fed up !
2.there is one more virus that types 5 always i mean it hacks ur keyboard u type any key "5" will be typed only .
My system config:
Xp,service pack 2 .

I have used various freeware software and ant spyware
like .... superantispyware,smithfixfraud,adware ,parentlogica,and few more but they are not able to remove this prob .
so ultimately i think i should take help .
it would be great from anyone who can help me !
Always welcome !
cherrs
logs as u asked :

dds.txt:

DDS (Version 1.0) - NTFSx86
Run by prabhakar at 12:54:12.00 on Fri 12/05/2008
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2030.1669 [GMT 5.5:30]

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
D:\Program Files\Internet Expl... Read more

Answer:security toolbar malware!plzzzzzhelp!urgent-----logs as angelfire777 asked

Hi,

Did you do any fixing on your own? (fixing hijackthis entries, etc?)

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Note: Please rename combofix.exe to cfix.exe

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

19 more replies
Relevance 59.45%

Hi - hoping for some expert help.... I have a serious combination of malware on my HP laptop running Windows XP professional... Sysmptons include:1. Yellow Triangle in bottom right taskbar with a black exclamation point... it cycles through several white balloon warnings.... "system performance monitor warning" and various other warnings listing names of viruses I have contracted "PSW-x-Vir trojan" "[email protected] others.... Also have a toolbar below internet address line in Explorer.... that says "Security Toolbar 7.1" and two ICONS on my desktop that keep coming back - one a blue shield and the other a green shield...Initially, my control panel was missing - but I ran Adaware SE, Superantispyware and Smitfraud... as well as changed the registry key for "no control panel" and was able to get my control panel back and renove a directory called "yazzle" - which at least has not come back....Getting a ton of popup... plus the white balloon windows about every 30 seconds.... Here is my HIJACKTHIS LOG:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:10:40 PM, on 12/3/2007Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.... Read more

Answer:Major Malware Security Toolbar 7.1, Control Panel Gone, And Yellow Triangle Flashing!

Hello jasonklein and welcome to BC My name is SNOWHITE and I will be helping you with your Malware problem.There is a backdoor trojan detected on your system Troj/VB-DXP. This gives hackers full access to everything stored on the computer! I recommend these actions:1) use a known secure computer to change all of your online passwords2) contact your bank and credit card company for possible unauthorized transactionsMore info can be found here:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?Should you have any questions, please feel free to ask.PLEASE READ THIS POST COMPLETELY, IT MAY MAKE IT EASIER FOR YOU IF YOU COPY AND PASTE THIS POST INTO A NEW TEXT DOCUMENT OR PRINT IT FOR REFERENCE LATERPlease follow the steps below exactly in the order they are written:Step #1Please download VundoFix.exe to your desktopDouble-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo butto... Read more

4 more replies
Relevance 59.45%

Our comuter has had these two toolbars for a long time and I cannot find out how to remove them:

http://win-the-lotto.com/ImagePage.php?u=/04/322/18/annoying.jpg

I clicked one of the buttons on each toolbar, and they both link to the same website: http://lop.com/search/search.cgi?s=host&src=toolbar3. Obviously it searches for something different when I click a different button. So I searched google for ways to remove 'search web now' toolbar (thats the name of the toolbar as it says on lop.com), and each one has a different way of removing it. I have Adaware and Spybot, and when I update them and run them they find nothing. We also have webroot spy sweeper, and it doesn't find anything either. I have run HijackThis and do not see anything of suspicion, but here is what it says when I run it:

Logfile of HijackThis v1.97.7
Scan saved at 4:04:16 PM, on 11/18/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\qttask.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sbc\Connection Manager\CManager.exe
C:\PROGRA~1... Read more

Answer:Solved: Seach web now toolbar removal

10 more replies
Relevance 59.45%

I just tried the "Zwinky" site and now I want out. I cancelled my account, but IE8 still has the "Zwinky" button on a toolbar . How can I permanently remove it?
 

Answer:Solved: IE8 toolbar button removal

6 more replies
Relevance 59.45%

Hi everyone.

I have acquired a toolbar called searchnow which I can't seem to get rid of. I've run Hijack This and deleted anything that said minisearch.startnow but after rebooting the toolbar is still there. I've also ran spybot which is not picking anything up at the moment. I really would appreciate help on this.
My HJT log is as follows:

Logfile of HijackThis v1.97.7
Scan saved at 14:56:31, on 20/05/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings... Read more

Answer:[SOLVED] Startnow toolbar - removal?

Welcome to TSG!!
First thing to do is make a folder on your hard drive, like My Documents\hjt.
Move hijackthis.exe into that folder. Don't run it from your Temporary Internet Files!
Run HJT again and check:

O2 - BHO: HyperBHO - {4B2F5308-2CB0-40E2-8030-59936ED5D22C} - C:\Program Files\Common Files\Hyperbar\Hyperbar.dll
O3 - Toolbar: Startnow - {1BC1FC4B-B0D2-4D8D-9307-2E40E2A8C257} - C:\Program Files\Common Files\Hyperbar\Hyperbar.dll
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/active...ntrol_v1-32.cab

Close all applications and browser windows before you click "fix checked".
 

3 more replies
Relevance 59.45%

Hi all
I just reinstalled my very old version of MS Office on my new computer and have the ugly and anoying toolbar on the side of my screen at all times. I got rid of that tool bar on my old computer but can't remember how I did it, I have dim memories of renaming the file that runs the toolbar with a .bak extention but don't know for sure now.
Anyway is there anyone who knows the answer and can help me out please.
Thanks in advance.

Mastic
 

Answer:Solved: MS Office Toolbar removal

15 more replies
Relevance 59.04%

When I try to run the Sysinfo, the message is MacFile opener can't be opened.
I have a Mac mini, late 2009, OSX El Capitan, version 10.11.6
I had MacKeeper security software for years.
2 weeks ago I allowed them to remotely reconnect the MacKeeper and run a cleanup to regain memory space.
They called the service MacKeeper Remote Assistance.
Now my computer password does not work, I can't access I cloud and I can't open system preferences.
I believe my computer has been compromised.
MacKeeper is owned by Kromtech.
I have no transportation to take my computer to be checked out.
Does anyone have an idea what I can do to get rid of this.
I would appreciate any suggestion
 

More replies
Relevance 59.04%

I have a custom built computer about 6 years old. I have Windows XP Home. I use AVG Anti-Virus free version 7.5 and SpyBot.

