Computer Support Forum

Help! Bogus System Alert Removal & Pop Up Removal

Question: Help! Bogus System Alert Removal & Pop Up Removal

I love my computer and hate to see it act like this, so i need help from you guys on how to remove this alert balloon that keeps popping up from my taskbar and keep it gone. also i keep getting many popups, a lot of which never load. i think this might have to do with some fake active x thing i installed. i downloaded hijackthis and here is the report: (i noticed 4 new processes running on task manager, too. this might have to do with it all: iesmin.exe, iesmn.exe, imsmain.exce, and imsmn.exe) PLEASE HELP ME!!! thank you!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:13 PM, on 9/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\a-squared Anti-Malware\a2HiJackFree.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Video ActiveX Access\imsmain.exe
C:\Program Files\Video ActiveX Access\imsmn.exe
C:\Program Files\Video ActiveX Access\iesmn.exe
C:\Program Files\Video ActiveX Access\iesmin.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C3C4699-B285-475F-BE47-0B26088CE876} - C:\Program Files\Video ActiveX Access\iesplg.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: Lefty - {275296E0-75EC-4380-BB5F-900636889A8D} - C:\WINDOWS\system32\nsn369.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - (no file)
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isaddon.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BCBCEE7B-2001-4971-B991-EB6E81C96CC5} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)
O3 - Toolbar: Protection Bar - {F06E2ABE-3A50-4079-BE25-FC100D9EAA25} - C:\Program Files\Video ActiveX Access\iesbpl.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\adspipe.dll" DllVerify
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [isamonitor.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe
O4 - HKLM\..\Policies\Explorer\Run: [none] C:\Program Files\Video ActiveX Object\pmsngr.exe
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Access\imsmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~4\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120fd.bay120.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - (no file)
O22 - SharedTaskScheduler: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - (no file)
O22 - SharedTaskScheduler: heterotroph - {de5ede53-9db0-422d-b32d-5c41c96d6f52} - (no file)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 12397 bytes

Relevance 100%
Preferred Solution: Help! Bogus System Alert Removal & Pop Up Removal

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Help! Bogus System Alert Removal & Pop Up Removal

6 more replies
Relevance 84.87%

I have the AntiVirGear rogue anti-spyware application System Alert! icon in my systray and the resultant infuriating pop-ups. I foolishly shelled out for SpyHunter's removal facility without success. I would greatly appreciate some help. TIA

If it helps any, my HiJack log reads:

Logfile of HijackThis v1.99.1
Scan saved at 16:48:18, on 01/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\finanwtg\zqjybglu.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdp... Read more

Answer:Solved: System Alert! removal

11 more replies
Relevance 83.64%

First Open up Control Panel / System / Advanced / System Restore

turn it off

now reboot your PC into Safe Mode
on reboot hit F8 if your system has a smart boot
you need to do this 2x First for Boot device
Second for safe mode menu (be quick Windows like to load)

In safe mode turn on view System and Hidden files
Open Recycler and remove any "S-" files you find there
these are Registry entries waiting to reinfect the registry

now click Start and Run and type in regedit
under Edit select Find
type in cthkpcv.dll and search for this file entry
you should only find ONE instance of this in registry

now that registry entry is gone you need to reboot
back into safe mode to remove the target file
with registry entry running the file will not delete

Back in Safe mode for Second Time
C:\WINDOWS\SYSTEM32\cthkpcv.dll
open my computer
select windows folder
select system32 folder
right click view arrange by name
find the file cthkpcv.dll
highlight it and hit shift del to delete with
no entry to recyle bin

you are ready Reboot PC back into normal window
also if you normally use restore ON return the setting to ON

there are 4 other registry entries associated with this System Alert
Hkey_Local_Machine\Software\Microsoft\Windows\CurrentVersion

I havent found them yet for exact listing but I will and update this post
however with above steps you will stop getting the system alerts

Edit:
Found 1 Hkey_Local_Machine\Software\Microsoft\Wi... Read more

Answer:Anti-Vermins System Alert Removal

PART 2 Read Below First !!!!

Found 2 Hkey_Classes_Root\TypeLib\{600B9825-0AC9-4541-8C42-73B405413560}\1.0\0\win32
Entry Default data C:\Program Files\AntiVermins\AntiVermins.exe
again Program Directory is not on system but remove entry

Found 3 Hkey_Classes_Root\TypeLib\{600B9825-0AC9-4541-8C42-73B405413560}\1.0\HELPDIR
Entry Default data C:\Program Files\AntiVermins\
I dont have this target folder on my PC but delete registry entry

Found 4 Hkey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*
Entry may vary on mine its g data C:\Documents and Settings\{Windows User Name}\Desktop\Antivermins.txt
deleting this registry as well but the file is not on my desktop

Found 5 Hkey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\txt
Entry may vary on mine its f data C:\Documents and Settings\{Windows User Name}\Desktop\Antivermins.txt
again this points a txt file on desktop not on my system delete registry entry

I am certain there are more in Hkey_Local_Machine\Software\Microsoft\Windows\CurrentVersion
I will have to make another run thru registry to find these perhaps run an online scan for Identification


Apparently the registry entries are made in preparation for the download of the Anti-Vermins Malware
software from the pop-up alert
this however just infects you deeper (I did a web search and saw the malicious nature and did not D/L the software)
this software mascarades as a... Read more