I am a personal property appraiser and after not having used my computer for about five months because of open heart surgery I am getting back to work. Recently started working on an appraisal that visited several foreign (Japan, China, Germany) sites.

During the past week I noticed that when searching on google and get zillions of hits on a subject I would click on the hit and at the connection find that it had nothing to do with what I was looking for...often a listing of services, clicking back sometimes took me to the desired site but often instead of being misdirected nothing happened until I got the message "not responding" and "ending now" took me out of Google and I'd have to start the search all over.
I finally noticed that the blue title bar at the top of the page said "jump...." and then would quickly flash off so I started searching google for "jump redirected internet searches and hence found your site.

I have read your instructions and have downloaded the program that scans my computer and prints out a log. I have saved it and will paste it below.

AVG has not detected this virus. Spy Bot (after loading updates that were neglected when I was sick) discovered a trojan...can't remember the name right now...and it was deleted. It wasn't the problem because I'm still having the same pro... Read more

More replies
Relevance 58.63%

hi all

some how i had a toolbar installed called mobilewitch *glares at family*

i uninstalled the tool bar without any problems but when i search using the address bar instead of using google it uses mobilewitch and i can not see any way to change this after 2 days of searching the internet i have finally admited defeat and really need a little help resolving this issue :(

Answer:[SOLVED] mobilewitch toolbar removal help needed

Mobilewitch, like many other browser toolbars, is designed to be difficult to remove using the standard methods, and can hijack your searches even after it appears to have been uninstalled.

If you'd like our security experts to take a look, please follow these instructions and start a new thread in the Virus/Trojan/Spyware forum with all the requested log files.


Update: Continued here - http://www.techsupportforum.com/foru...ms-683369.html

1 more replies
Relevance 58.63%

Anyone know where this may come from? It is back for the second time. Today it showed up with 137 new items in Adaware scan. Please see the hjt log below:
Logfile of HijackThis v1.98.2
Scan saved at 8:50:46 PM, on 05/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\DOCUME~1\Default\LOCALS~1\Temp\TEMP~1.FRD\TBPS.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Exif Launcher\QuickDCF.exe
C:\DOCUME~1\Default\LOCALS~1\Temp\TEMP~1.FRD\PIB.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Norton Utilities... Read more

Answer:Solved: Ibis toolbar removal / tbps

10 more replies
Relevance 58.22%

The computer is infected with Win 7 Security 2011. I ran House Call last night, it found ten objects but wouldn't remove them. It chose ignore, and wouldn't allow me to quarantine them. I ran a quick scan, and found nothing. The complete scan took 4+ hours, and came up with the ten objects.

MalwareBytes will not load up, and HJT will not create a log file. When I ran the suggested program..., it came up with a "sample hosts file", and there were no lines mentioning HJT. The output is below:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

I ran TFC, OTL, DDS, and TSG SysInfo.

SysInfo output:
Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows 7 Home Premium , 64 bit
Processor: AMD Athlon(tm) II P320 Dual-Core Processor, AMD64 ... Read more

Answer:Win 7 Security 2011 malware removal help please

7 more replies
Relevance 58.22%

I have noticed that I've been having popup ads lately, which is very strange since I've had popup blockers for a very long time. I keep my antivirus programs (mostly) up to date, and I rarely go on 'bad' sites. However, today when I restarted my computer, I had the "Security Tool" program pop up and give me a list of fake viruses that it wanted me to delete. I didn't delete them; instead, I opened my Killbox program and deleted two of the Security Tool files, but it would not let me delete the main folder for them. I opted to do the "delete on restart" method, which took out the main folder.

However, I've been trying to run the suggested "Malwarebytes Anti-Malware" scan to make sure the Security Tools is gone for good, but I absolutely cannot seem to run it. Every time I try to install/run the program, I get an error message or the program will start and stop itself. Eventually, it will be unable to find the mbam.exe file that is needed to run the program. I've tried to do all the suggested methods to make the program work that were listed on different forums from google.

I am still getting popup ads. I am unsure if this was the only problem my computer is having. To be safe, I have run a Hijack This, DDS, and RootRepeal scan on my computer. I do have Killbox, so I can manually delete anything that isn't safe (if it lets me delete it). Any help would be greatly appreciated!

If I read the "How To Post" thread correctly, I'll post... Read more

Answer:"Security Tool" Malware Removal

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

2 more replies
Relevance 58.22%

Malware has attacked my computer and gives that red shield in the bottom that says something like "You have a security alert!" and makes many pop ups and takes over internet. I deleted ~tmpa.exe and ~tmpd.exe. But it comes back when I reboot. Log below.You help is greatly appreciated. I am sure if I delete the correct things, I can lick this.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:25:06 PM, on 1/15/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\SYSTEM32\taskeng.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exeC:\Windows\system32\ctfmon.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exeC:\Program Files\Tr... Read more

Answer:Malware removal Help - Security alert!

Hi, allingtonj Welcome. Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**Please, never rename Combofix unless instructed.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.... Read more

2 more replies
Relevance 58.22%

My sypmtoms began as "AntiVirus Studio 2010" fake spyware removal software and "Security Shield"

I thought using Malwarebytes Anti-Malware I had removed the problem. Unfortunately, there have still been issues.

The current issues are intermittent.

Blue Screen (iastor.sys)
Pop-Ups for Viagra, Porn Removal, Free giftcards, etc. (I have not had a pop-up since trying to pay more attention)
Often very slow (sometimes just before blue screen)

GMER text is attached.

Please note that the DDS did not run.

?   ?? ? @ ? ? ? ?!?L?!This program cannot be run in DOS mode. (This is followed with pages of characters)

Please help me with this malware and instruct me how to properly run the DDS software.

OK, since I already attempted removal before finding this forum, here are copies of MalwareBytes Anti-Malware logs.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/22/2010 8:14:25 AM
mbam-log-2010-12-22 (08-14-25).txt

Scan type: Quick scan
Objects scanned: 159223
Time elapsed: 10 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys ... Read more

Answer:Malware Removal - Security Shield?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting... Read more

2 more replies
Relevance 58.22%

this seems to be just like AVP 2009 mess that I removed a while back (pop ups bogus warnings, etc) with the exception of this one actually hides the desktop icons also....

DDS LOG:
DDS (Ver_09-09-29.01) - NTFSx86
Run by Sharon my Love at 20:56:23.85 on Thu 10/01/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.358 [GMT -4:00]

AV: Verizon Internet Security Suite Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Verizon Internet Security Suite Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon\Verizon Internet Security Suite\rps.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsy... Read more

Answer:security tool malware removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

2 more replies
Relevance 58.22%

I read many of the other posts regarding how to remove the Security.Hijack malware. I ran Malwarebytes anti-malware and got 2 warnings about the Security.Hijack i asked Malwarebytes to remove them and i restarted the system but didnt actually remove anything so now i'm here asking for some help to how i can remove the 2 warnings in my system.

I followed another ''guide'' that was made within this forum but i kind off got lost in the rain
 

Answer:Removal of Security.Hijack Malware

It looks like you started to do the following, but didn't finish. So finish these instructions and attach the requested logs.

READ & RUN ME FIRST. Malware Removal Guide
 

3 more replies
Relevance 58.22%

I needed to amend the instructions written by Grinler for removing total security which is a virus/malware in order to get it to work. The link to the instructions: http://www.bleepingcomputer.com/virus-remo...-total-securityTotal Security has gotten smarter and now won't allow most processes or applications to run. Nothing I tried at first would allow me to end the Total Security process. Total Security shut down anything I tried to run... like hijackthis, malwarebytes, spybot, adware etc....I surmized, that total security will not allow you to run any exe programs other than a few it knows about.My solution was to rename the ProcessExplorer file..... Procexp.exe to iexplore.exe. (Download process explorer from Microsoft on a different computer if you have to.).... renaming to other file names like explorer.exe may work too.After doing that I was able to end the process and proceed with process.I think Grinler has edited his instructions so everything is good.Thanks to Grinler for posting the instructions. Good LuckHarold

More replies
Relevance 58.22%

Help! To remove AV Security Suite Malware. I tried booting in the Safe Mode and unchecking proxy server, then running rkill.com, and then running Malwarebytes to remove AV Security Suite Malware. All efforts have been unsuccessful.DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Robert DeAngelis at 10:01:57.89 on Fri 10/01/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.673 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exesvchost.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\explorer.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Robert DeAngelis\My Documents\Downloads\dds.scr============== Pseudo HJT Report ===============uLocal Page = \blank.htmuWindow Title = Windows Internet ExploreruDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8mSearch Bar = hxxp://www.wtywsdclgucnkkrhwzcxvhf.com/4tJGAN... Read more

Answer:AV Security Suite Malware Removal

Hello BobDeaWelcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it. When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================Please download Rootkit Unhooker and save it to your desktop.Double-click RKUnhookerLE.exe to run it.Click the Report tab, then click ScanCheck Drivers, Stealth Code, Files, and Code HooksUncheck the rest, then click OKWhen prompted to Select Disks for Scan, make sure C:\ is checked and click OKWait till the scanner has finished then go File > Save ReportSave the report somewhere you can find it, typically your desktop. Click ... Read more

1 more replies
Relevance 57.81%

Hello again Tech Guys,

I believe this site is the best thing available on the net. A donation is truely due & will be forthcoming.

But.... The other day my daughter go ahold of one of the computers on my network and next time I go to use it and I have; (Security Toolbar 7.1) with 2 green boxes trying to get me to DL Spyware & Adware programs on top; and a popup on the task bar trying to get me to DL the same adware & spyware!!

Well, anyway. Here is a HJT log. Let's see what you might find?

Thanks guys.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:46:08 PM, on 8/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Fi... Read more

Answer:Solved: Security Toolbar 7.1?

7 more replies
Relevance 57.81%

I am running Windows XP Home and have been infected for about 36 hours with "Security Toolbar 7.1" "savetheinformation.com" etc, pop ups in IE.

I have been trying EVERYTHING. Nothing cleans this out. I see several threads about this but none seem to give SPECIFIC answers on what to do when the standard "fixes" don't work.

Here's what I've done so far:

*Scanned and removed any infected files with CA's E-Z Virus Anti-Virus

*Downloaded AdAware 2007, scanned and cleaned everything it would do.

*Scanned and fixed all problems with Spybot S&D.

*Scanned and fixed what I could with McAffee's "Stinger"

*Downloaded SmitfraudFix, scanned and cleaned/"killed" everything it would do.

*Downloaded updates for HiJack This, scanned and fixed everything I knew was bad/unnecesarry.

*Completely uninstalled IE 7.0

*Used Registry Editor to manually remove some IE folders, etc.

I have done ALL of this and it is STILL there! Whenever I delete things that I KNOW are a problem using HiJack This (such as the O3 "Security Toolbar") they just reappear as soon as I run a new scan, whether I reboot the computer or not.

Below is my SmitfraudFix scan notes, followd by my HiJack This Log. I have REALLY tried hard....can anyone please help?

phil

*******************************
SmitFraudFix v2.240

Scan done at 12:11:22.15, Wed 10/24/2007
Run from C:\Documents and Settings\Lisa\Desktop\SmitfraudFix
OS: Micros... Read more

Answer:Solved: Security Toolbar 7.1, etc! HELP!!! (Please?)

9 more replies
Relevance 57.81%

Two days ago malware and anti-spyware arrived on my browser and it was always redirecting me away from my home page. Messages included: [email protected] and [email protected] After installing McAfee and running Smitfraud fix the trojan has been removed. However my browser still shows Security Toolbar 7.1 with two green block adware popups and remove spyware bars. If I run my computer in safe mode and run the internet browser it does not exist. However if I run my pc normally and open my browser the Security Toolbar 7.1 is still present.

Any ideas?
 

Answer:Solved: Security Toolbar 7.1

12 more replies
Relevance 57.81%

Well it seems that my computer has picked up Security Toolbar 7.1. I have managed to remove the toolbar itself, but my IE homepage is still being redirected to some anti-spyware homepage, and I have a flashing icon near my clock.