3 more replies
Relevance 83.64%

here is my log from hijack this:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:22 AM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Video ActiveX Access\imsmain.exe
C:\Program Files\Video ActiveX Access\imsmn.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\utilman.exe
C:\WINDOWS\winhlp32.exe
C:\Program Files\Intern... Read more

Answer:System Alert: [email protected] removal help me

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning pr... Read more

1 more replies
Relevance 78.31%

Hello all --

A few weeks ago, my computer got some kind of infection. The clearest symptoms are that my files have been "hidden" (I cannot see them in their folders), my desktop is absent of my standard icons, I cannot connect to the internet if I'm not in safe mode with networking, and the virus offers a bogus virus removal software to download--for a fee, of course! I'm barely computer literate, so I'm not quite sure what else to say about the issue, but I have noticed that it makes McAfee useless.

A couple of other little problems, such as consistent error pop ups, are also present. (To be honest, I cannot recall what they say. I've been using my netbook while the problem has persisted, and this is the first time I've turned on the infected computer for weeks.)

If anyone is able to help me out, I would greatly appreciate it! No major rush here, so please feel free to take your time, if you have any at all. I have attached/pasted logs below. Thanks so much for taking a look.

Best,
Pac

--

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22
Run by Pac at 13:59:32 on 2012-05-15
Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.3061.2306 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender... Read more

Answer:Bogus Software Removal Virus

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At t... Read more

26 more replies
Relevance 78.31%

hello good people who can help me (me hopes!!!),well, it seems that my comp has been infected by a virus (whatever) that informs me that i may have been infected by a virus and then sends me to a bogus site....the ads appear in an info box at the top od the webpage (trustedantivirus.com) and then hijack me to pcsecuresystem.com. i can't get rid of this...i have run:symantec antivirusadawarespybothousecallpandabitdefenderand stinger..... please help..... danLogfile of Trend Micro HijackThis v2.0.2Scan saved at 4:06:07 PM, on 11/11/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\drivers\CDAC11BA.EXEC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\PROGRA~1\NavNT\DefWatch.exeC:\PROGRA~1\NavNT\rtvscan.exeC:\Program Files\Raxco\PerfectDisk\PDAgent.exeC:\PROGRA~1\Dantz\RETROS~1\retrorun.exeC:\PROGRA~1&#... Read more

Answer:Hijackers And Bogus Virus Removal Ads..... Please Help!

Welcome to the BleepingComputer HijackThis Logs and Analysis forum burke91 My name is Richie and i'll be helping you to fix your problems.Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed in 2006,read this article: http://www.clickz.com/news/article.php/3561546You are well advised to remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present,then restart your pc:ViewpointViewpoint ManagerViewpoint Media PlayerIf you have previously downloaded ComboFix,please delete that version now.Now download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers.Disconnect from the Internet. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.*Note*In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wro... Read more

9 more replies
Relevance 77.49%

I executed some bogus virus scan last Friday. Once I realized what I had done, I tried to go into task manager to kill the process but the tab was disabled. I then shut down the PC, booted in safe mode and ran Malware bytes. The first run found several infected objects and when I ran it again, it found a couple more. On the 3rd run it found nothing. I then booted normally, and I noticed getting the following Loader Error message, "The procedure entry point HttpQueryInfoA could not be located in the dynamic link library WININET.dll" When I try to kick off Adaware this message comes up. And when I try to run a virus scan using McAfee this message comes up. And when I do certain searches in Google, and click on a result link, the browser is being redirected to other bogus sites. I was able to install Microsoft's Malicious software removal tool but if never found the malicious code.DDS (Ver_2011-06-12.02) - NTFSx86 Internet Explorer: 8.0.6001.18702Run by Brett at 13:24:25 on 2011-06-14Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.2110 [GMT -4:00].AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}.============== Running Processes ===============.C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svch... Read more

Answer:Bogus virus scan software removal

I now can't even get Windows to load. I'm receiving the following error when trying to log in to Windows

services.exe Application Error
The instruction at "0x003f31dc" referenced memory at "0x1000816c". The memory could not be "read"

When I then click OK, I get a System Shutdown message

The system process
'C\\Windows\system32\services.exe' terminated unexpectedly
with status code 1073741819 The system will now shut down and restart

And then it counts down and reboots and does it all over again.

41 more replies
Relevance 75.85%

I have many pop-up ads while browsing the internet these past 2 days. When I click my Windows Security Alerts icon, it states that I am "at risk" because my automatic updates have been shut-off. Even when I turn them back on, they reman shut off (i'm pretty sure this is the malware running defense for itself). The pop-up ads are for fubar.com, bigpoint.com, ovguide.com, and for vista antivirus 2008 & 2009 software. Basically they're trying to get me to buy bogus software to "fix" or "clean" the problem that they gave me.I'm running IE7 on Windows XP Home w/sp3. I'd really appreciate any guidance/help from the professionals on this forum with helping me remove these problems. Thanks in advance!-JimDeckard's System Scanner v20071014.68Run by JIM on 2008-08-03 19:30:59Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------System Restore is disabled; attempting to re-enable...failed; access is denied.Backed up registry hives.Performed disk cleanup.-- HijackThis (run as JIM.exe) -------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:31:55 PM, on 8/3/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC... Read more

Answer:Vista Antivirus: Bogus Software... Malware/virus Removal?

update: Spybot - Search & Destroy says it's Virtumonde. I think it could be more too.
Day 4...