Here is my log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:35:42 AM, on 8/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\basfipm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Video ActiveX Access\imsmain.exe
C:\Program Files\Video ActiveX Access\iesmn.exe
C:\WINDOWS\Sys... Read more

Answer:Solved: Need help with Security Toolbar 7.1

16 more replies
Relevance 57.81%

Hi
I get regular popups from the system tray, PSW.x-vir Trojan, pointing to pages like "winspykiller.com". There is also a "Security toolbar 7.1 lodged in my IE, with start page changed to "puresafetyhere.com"
Thanks for your help!
Here is Hijack this log:
Deckard's System Scanner v20071014.68
Run by User on 2008-02-07 13:00:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
59: 2008-02-07 11:00:19 UTC - RP368 - Deckard's System Scanner Restore Point
58: 2008-02-06 09:46:34 UTC - RP367 - System Checkpoint
57: 2008-02-04 11:52:52 UTC - RP366 - System Checkpoint
56: 2008-01-31 13:09:09 UTC - RP365 - System Checkpoint
55: 2008-01-30 10:19:45 UTC - RP364 - System Checkpoint


-- First Restore Point --
1: 2007-11-09 09:49:35 UTC - RP310 - System Checkpoint


Performed disk cleanup.

Percentage of Memory in Use: 76% (more than 75%).
Total Physical Memory: 448 MiB (512 MiB recommended).


-- HijackThis (run as User.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:01:17 PM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOW... Read more

Answer:[SOLVED] Security toolbar 7.1, pop-ups PSW.x

Dear Tech person, I jumped the gun and ran combofix, and now the problem seems solved. Thanks

1 more replies
Relevance 57.81%

First time user, I am looking for help to eliminate the security toolbar 7.1 from my system.
It would appear to have been infected by this yesterday.
The tool bar shows up on my sons AOL browser, but the tool bar pop ups and home page over ride happens on all users . I use Internet Explorer 7.0.
 

Answer:Solved: Need help with Security toolbar 7.1

7 more replies
Relevance 57.4%

Hi,

My computer got infected with the koobface several weeks ago. I posted in the 'Am I infected? What do I do?' section and the Hijackthis logs section and we have used malwarebytes to remove the infected files, restored windows to the last known good configuration and used the XP system restore feature and updated security.

Unfortunately none of this has worked. After using the internet (through both IE and Firefox) for around 5 mins the window freezes so I have to close it down. My computer then blue screens and I receive the ***STOP: 0x0000000A message. After logging back on I receive the following message 'loading model error. load default model?'. If I log off before internet freezes I get this message 'the instruction at 0x000f2fc0 referenced memory at 0x000f2f0. The memory could not be written. Click ok to terminate the program. Click cancel to debug the program'.

The last time my computer blue screened I received an error report after logging back on. I thought the info could be of help. Please find all of the details below:

Error Report Contents
The following files will be included in the report
C:\DOCUME~1\JAIME-~1\LOCALS~1\Temp\WERc30b.dir00\Mini100409-01.dmp
C:\DOCUME~1\JAIME-~1\LOCALS~1\Temp\WERc30b.dir00\sysdata.xm

Error signature
BCCode : 1000000a BCP1 : 0000BA33 BCP2 : 00000002 BCP3 : 00000001
BCP4 : 806E4A8E OSVer : 5_1_2600 SP : 2_0 Product : 256_1 l

I've had the problem for a couple of months now and I'm keen to get it fixed asap. Pl... Read more

Answer:Still getting BSOD after malware removal [moved from security]

'C:\DOCUME~1\JAIME-~1\LOCALS~1\Temp\WERc30b.dir00\Mini100409-01.dmp'

It made a minidump, so look for them and zip up the latest 4 and attach them.

7 more replies
Relevance 57.4%

hello fellow tech heads

i've had a day from hell trying to remove the above trojan. none of the things found on the net worked for me like booting into safe mode as the virus was still active and stopping things. blocking task manager so i took things into my own hands and downloaded rkill which was the only thing that i could acctually load in safemode, killed it ran malwarebytes got rid of it well i taught i did but then when i booted into windows my programs are still missing from the start menu, malwarebytes i just installed was not there so reinstalled it and still was not lising in my programs

win update thinks its turned off when its on

accidentally turned hidden files on and found some of my movies and files which are marked as hidden OMG what the.........

so i can use my computer as per normal now and for internet i have to go through windows explorer but i am still infected and not sure how to fix it now as i cannot remove avg as its saying that its missing some reg file and therefore cannot run combofix

help pls :)

Answer:xp security 2011/ malware removal tool

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Who instructed you to run ComboFix?

As you should have read here in Step 2 of our NEW INSTRUCTIONS thread:

Why we don't ask you to run ComboFix from the onset

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

------------------------------------------------------

We first need to verify if there are any rootkits present and how they could affect our tools.

DDS & GMER are preliminary scans. We use their logs to map our strategy for attack.

With these logs we can determine the infections present and decide whether to deploy ComboFix.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. Please follow our pre-posting process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one ... Read more

19 more replies
Relevance 57.4%

Hello,I'm out of tricks to get rid of this nasty rookit infection I have. It started this past saturday 12/17 with the XP security 2012 malware. I followed instructions online and removed it (various reg edits and running MBAM etc). It had corrupted my rundll32.exe file, which I restored from my XP disk (you will see a reference to the "old" copy I made be overwriting in the DDS log). After that my applications all worked again and my computer seemed fully functional but then I realized the virus also has a rootkit attached to it that causes google redirects in Firefox. I ran TDSSkiller and it found something and cleaned it the first time. Since then it has re-surfaced many times. MBAM found something once or twice upon resurfacing, but hasn't found anything the past few scans. TDSSKiller doesn't find aynthing anymore. SuperAntiSpyware doesn't find anything. I decided to run Mcaffee anti virus, and it said it found 3 files with Downloader-BMN.gen.g(Trojan) .. This was exciting, I hoped that would be it. But alas firefox googles still redirect. I haven't done any more scans and thought its time to call in the pros. Also forgot to mention I've run defogger and disabled my CD emulators, and ran CC Cleaner multiple times and deleted all my history and temp files etc. I have NOT run comboFix yet .. Here is the DDS log:.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30Run by Bill at 21:11:18 on 2011-1... Read more