28 more replies
Relevance 75.03%

I've had this virus/bug before and have removed it in the past, but this time I got it I followed directions on bleepingcomputer (ie: downloading and running rkill, turning off the bogus proxy settings, and running an updated version of malware bytes in safe mode) but I was still getting redirects when searching google. While trying to figure out what was wrong, I somehow got reinfected with the same fake antivirus removal software bug. I decided it was best to go ahead and post my particular problem so I can get a specific response rather than continuing to take shots in the dark based on other people's problems. So, I am sorry if this is redundant and I will happily follow a link to the correct fix if it is already out there. I just want to make sure I am solving this once and for all. Thanks so much in advance!!!DDS Text:DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by casandra at 10:28:12.29 on Fri 07/02/2010Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.740 [GMT -4:00]AV: eTrust ITM *On-access scanning enabled* (Updated) {33EA71EA-56CF-40B5-A06B-BD3A27397C44}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\internet explorer\iexplore.exeC:\Docu... Read more

Answer:Bogus Anti-spyware Removal/Virus protection and Google Redirects

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

3 more replies
Relevance 74.21%

Hi there,
I am running Windows XP SP2
I have constant bogus system and virus alerts along with VIRUS ALERT! displayed by the clock. In addition to this when I select the 'Start' button the options for 'All programs', 'My Computer', 'Control Panel', 'printers and faxes', 'help and support', 'search' and 'run' have all disappeared. The only ones left are 'Set program access and defaults' and a 'connect to'
I have worked through your steps 1 to 5 with the following results:

STEP 1
I have AVG free and McAfee Security centre running, I have tried to uninstall McAfee but when I try and uninstall it I get an error message saying that legacy items must be removed first. At this point I am unable to select the uninstall option so I have had to leave it running for now.
In accordance with your malware list I removed 'ShopperReports by Hotbar' and 'Viewpoint Media Player'. There was nothing on spyware warrior that I needed to remove.

STEP 2
I have downloaded Panda Active Scan but when I try to install it I get an error message at 100% requesting me to try again. I have tried numerous times, it won't install. Hence there is no Panda scan log.

STEP 3
I have downloaded Spyware blaster and ie-spyad. Whilst installing ie-spyad and having to browse to select the file I noticed that there was no 'C' drive displayed in 'my computer'

STEP 4
Up until these problems started I had always kept windows up to date. When checking the latest updates as per your link I get an error me... Read more

Answer:Constant bogus system alerts and VIRUS ALERT! displayed alongside the clock

Bump please

13 more replies
Relevance 73.8%

MS Removal Tool is a rogue software. It restricts you from accessing your desktop. You cannot start Task Manager, and you cannot open Internet Explorer or any other programs. This situation is the result of malware (a variant of Win32/Winwebsec) that is infecting your computer.
To remove the MS Removal Tool, follow the steps below: Boot your computer into Safe Mode.
Windows XP and Windows Vista:Start your computer and press and hold the F8 key.A Windows Advanced Options menu will appear. Use your arrow keys to scroll to Safe Mode and click the Enter key.Click the Start button, and then click Run.Type cmd then click OK. A black command prompt window will appear.Locate the affected directories:
Windows XP:Type cd c:\Documents and Settings\All Users\Application Data\ and press the Enter key.Type dir and press the Enter key.
Windows Vista:Type cd c:\ProgramData\ and press the Enter key.Type dir and press the Enter key.Type c:\Users\All Users\ and press the Enter key.Type dir and press the Enter key.Scroll through the list to find directories with random names that contains 18 characters. For example: cHl08200gMhHd08200 , pJg08200fBmPl08200.Type rd /s /q <random name>, and then press the Enter key. Replace <random name> with the 18 character name. Repeat this step for each random name you find.Type reg delete hkcu\software\microsoft\windows\currentversion\run once /v <random name> /f, and then press the Enter key. Replace <random name> with the 18 cha... Read more

More replies
Relevance 71.75%

I'm pulling out my hair please help. Here's my HJT logfile.

Logfile of HijackThis v1.99.1
Scan saved at 7:16:48 PM, on 7/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
f:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
F:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
F:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\sobrado.AOA1\My Documents\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Soft... Read more

Answer:Malicious Software Removal Wizard, Spyware Removal Wizard, System Integrity Scan Wiz

Please do not start more than one thread for the same problem.

Closing duplicate.

Please continue here:

http://forums.techguy.org/security/488003-hjt-logfile.html
 

1 more replies
Relevance 70.52%

I was browsing the internet when my avast anti virus alerted me with a Trojan , got it fixed but then later a window that looked exactly like the "Windows Security Alert" kept on popping up every now and then, especially when I get to open and start browsing the net stating that "Windows Firewall has detected activity of a harmful software" with the name (that kept on changing after one and every pop-up..) as the following: Trojan-Spy.HTML.Bankfraud.dq, Trojan-Spy.Win32.Keylogger.aa, Trojan-Clicker.Win32.tiny.h ,respectively. In the pop up, there were two line prompts that upon clicking will lead you to buy an AntiSpyware.