Answer:rookit won't go away after XP security 2012 malware removal

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

18 more replies
Relevance 57.4%

I have followed the suggested guide to removal the malware 'Security Tool' (Remove Security Tool and SecurityTool (Uninstall Guide)). However when I try to run the rkill file the virus shuts it down before it has a chance to act.I have tried not clicking on the pop up boxes however this does not work.I have been able to download the malwarebytes set-up however the malware is blocking me from running the program.Is there any other way I can either run the rkill program or allow the malwarebytes to open and install?(I am using a new samsung r519 laptop running windows 7. It is a week old so has no unusual software or hardware)Any help would be really appreciatedEdit: Moved topic from AntiVirus, Firewall and Privacy Products and Protection Methods to the more appropriate forum. ~ AnimalAllen

Answer:Failed Removal of 'Security Tool' Malware

Thanks Animal..Run FixExe.regFixExe.reg ....click Run when the box opensIf you get an alert that Rkill is "infected", ignore it. The alert is just a fake warning given by the rogue software which tries to terminate programs that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine. Or try running SAS first after Rkill.Download and scan with SUPERAntiSpyware Free for Home UsersDouble-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the Scanning Control tab.Under Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the... Read more

1 more replies
Relevance 57.4%

Hello,I'm Jon, and I have an infected PC, yadda yadda yadda. Please forgive me, but I am not as spyware savvy as many of you are, I'm sure. My computer just started getting a small white X in a circle in the tray, and a pop up window down there saying: Warning! Security Report. Your Computer is infected! It is recommended to start spyware cleaner tool. When I right click on it, it sends me to an antivirus page, and then does tab afetr tab of crap. I also am getting warnings on my normal browser pages as well, now. I am not clicking on any of them, of course, because it appears to be malware? I run a Windows XP OS. I am not sure if it is NT or not. I am in an office with six different computers on our network. It is wireless internet, with a server running cables to all of our computers. I use Internet Explorer, maybe version 7? I am not the most tech savvy out there, so forgive me if I am being too vague. I have Ad-Aware, Spy-Bot, and I believe we are running Symantec Antivirus, but I think I only have Endpoint protection. Perhaps it is installed on our server, then distributed in our small network? I also noticed that my task manager will not work, and my background photo has been disable on my desktop? Can anyone help me remove this nasty thing?Thanks for any help-Jon(Moderator edit and note: thread moved to more appropriate forum. jgw)

Answer:warning security report! malware removal??

G'day, Jon,Can you please Post into this Area and be Patient, we are having a very busy time just now?http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/Someone will come there to Help you out.

4 more replies
Relevance 57.4%

Hello all,

I have the malware Security Protection on my desktop. A quick search on google can show you what it is. Anyway, I have run MBam numerous times, each of which has removed, it seems, a portion of Security protection. However, a link of security protection still winds up residing on my decktop as well as a reloaded version of SP later on. I cant seem to fully get rid of it. any ideas?

SW
 

Answer:security protection malware complete removal

Hiya and welcome to Tech Support Guy

Can you run the tools in this thread:

http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html

And then post the following:

1. Copy and paste the HijackThis log.
2. Copy and paste the contents of the DDS.txt file.
3. Upload as an attachment the Attach.txt file. There is no need to zip it as suggested in the DDS instructions
4. Copy and paste the contents of the ark.txt file.

Regards

eddie
 

1 more replies
Relevance 57.4%

sir, Two computers(winXP-pro-sp3) in my office have infected with virus/malwares but of different nature. In First machine, Avira free was installed. Same machine had to be reformatted(only C-drive out of three partitions, C, D & E) a week ago after a virus removal exercise with Mcafee AV, which resulted vanishing of Desktop & start menu. Probably fresh virus infection occured due to non-formatting of other two partitions containing lot of data( mainly .doc, .pdf, .jpg, .htm & .txt). This time I tried to clean the machine with a updated Nod32(installation folder copied from another machine) kept in a flash drive. cleaning was done in safe mode when some 2000+ virus was removed by Nod32 including some conficker,autoit viruses. Before reaching safe mode, I tried TaskMgr, Msconfig, regedit & windows search, all of which were disabled. However, it was possible to view hidden files & file extentions, inluding system files. But after reboot, viruses not removed, took control of machine & reaching safe mode was blocked. One thing i noted is infection of svchost.exe & explorer.exe. First one was operated from a folder(2537452) within system32, second one was associated with a file "regsvr.exe"I read your article for removal of security tool & accordingly downloaded rkill.com, kept in desktop & wanted to run but every time virus terminated the application before starting. I could install a current version of malwarebytes' Antim... Read more

More replies
Relevance 57.4%

Hi

I'm trying to remove this malware from my laptop computer but all instructions that I've read indicate to download removal spyware...but my browser won't start up! I tried burning the indicated software to a CD and then loading to the infected computer but still no luck...

Any ideas?!

Thanks!

More replies
Relevance 57.4%

Hi! I'm running windows 7 and I have the same problem as this guy has:

http://forums.techguy.org/virus-other-malware-removal/983966-wpn-exe-file-posing-vista.html

It's malware masquerading as some kind of anti virus software that jumps up and starts doing a false scan and then tries to make me buy it. It pops up whenever I open an IE/Chrome window and attempts to hijack my browsing. I think it's also somehow hijack spybot search and destroy because I can't get that to scan at the moment. Nor can I get hijack this to produce a log (it just produces a blank notepad file and then 'vista home security' pops up and starts scanning again).

I can only use IE/Chrome when I terminate the process in the task manager (bal.exe - description is 'steam'.)

Being that it has pretty much crippled every possible form of defence my computer has I really would appreciate some help getting rid of this awful thing!

Thank you!
 

Answer:Vista Home Security malware removal

9 more replies
Relevance 56.99%

Oops. Sorry folks. Looks like I may posted in the wrong place again. Have been having a few problems with AVG Forum. They have never been any help at all. Just seem intent on giving me the run around, so hope that you can assist on this one.
My AVG Security Toolbar has got legs. Nowhere to be seen. I have clicked on Tools Menu next to the little cog thinking that I may have inadvertently unticked AVG Security Toolbar, but its gone. So I then clicked on View in Menu Bar; again, Kaput. Disappeared.
Is there some way that I can get back my AVG Toolbar without going through the whole unstall/reinstall process.
AVG tell me to check out FAQ 1247 but there is no FAQ 1247 that I can see.
 