I already had Spyware doctor, Windows Defender and Spybot s&d done and even run some scan and cleaning during safe mode but "windows security alert" still pops up. Is there any convenient remedy for this?

Please help. Thank You!
 

More replies
Relevance 69.7%

hey guys there is this icon on my taskbar thats a flashing questn mark and a cancel sign.... it says I have a virus problem but I know for a fact it is spyware... how do I remove it? here is my log...

Logfile of HijackThis v1.99.1
Scan saved at 9:19:06 AM, on 8/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Administrator\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Interne... Read more

Answer:Virus Alert!.......removal

Hi alski89 , Welcome to TSF !!
I recommend you Subscribe to this thread so you are notified of any replies via email
To do this :
Click Thread Tools, then click Subscribe to this Thread
Make sure it is set to Instant Notification by email, then click Subscribe

You may wish to print out a copy of these instructions to follow while you complete this procedure

I need you to download some programs to aide in our fix :Do Not Run Them Yet

Download SmitfraudFix? by S!Ri to your Desktop.
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Download ATF (Atribune Temp File) Cleaner? by Atribune

Download and Install Ewido Anti-Malware? by Ewido Networks

Launch Ewido, there should be an icon on your desktop double-click it.
The program will now go to the main screen
You will need to update Ewido to the latest definition files.
On the main screen select the icon Update then select the Update now link
Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
Close Ewido Anti-Malware

Reboot to Safe mode
Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Ente... Read more

1 more replies
Relevance 69.7%
Question: Fake.Alert Removal

I removed Fake.Alert via Ad-Aware and since then this computer cannot connect to the internet. I'd appreciate any help anyone can offer!

Thanks!


DDS (Ver_09-09-29.01) - NTFSx86
Run by John at 11:45:56.32 on Fri 09/17/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1165 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\M... Read more

Answer:Fake.Alert Removal

Welcome to TSF :)

Please download Malwarebytes' Anti-Malware from Here.



Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


===========================================

Download OTL.exe to your desktop.
Double-Click on OTL to run it.
When the window appears, underneath Output at the top change it to Standard Output.
Under the Standard Registry box change it to All.
Under Custom scan's and fixes section paste in the below in bold


netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CR... Read more

19 more replies
Relevance 68.88%

Hello, I was wondering if anyone could help me with fixing my boyfriend's computer. It's a Dell running Windows XP SP2.
It's considerably clogged with spyware, it seems, but I've ran Ad-Aware twice and it doesn't find anything. I went into Add or Remove Programs and was met with a mysterious program called 'Windows Safety Alert' that was 1.2 GB.
Next, I did what this guide told me to do, but I was concerned to find that only the key in step 10 was actually there.
Deciding to actually uninstall Windows Safety Alert, I returned to Add or Remove Programs and found it was gone! I found instead a 'Windows Desktop Search' which was only 12MB and uninstalled it. This didn't fix anything.

Also, there is a blinking blue and red shield in the toolbar that displays this message:
"System Alert!
System has detected a number of active spyware applicationss that may impact the performance of your computers. Click the icon to get rid of unwanted spyware by downloading an up-to-date antispyware solution."
When clicked on, it goes to www.spycrush.com/?aff=334.

I don't know what else to do, please help!

Thanks in advance!

Emilie
 

Answer:Need help with removal of 'Windows Safety Alert'

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis​Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.​
When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
CounterSpy
AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
Bitdefender - from step 6
Panda Scan - from step 6
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat
HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach ... Read more

1 more replies
Relevance 68.88%

Malware has attacked my computer and gives that red shield in the bottom that says something like "You have a security alert!" and makes many pop ups and takes over internet. I deleted ~tmpa.exe and ~tmpd.exe. But it comes back when I reboot. Log below.You help is greatly appreciated. I am sure if I delete the correct things, I can lick this.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:25:06 PM, on 1/15/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\SYSTEM32\taskeng.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exeC:\Windows\system32\ctfmon.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exeC:\Program Files\Tr... Read more

Answer:Malware removal Help - Security alert!

Hi, allingtonj Welcome. Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**Please, never rename Combofix unless instructed.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.... Read more

2 more replies
Relevance 68.88%

I am new to this forum and I am a toal idiot when it comes to computers LOL,I was sent a link of a video clip from a freind and I opend it now I have the securtiy icon in the bottom right hand corner of the screen that flashes and throws up an alert every few minutes and sends me to some spydawn thing..I have window XP...I went to the hijack site and did a scan and log thing but I have no clue what to remove....I would be greatfull for any help with this situation....TIA

Logfile of HijackThis v1.99.1
Scan saved at 2:26:44 PM, on 10/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DeskSite\binex\DeskSiteCMA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.... Read more

Answer:Security Alert icon removal

12 more replies
Relevance 68.88%

The ?Votre ordinateur est bloque? lock screen is a computer virus (Trojan:W32/Reveton), which will display a bogus notification, that pretends to be from the French police (Ministère de L?intérieur) and states that your computer has been blocked due to it being involved with the distribution of pornographic material, SPAM and copyrighted content.

The ?Votre ordinateur est bloque? virus will lock your computer and applications, so whenever you?ll try to log on into your Windows operating system or Safe Mode with Networking, it will display instead a lock screen asking you to pay a non-existing fine of 100 Euro in the form of a Ukash or PaySafeCard code.

Furthermore, to make this alert seem more authentic, this virus also has the ability to access your installed webcam ,so that the bogus ?Votre ordinateur est bloque? notification shows what is happening in the room.

To the ?Votre ordinateur est bloque? lock screen remove the follow this guide: http://malwaretips.com/blogs/votre-ordinateur-est-bloque-virus/
 

More replies
Relevance 68.88%

If you get a Trojan Alert window, DON'T click on anything in the window. If you do not download from it, your system is not yet infected! Run whatever virus protection you have and if it shows no problems, then you are not yet infected. The fix is easy and if you own a PC, you already have the means on your computer to get rid of what you now know is a Fake Trojan Alert. You don't need to buy any additional software. If the advice you get is to buy software, that's because someone has software to sell you! The resolution to your problem is easy. I have done this and don't let anyone tell you different. Simply run System Restore to the last day available before your little Fake Alert buddy showed up. IT WILL BE GONE. This topic may get closed, because somebody wants you to buy something, but the remedy I have suggested WORKS. I utilized System Restore 4 days ago and have never seen that nasty alert again and it has not been found on my system by Spybot. That's 'cause it ain't there. Good luck.

Answer:Fake Trojan Alert Removal

Some viruses and malware can be auto-executed upon completion of download.

1 more replies
Relevance 68.88%

Hi all - My dad recently tried to uninstall Adware Alert on his XP computer and now it continuously reboots when he starts it up. I tapped F8 and got it to run with "last known good configuration" which puts it in safe mode, but the keyboard won't work. I checked the driver in the Event manager and it shows an error 39. The Adware Alert icon is still on his desktop but it won't run. He said he tried System Restore but it says it can't complete it. I ran Chkdsk, but nothing has changed. I don't know very much about what else to do since I've never had this problem (I don't click on ads). I think it has messed with the registry, but I'm not sure what to do.

Any help would be greatly appreciated. I did a search and read that this is a suspected rogue spyware program, but he vountarily installed it himself so spy sweeper doesn't catch it as being bad.
 

Answer:Adware Alert removal problems

If he tried to fix it by removing or changing things in the registry, there is no guessing what he might have done. You might have to first repair windows. He does need the XP CD and not a restore/recovery CD which some computers have instead.
http://www.michaelstevenstech.com/XPrepairinstall.htm

Then after windows is repaired, remove Adware alert using this free program
http://www.majorgeeks.com/download5360.html
 

2 more replies
Relevance 68.88%

hi major geeks,

it has fortunately been awhile since you have had to help me repair my computer. unfortunately though, malwarebytes has found trojan.fakealert in my HKEY_USERS\s-1-5-21-1390067357-725345543-1003\software\xml as of yesterday and it cannot be removed. i have followed your steps and hope i have completed them all correctly. i was not able to run combofix. i couldn't figure out how to disable mcafee and complete the download for it. i did do the other steps and hope they are right. definitely don't want to waste your time. i'll attach the logs i have.

thanks for your time
mocone
 

Answer:trojan.fake alert removal

Please refer to the below:

How to temporarily disable your anti virus and follow the steps for mcafee.

I would like for you to then run combofix and also MGTools. Attach logs from each into your next reply and let us know of any problems you may have encountered. I can then start to build you a fix.

When you say MBAM doesn't remove the trojan, do you then re scan with it and have it reappear?
 

18 more replies
Relevance 68.88%

Hello,

First time here, so I'll just describe what's going on and you guys tell me what to do first. A couple of days earlier, I had that stupid Microsoft Security Essentials Alert malware popup. It was preceded by a sudden flurry of redirects on Google. Ran rkill and Malwarebytes' Anti-Malware and stopped it.

Everything seemed fine until this morning. Google seemed unaturally large in my window and I began experiencing redirects. Ran Hitman Pro 3.5 and it detected a possible TDL/Alureon thingie as well as another handful of cookies and malware. Rebooted. Still receiving redirects.

Please help.

My operating system is XP.

The enlarging of the google screen was due to it being mysteriously zoomed to 125% ><

Answer:Problems after removal of false MSE Alert

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

1 more replies
Relevance 68.88%

I want to know how get rid of this i tried several anti-virus, such as kaspersky,norton and panda but i would not allow it to install please help
 

Answer:Trojan Downlaoder With Web Alert Removal

6 more replies
Relevance 68.88%

Hello,
I am trying to get rid of the MyPoints Point Alert program because it is not working properly. The add/remove program does not work to remove it. Can you please tell me which files to delete? thanks

Logfile of HijackThis v1.99.1
Scan saved at 2:25:13 PM, on 6/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\System32\??curity\csrss.exe
C:\Program Files\rpct\htbr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.ex... Read more

Answer:MyPoints Point Alert Removal

Uninstall WeatherBug from Add/Remove Programs.

Then download and run:

Ad-Aware SE: http://www.majorgeeks.com/download506.html

Install the program and launch it.
First, in the bottom right-hand corner of the main window click on Check for updates now then click Connect and download the latest reference files.
Then, in the main window: Click Start and under Select a scan Mode tick Perform full system scan.
Then, deselect Search for negligible risk entries.
To start the scan, click the Next button.
When the scan is finished mark everything for removal and get rid of it. (Right-click the window and choose select all from the drop down menu and then click Next).