Answer:Solved: AVG (Yahoo) Security Toolbar

Dear keno-ken,
Are you not happy that your (AVG) Yahoo toolbar has legs and ran away?LOL. Does the Yahoo toolbar help you or just cramps you for space? I hate toolbars (purely personal view), especially ask and Yahoo,not that Googe is far behind!
 

3 more replies
Relevance 56.99%

I have slowed system speed and the info bubbles that pop up on the bottom right of the desktop. Everything that i have researched told me i should post my hijackThis log

so here
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:41:55 PM, on 11/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program File... Read more

Answer:Solved: Infected with Security Toolbar 7.1

16 more replies
Relevance 56.99%

Need help getting some nasty bugs off my puter. Spycrush, Security Toolbar 7.1 and "back door Trojan" on computer.

Here is the HiJack report:
Logfile of HijackThis v1.99.1
Scan saved at 7:41:48 PM, on 6/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Video ActiveX Access\iesmn.exe
C:\Program Files\Video ActiveX Access\imsmain.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\PROGRA~1\COMPAQ~2\Pre... Read more

Answer:Solved: Spycrush, Security Toolbar 7.1 and others

14 more replies
Relevance 56.99%

My internet explorer settings have been stolen. Every time I try to use it I get this security toolbar page instead of my homepage, constanly getting popups and requests to download security programmes.
Here is my HJT report below if it helps Thanks from Turner.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:52:03, on 01/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ... Read more

Answer:Solved: help me remove security toolbar 7.1 please

11 more replies
Relevance 56.99%

Hi,

First of all, what a great site!
I looked up the site and searched for uninstallation of security toolbar 7.1. I ran SmitFraudFix v2.200, HijackThis and Killbox and my problem was gone.

But i still have one small problem left. I keep getting the pop up "there was no dial tone". I checked out the network connections and saw a new connection named "Connection" set up there. I removed it from IE properties, but after a few minutes, it's right back there along with its annoying little pop up. I can't figure out what to do. I'm attaching a log from hijackthis. Please help
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:00:07 AM, on 25.08.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\JitBit\Net Profile Switch\NetProfileSwitch.exe
C:\Program Files\MSN M... Read more

Answer:Solved: security toolbar residual pop up

7 more replies
Relevance 56.99%

well, i have this "Security Toolbar" on my computer and it's giving me all this pretty nice pop ups about me having a virus and a lil balloon on the side saying the same too. I really would like this toolbar gone from my computer please help.

Below is my Hijack log thingy:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:59:25, on 7/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Web Technologies\wcs.exe
C:\Program Files\Web Technologies\iebtm.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\GridService\peer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Web Technologies\iebtmm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\DOCUME~1\JIEYI~1\LOCALS~1\Temp\atmadm2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\P... Read more

More replies
Relevance 56.99%

i had this a day ago and i used spybot search and destroy
C:programfiles/onlinevideoad thats the file directory
im glad its gone cause it was driving me nuts

More replies
Relevance 56.99%

Here's the Hijackthis.log:

Logfile of HijackThis v1.99.1
Scan saved at 6:11:59 PM, on 6/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Security Tools\imsmn.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.auctions.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sg.... Read more

Answer:Solved: Security Toolbar 7.1 Need help to remove

7 more replies
Relevance 56.99%

Hi,
WinXP; Dell Dim E310.

*.doginhispen and *whataboutadog and others have appeared in IE Trusted Zones plus Security Tool Bar 7.1 has taken residence. PC (not mine) did not have an active antivirus. I have since loaded AVG, which runs, but the virus database fails to update. Reinstall? I keep the pc offline because the malware will run IE to offensive sites if online.

I've run ComboFix, SuperAntiSpyware and HJT; logs follow. Recommendations for next steps? Thanks for your help.

ComboFix 07-10-27.1 - Thomas 2007-10-27 20:22:53.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.368 [GMT -4:00]
Running from: C:\Downloads\MalwareFix\Combofix\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Thomas\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Thomas\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Thomas\Favorites\Online Security Guide.lnk
C:\WINDOWS\system32\xnyxqcya.dllbox

.
((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-28 )))))))))))))))))))))))))))))))
.

2007-10-26 16:25 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-26 16:19 d-------- C:\Documents and Settings\Thomas\Application Data\AVG7
2007-10-26 16:19 d-------- C:\Documents and Settings\LocalService\... Read more

Answer:Solved: 015-Doginhispen; Security Toolbar 7.1.

I also ran SmitFraudFix prior to ComboFix.
 

2 more replies
Relevance 56.99%

Okay, I've read thru others posts and problems with this and walked my way thru getting (hopefully) the info you need to help me resolve issue. Any help is much appreciated and needed!! So, here it goes.......

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:10:05 PM, on 10/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Video Add-on\icmntr.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\windows\LOCALS~1\Temp\Temporary Directory 1 for HiJackThis_v2[1].zip\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.cl... Read more

Answer:Solved: unwanted security toolbar (7.1) and pop-ups!!

16 more replies
Relevance 56.99%

Please help me get rid of this. This is my hijackthis info.

Logfile of HijackThis v1.99.1
Scan saved at 1:34:10 AM, on 6/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video ActiveX Access\iesmn.exe
C:\Program Files\Video ActiveX Access\imsmain.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Video ActiveX Access\imsmn.exe
C:\Program Files\Video ActiveX Access\iesmin.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program File... Read more

Answer:Solved: Security Toolbar 7.1 Virus PLEASE HELP!!!

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning pr... Read more

3 more replies
Relevance 56.99%

With much embarrassment I have now joined those who have downloaded some spyware. I think it happened after clicking on a "click here to load Active-X' type of message.
I have a Toshiba Tecra S1 1.7ghx running Windows XP SP2.