Run ActiveScan online virus scan:
http://www.pandasoftware.com/activescan/

When the scan is finished, anything that it cannot clean have it delete it.
Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
Save the results from the scan.

Restart your computer.

Post a new Hijack This log and the results of the ActiveScan.
 

2 more replies
Relevance 68.88%

I was infected by spyware protect 2009 and I cant get rid of this one thing in my registry.. malewarebytes says that it is a trojan fake alert..

HKEY_CLASSES_ROOT\CLSID\{BBD4551A-9B23-41cd-9BCD-818AA2DA7B63}
DDS (Ver_09-05-14.01) - NTFSx86
Run by HP_Administrator at 12:28:53.45 on Thu 06/04/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1290 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Netgear Update Assistant\LanUpdate.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonit... Read more

Answer:trojan fake alert removal

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, ... Read more

2 more replies
Relevance 68.06%

I unfortunately installed Adware Alert (*not" Ad-Aware by Lavasoft) as a spyware scanning program back in February. I have since learned that it appears to be a rogue anti-spyware program.

I tried uninstalling it, but when I do, it seems to corrupt my operating system's startup. After uninstalling Adware Alert, I am prompted to restart, but then my system gets caught in a loop, where it displays the first few startup screens repeatedly and will not re-boot.

I have been able to get back in by hitting F8 during the startup and manually selecting to start using the last known good configuration. I tried starting in Safe Mode, but this did not work. Once I'm back in, I can do a system restore to get it functioning again, but only if I restore it to when Adware Alert was still installed.

I use McAfee, and have uninstalled & re-installed this as well. McAfee is not recognizing Adware Alert as malware.

I feel like I've been hijacked! How do I get this garbage off my computer and still get it to operate correctly?

Answer:Adware Alert--need instructions for safe removal

Welcome to BC.. Use the restore to get on then Run this SAS scan. It will probably take more than an hour.Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option t... Read more

1 more replies
Relevance 68.06%

Hey guys, need some help getting this stupid security alert virus removed, its been on my computer for months and ive tried most things to try and eliminate it and no joy. Ive been using the right programs just not the right way lol. Can anyone help please?
 

Answer:Windows security alert virus removal help please?

16 more replies
Relevance 68.06%

My Norton scan yesterday alerted me that Spyware.Perfect had been found and removed. I understand this to be a keylogger software program which I did not install. Nobody has access to my computer. I have run all your malware programs and have logs. Also tried using the Computer Hope Hijack this process tool, but a little to complicated for me to understand. I have included the logs. Hope I did everything right.  Thanks in advance for your help.SUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 06/27/2010 at 01:46 PMApplication Version : 4.39.1002Core Rules Database Version : 5124Trace Rules Database Version: 2936Scan type       : Complete ScanTotal Scan Time : 02:15:06Memory items scanned      : 662Memory threats detected   : 0Registry items scanned    : 20576Registry threats detected : 0File items scanned        : 191519File threats detected     : 1Adware.Tracking Cookie   .doubleclick.net [ C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\dilwetd3.default\cookies.sqlite ]Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4052Windows 6.0.6002 Service Pack 2Internet Explorer 8.0.6001.189286/27/2010 2:24:38 PMmbam-log-2010-06-27 (14-24-38).txtScan type: Quick scanObjects scanned: 119265Time elapsed: 5 minute(s), 59 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infec... Read more

Answer:Norton 360 Spyware.Perfect removal alert.

Hello, and welcome to Computer Hope.Please note the following information about the malware forum:Only the Malware Specialist Team is allowed to give advice on removing malware from your computer.From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above. Please do not attach logs or post them in Quote/Code boxes unless requested.Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.If you have already asked for help somewhere, please post the link to the topic you were helped.We try our best to reply quickly, but for any reason we do not reply in two days, reply to this topic with the word BUMPLastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.Please visit this webpage for a tutorial on downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixSee the area: Using ComboFix, and when done, post the log back here.

14 more replies
Relevance 68.06%

I get this message that tells me that active spyware has been detected on the bottom right taskbar. I can remove it temporarily with smit fraudfix but when I reboot it comes back...Please help! Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:20 PM, on 10/10/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\... Read more

Answer:I Have A Security Alert Asking Me To Purchase Adware Removal

Hi joeyp74,I don't recommend you run SmitfraudFix on your computer because it is not yet Vista compatible and may cause problems. However, I would like to see the logfile it created, please use Windows Explorer (Start->Computer) to browse to and open it, you should find it here:C:\rapport.txtPlease open this page in your browser:http://www.bleepingcomputer.com/submit-mal....php?channel=32Please fill in the link to topic field with a link to this topicCopy/paste this filename into the Browse to the file you want to submit field:C:\Windows\System32\mssecc.exeThen press Send File, this will upload the file for analysisDownload Deckard's System Scanner (DSS)Close all applications and windows.Double-click on dss.exe to run it, and follow the prompts.When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimizedMake sure Format->Word Wrap is uncheckedCopy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your replyOnce complete, please post the SmitfraudFix report and both DSS logs, you won't need to produce a new HijackThis log as DSS produces one for you.

3 more replies
Relevance 68.06%

I somehow got a windows security alert virus and I can't get rid of it. I used malwarebytes and it did not find anything. I can't get on internet from my laptop and every few seconds windows pop up telling me I have a virus and asking me to run scans and download things.

How do i get rid of this?

Answer:windows security alert virus removal

Try this: How do I remove the Microsoft FakeAV Alert

1 more replies
Relevance 68.06%

All of a sudden I got this MSE Alert and I tried to run the virus removal program, but it keeps returning to the alert screen, nothing seems to have happened? Also, lately when I have tried to run adwcleaner the samething happens - nothing. ?

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) M processor 1.60GHz, x86 Family 6 Model 13 Stepping 8
Processor Count: 1
RAM: 502 Mb
Graphics Card: Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family, 128 Mb
Hard Drives: C: Total - 71186 MB, Free - 49830 MB;
Motherboard:
Antivirus: Microsoft Security Essentials, Updated: Yes, On-Demand Scanner: Enabled
 

Answer:Received MSE alert - Tried to run virus removal program but nothing happens.

16 more replies
Relevance 68.06%

From http://www.pcmag.com/article2/0,1759,1608196,00.asp by Jay Munro, June 8, 2004:

Top Threat: W32/Korgo.F

Executive Summary
Name: W32/Korgo.F
Affects: Windows XP, Windows 2000

What it does: Korgo infects using the LSASS vulnerability, and installs a back door to allow remote access to a victim's machine. The worm can degrade PC and network performance. According to one report, Korgo installs some executable code into Explorer.Exe, which allows the virus to run undetected. The worm generates random IP addresses and attempts to propagate by finding vulnerable machines at those addresses.

How to prevent it: Apply the Microsoft Update MS04-011. A firewall can be configured to block incoming traffic from TCP ports 445, 113 and 6667.

Infection removal: All antivirus vendors we checked had protection for the the Korgo.F worm with their latest updates. Symantec has a removal tool, and you could also use these free online scanners. Trend Micro's free online scanner, Housecall, McAfee's Stinger tool, or Panda Software's ActiveScan. The MS04-011 patch must be installed as well.

Fact file

Name: W32/Korgo.F [Symantec], Worm_Korgo.F [Trendmicro], W32/Korgo.worm.g [McAfee], Win32.Padobot.e [Kasperski]
Type of virus: Windows 32 executable
Main Executable file: Random Executable
Size: 10,752 compressed, 17,920 bytes (uncompressed)
Date Discovered: June 1, 2004
Systems affected: Windows 2000/XP
Systems not affected: Windows 9x/Me, NT, DOS, Windows 3.x, Linux, Mac,... Read more

Answer:Alert: KargoF (W32) Worm & Removal Info

bump...bumP...buMP...bUMP...BUMP!
 

1 more replies
Relevance 67.65%

How do I remove this pesky malware.
I tried and ran rkill
then ran ccleaner
then ran malware

first i did this in safe mode then did in normal mode.

OS xp por..I still can not remove this any suggestions
 

Answer:Microsoft Security Essentials Alert trojan removal

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.


After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using... Read more

3 more replies
Relevance 67.65%

Recently a coworker got some viruses on the work computer, and generally when stuff like this happens they ask me to fix it.I ran numerous anti-virus software such as AVG, Malwarebytes, Spybot S&D, rkill, PREVX, Trend Micro Housecall, and a few others I can't recall. This solved some of the problems but I know there are still others.Every once in a while a popup will come up saying "Resident Shield Alert" and will list 2 nonexistant files, which it says are linked to Malwarebytes, as viruses. I know this is a fake virus alert because the actual AVG program says nothing of the sort. In addition to this I've noticed that there are numerous instances of iexplore.exe running in the task manager even though only 1 IE window is open. This is also true of svchost.exe as there are usually 8+ instances of svchost.exe running.This has taken up far too much of my time (it's not even part of my job lol) and I've hit a dead end so I thought I'd try hijackthis and ask for help.If you need any further information or anything please ask.Thanks!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:42:13 PM, on 2/6/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\l... Read more

Answer:Resident Shield Alert Virus Removal Help Needed!

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

2 more replies
Relevance 67.65%
Answer:Malware Removal: Antimalware doctor/AVG Shield Alert, Please help!

Deleting

1 more replies
Relevance 67.65%

The malwarebytes antivirus did not remove the winweb pop up security alert. When I run the scan it does not detect any malicious items. The only malware quarantined was from the vendor Adware.Zango. The item is very long. I would cut and paste it here but can't seem to do that. It starts with HKEY_CURRENT_USER. This was the only one found in the registry of malware antivirus. There are many other items in the winweb security alert like trojans and others. should I write these down in the postings? The pop up Lsas.keylogger keeps coming up too.I did switch to firefox. Before winweb was on my screen I used Internet explorer. I'm not sure if the browser matters. I've used firefox eversince winweb has been popping up. Also, I could not run kapernsky's free scan for some reason. I did download the new runtime JAva but I still couldn't get a scan.I will cut and paste the reports from RSITLogfile of random's system information tool 1.04 (written by random/random)Run by sam pratt at 2008-12-03 10:43:54Microsoft Windows XP Home Edition Service Pack 3System drive C: has 258 MB (3%) free of 8 GBTotal RAM: 254 MB (27% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:44:46 AM, on 12/3/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS&... Read more

Answer:Malware removal request( winweb security alert)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable ... Read more

3 more replies
Relevance 66.83%

What is Palladium Pro Malware

Palladium Pro Malware is a fake system software that is considered as a Rogue. Rogues are malicious programs that hackers use to trick users by displaying false threats and problems that it claims to have detected. In reality, none of the issues are real and are only used to convince the user into buying their software and stealing their personal financial information
Am I infected?