I think i have removed Spycrush, however Internet Explorer 6 kept defaulting to Antispyware pages instead of my Google homepage plus a new toolbar titled Security Toolbar 7.1 appeared which I cannot remove. I upgraded to IE V7 but nothing has changed.
After reading similar posts I have run HIJACK THIS and SmitFraudFix.
The files are found below for your perusal. Any help most appreciated.

HIJACK THIS
Logfile of HijackThis v1.99.1
Scan saved at 8:14:22 PM, on 17/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\D-Link\Bluetooth Software\bin\btwdins.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\CAPM2RSK.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Fil... Read more

Answer:Solved: Spycrush and Security Toolbar 7.1

7 more replies
Relevance 56.99%

Got this yesterday.

Running Windows XP Professional on a Dell Latitude.

I Have the Security Toolbar 7.1 displayed on the IE Browser.

I get frequent popups from Computer Associates Realtime monitoring that says that "The Win32/Puper!generic was detected in C:\WINDOWS\SYSTEM32|32|311496\311496.DLL" .

I Ran Hijack this and here is the first Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:20:49 AM, on 10/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\ppRemoteService... Read more

Answer:Solved: Security Toolbar 7.1 Problem

12 more replies
Relevance 56.99%

I disabled the toolbar and found a good detailed 20 some step way to remove this which included downloading AVG, CCleaner, HiJackThis, etc and I got about to step 8 when the CCleaner ran and cleared my browser history so I cant find the thread again. My own fault but here is the log from HiJackThis, maybe someone can help me out here or if you know what thread I am talking about, can post a link and I can finish the steps.

Log reads...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:08:50 PM, on 11/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Fonts\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\DOCUME~1\Reppert\LOCALS~1\Temp\mofugclq.exe
c:\program files\common... Read more

Answer:Solved: Yet Another Security Toolbar 7.1 problem

16 more replies
Relevance 56.99%

You guys have always done well for me before so I hope you come through for me again!

I have the dreaded Security Toolbar 7.1 on my system and its driving me nuts with its incessant popups. I have posted a HJT log below in the hope that it may help.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:47:28 PM, on 16/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CmWatch.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\taskswitch.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jason Lawson\Desktop\HiJackThis_v2.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E... Read more

Answer:Solved: Need help removing Security Toolbar 7.1

Heres a SmitFraudFix log as well (I did a little bit of extra reading on the forums as well )

SmitFraudFix v2.212

Scan done at 19:56:44.82, Thu 16/08/2007
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\notepad.exe

hosts
C:\
C:\WINDOWS
C:\WINDOWS\system
C:\WINDOWS\Web
C:\WINDOWS\system32
C:\WINDOWS\system32\LogFiles
C:\Documents and Settings\Jason Lawson
C:\Documents and Settings\Jason Lawson\Application Data
Start Menu
C:\DOCUM... Read more

2 more replies
Relevance 56.99%

My computer keeps saying I have back door trojans and many cases of spyware as well as security toolbar 7.1 Can anybody help me please?
 

Answer:Solved: Help! Security Toolbar 7.1 Wont Go Away!

7 more replies
Relevance 56.99%

Hi There,

I had the Security Toolbar 7.1 on my computer. I downloaded smitfraudfix and tried to start my computer in safe mode, but my safe mode isn't working. So I ran smitfraudfix anyway so I'm not sure if the Security Toolbar is completely deleted. I do know that my homepage is still hijacked. I would appreciate any help that you could give. Thank you so much!

Logfile of HijackThis v1.99.1
Scan saved at 7:44:15 AM, on 9/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG... Read more

Answer:Solved: hijackthis log for security toolbar 7.1

9 more replies
Relevance 56.99%

Hello,

A firend of mine was having PC problems and I told them I would try to help out... now it seems that there problems are beyond my knowlege and I am hoping I can get some help here...

I know the following:

1. They have the Security Toolbar 7.1 in IE (and there does not seem to be anyway to get rid of it).

2. They listen to one of the pop-ups caused by Security Toolbar 7.1 and bought some program called "Malware Wiped" which I think just causes more adware.

3. The PC can't connect to the internet when Norton Personal Firewall is enabled (I can't find any settings that are set wrong that would cause this, so I thinking it is being stopped by a Virus/Malware.

Anyway, here is the HijackThis Log... Hopefully someone can help out.

Thanks,

Todd

Log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:55:36 PM, on 7/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Commo... Read more

Answer:Solved: Security Toolbar 7.1 and other Spyware

8 more replies
Relevance 56.99%

On internet i have seen several times the advice to change the name by which a particular malware removal program is known since some malware recognizes the files
or the ---.exe and then prevents its installation onto an infected computer or its execution, even if the program was installed on the computer before the infection took place.
This was advised for TDSSKiller (tdss.exe should be renamed to e.g. whatever.com)
Malwarebytes AntiMalware should be renamed before using it on an infected computer.
See e.g.
How To Easily Remove Google Redirect Virus
http://www.usenetmessages.com/view.p...&id=476887&p=C

Can anyone say anything about this? And should this also be done routinely with other malware removal programs? If that would really be necessary/advisable then why wouldn't the providers give you the choice of renaming by asking if you want to, or simply give you no choice but rename their product? Probably not many people would ever think of doing it themselves.

Answer:Should malware removal programs be renamed for security reasons?

I'm perhaps being rather cynical, but I'm very suspicious of articles that have a link to a 'registry cleaner' or any other so-called utility that claims to clean or speed up your computer.

I'm of the opinion that some of these can easily corrupt your registry or your system.

Microsoft Security Essentials along with Malwarebytes and ignoring suspicious web pages or links has kept my computer free of viruses so far.

As for renaming Malwarebytes, I certainly wouldn't do it. If the door is already open, the undesirable alien is already in and only its removal will suffice.

The door needs to be locked, not just have its name changed.

6 more replies
Relevance 56.99%

i cant even get Hijack this to work as soon as i run it it disappears so i cant even post that here to show whats going on with my computer.. im using windows XP... i keep getting redirected when i try to search on yahoo or google... using mozilla firefox. ive also tried to run in safe mode but i keep getting a blue error screen and cant move past that.

Answer:advanced virus removal / security tools malware?

Let's see if we can get a scan to workIf this works, go ahead and repost in the HJT forum. If not, post back hereRun this application and then immediately run your scanPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer or you will have to run it again

8 more replies
Relevance 56.99%

I followed the Malware removal guide top to bottom, and it successfully removed the problem I had - which was that Google searches were returning false results

Thank you!

After completing the procedure I now get error alerts on my existing Security software:

1. Norton Internet Security 2009 -
a Risks in compressed file "dc1.exe"
b Risks in compressed file "Combofix.exe"

2. Spyware Doctor -
Application.NirCmd (22 infections)

Do you know if these are false alarms related to the Malware removal process?

Should I ignore these alarms, or let the software apply a fix?

Can I now safely toggle System Restore?
 

Answer:Security threats reported after completing Malware removal

I can't see log files for Malwarebites AntiMalware or for SuperAntiSpyware

I did run the scans but I don't think they found any infections
 

5 more replies
Relevance 56.99%

Hey Guys,
 
I Follow the 

CryptoLocker Ransomware Information Guide and FAQ
http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#decrypt
and set the security policies to avoid CryptoLocker attack my computer which are these 
 
Block CryptoLocker executable in %AppData%

Path: %AppData%\*.exe Security Level: DisallowedDescription: Don't allow executables to run from %AppData%.

Block CryptoLocker executable in %LocalAppData%

Path if using Windows XP: %UserProfile%\Local Settings\*.exePath if using Windows Vista/7/8: %LocalAppData%\*.exeSecurity Level: DisallowedDescription: Don't allow executables to run from %AppData%.

Block Zbot executable in %AppData%

Path: %AppData%\*\*.exe Security Level: DisallowedDescription: Don't allow executables to run from immediate subfolders of %AppData%.

Block Zbot executable in %LocalAppData%

Path if using Windows XP: %UserProfile%\Local Settings\*\*.exePath if using Windows Vista/7/8: %LocalAppData%\*\*.exeSecurity Level: DisallowedDescription: Don't allow executables to run from immediate subfolders of %AppData%.

Block executables run from archive attachments opened with WinRAR:

Path if using Windows XP: %UserProfile%\Local Settings\Temp\Rar*\*.exePath if using Windows Vista/7/8: %LocalAppData%\Temp\Rar*\*.exe
Security Level: DisallowedDescription: Block executables run from archive atta... Read more

Answer:Security Policies doubts after Malware Removal Tools

Instead of playing with the Local Group Policy Editor manually to set these GPOs, you should just download and use the free version of CryptoPrevent that will do everything for you and also offers you various options when it comes to the "thightness" of the settings.https://www.foolishit.com/vb6-projects/cryptoprevent/This tool was created following Lawrence Abram's instructions you just followed, plus some custom made rules, so you'll be good if you use it.

1 more replies
Relevance 56.99%

Hello,

I seem to have the same issue as the poster below - except that I'm runnin Windows Vista. I can't seem to be able to download any program - even in safe mode - as the malware starts popping up it's own security windows. I would greatly appreciate any help.

http://forums.techguy.org/virus-oth...5697-vista-home-security-malware-removal.html

Thanks
 

Answer:Vista Home Security 2011 Malware removal

I was really hoping that someone can help on this. It's been 2 days since my original post; so I thought I would bump it up. Any help would be greatly appreciated. Thank you.
 

1 more replies
Relevance 56.99%

Hi fellow techs

Just got d above virus and Wat a mission it was to get rid of it

However it has left some damaging things behind like win updates thinks it's not turned on when it is!!!

As well as it's made some ordinary files like movies to be marked as hidden files

And all programs is not listing a thing but they are all still present!!!!

What the&hellip;&hellip;

Can anybody help

I will try restoring to a week ago soon to see if that works

Answer:Xp security 2011 / malware removal tool virus

You are still infected. We cannot help you here with Malware removal as per forum rules. Please head over to Virus/Trojan/Spyware Help and post there for more help
NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

1 more replies
Relevance 56.99%

I hope I am finally in the right forum. Please, please help.Mod Edit: Topic in XP forum, http://www.bleepingcomputer.com/forums/topic433359.html/page__gopid__2516139 .Following pinned instructions for 2012..Security..XP, I was able to remove a number of Trojans with Malwarebytes, restored the firewall, reran Avast, and thought all was OK. And it seemed to be for a couple days.... Then Avast informed me it couldn't protect for firewall/email. Removed a few more trojans with malwarebytes, but could not get the firewall back up. Another forum has directed me here, explaining that I probably have resident malware.At this time, my computer is hung on the "windows is shutting down" window (I was trying to restart.) Before that, I had physically unplugged from the internet. A lot of services were running huge I/O and Other while I had nothing up but the CPU usage screen. InCDsvc and lsass were the most active. Oddly, I got a message the last couple reboots, that InCD could not be started.The scary thing for me (other than that the screen hangs there) is that all these processes were running very actively, but none were identified with a user - usually, it specifies network, local, Irena - like a ghost in the machine. It got quiet when I stopped the InCD, and very quiet after I pulled the Internet plug.The message was: Windows cannot start the Firewall/Internet Connection Sharing (ICS) service. I didn't go online after that. Now it's just a hung "shutting ... Read more

More replies
Relevance 56.99%

The malwarebytes antivirus did not remove the winweb pop up security alert. When I run the scan it does not detect any malicious items. The only malware quarantined was from the vendor Adware.Zango. The item is very long. I would cut and paste it here but can't seem to do that. It starts with HKEY_CURRENT_USER. This was the only one found in the registry of malware antivirus. There are many other items in the winweb security alert like trojans and others. should I write these down in the postings? The pop up Lsas.keylogger keeps coming up too.I did switch to firefox. Before winweb was on my screen I used Internet explorer. I'm not sure if the browser matters. I've used firefox eversince winweb has been popping up. Also, I could not run kapernsky's free scan for some reason. I did download the new runtime JAva but I still couldn't get a scan.I will cut and paste the reports from RSITLogfile of random's system information tool 1.04 (written by random/random)Run by sam pratt at 2008-12-03 10:43:54Microsoft Windows XP Home Edition Service Pack 3System drive C: has 258 MB (3%) free of 8 GBTotal RAM: 254 MB (27% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:44:46 AM, on 12/3/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS&... Read more

Answer:Malware removal request( winweb security alert)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable ... Read more

3 more replies