This are some screenshots of this rogue.

Removal Instructions
(If you experience any problems completing these instructions, please start a new thread here)

1. Restart your computer. As soon as your computer turns on, tap F8 until you reach the Advance Boot Menu. Use the arrow keys and select Safe Mode with Networking .

2.Download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3
Save it to your Desktop.
Double click the RKill desktop icon.
It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
(This tools will kill the rogue's process temporarily. As a result, act quickly and move on to the next step.)

3. Download Malwarebytes' Anti-Malware to your desktop.

Double-click Malwarebytes Anti-Malware-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware

then click Finish.
If an update is found, it will download and install the latest ... Read more

More replies
Relevance 66.83%

Yep..all probs removed (courtesy of this great site!) reboot,...just a damn annoying securitypost (looks like a windows type red shield on the bottom RHS -informing me that Norton is turned off..but infact it's on!...i seem to think that it's a remainder left over from Falcon and Zolob!...Here's the logLogfile of HijackThis v1.99.1Scan saved at 9:45:26 p.m., on 21/03/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\cisvc.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXEC:\Program Files\Ahead\InCD\InCDsrv.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXEC:\Program Files\Analog Devices\SoundMAX\... Read more

Answer:"norton Disabled" And A Security Alert (even After Removal Of Zolob And Falcon Etc)

Ah ha!!...it's all sorted!
It was Windows Security not recognising Norton Anti Virus
Simply disable the Anti Virus Security "anti virus" part - Already have software!

7 more replies
Relevance 66.01%

Hey guys,

I am guessing that by now you have all seen or known someones about this VIRUS ALERT & XP / VISTA Antirvirus Problem!

I know how to remove them and so but I am finding my customers are coming back pretty much ever few weeks because they are getting it back on there.

1. Has anyone or does anyone know of a fix that stops these problems getting back into the machine?

2. Could someone give me a list of things that are making people fall for these pests getting on the computers.

I would be most happy if someone could help me out here its becoming a pain in the bum and some are so bad that they are needing reinstalls.


JubeiTigeruk
 

Answer:Virus alert / xp & vista fake antivirus 2008 & 2009 removal!!!

There are two reasons why it would be back:

Not removed 100%
The end user keeps doing the same bad things to reinfect themselves.
As far as number 1, I cannot answer whether the machines were totally clean since we did not clean them.

For number 2, no matter what you put on a PC, a user can still infect themselves by doing the same foolish things. Your best bet is the below and a proper education of the end user

How to Protect yourself from malware!

The websites they are visiting, what they are download and from where and how (P2P/Torrents...etc) are the frequent causes. They need to learn the difference between a popup from their own protection software and fake things that tell them they need to download software to clean an infection from their PCs.
 

3 more replies
Relevance 66.01%

Hello!Two days ago I was copying some analog video to digital via my old laptop (Dell Latitude D600) because it runs Windows XP.The driver for the hardware only works with Windows XP. But there was no security software on the laptop, only Norton Utilities.So I opened my USB drive to install something but it wouldn't start.I got the alert: "Microsoft Security Essentials Alert". I knew from that moment that I was infected.So I tried the follow the guide here on bleepingcomputer:http://www.bleepingcomputer.com/virus-remo...ssentials-alertBut that didn't work. I could't start executable files (taskmgr/regedit). So RKILL.com didn't work too. (When I tried, the alert was popping up)In safe mode it didn't work either. I got also the alert that there is a problem in services.exe and the the computer is closing down in 60 seconds.I tried to run Malware AntiBytes, but I couldn't update because when I tried to start it, I couldn't connect to the internet. I was looking in Internet Options but there was no Proxy server connection. Everything was OK.With norton utilities I could open a sort of processmanagement. I saw there was a kind op security program (antispy safeguard?) using a lot of CPU. I killed it, and I removed it out of Application data. Internet worked! I updated Malware Antibytes and I started scanning. He found some things:422888.exejytr.exemsftldr.dllsshnas21.dllAnd something like (Trojan.downloader Rogueagent..)Also I saw in pr... Read more

Answer:After virus removal (fake Microsoft Essential alert) computer don't boot up

What does it hang on?

6 more replies
Relevance 65.19%

Getting frustrated over here

It all started when I started seeing an ad for laughnetwork.com on the bottom of my screen about once a day. Additionally I started getting an update alert message approximately once per hour. Contents of the message titled update alert: New version is available would you like to download and install new version? Then it gives me the options yes and no, whatever I choose it just closes and pops up again within the hour. It doesn't let me close the message without choosing an option only through task manager – end task.

I also cannot log into yahoo mail beta. This is the error message I get: Yahoo mail beta cannot function properly under your browser's current settings. Please select internet options and from security set script activeX controls marked safe fro scripting to enable. Xmldom: failure -2146827859 automation server can't create object xmlhttp: success. I checked my settings it was already enabled.

I ran the following:
Lavasoft ad-adware se
Spybot
Counter spy
Winpatrol
Avg antispyware
Super antispyware

I developed a new problem: my home page changed to msn.com and I can't change it.

I blocked all cookies by internet options. Every few second I get a message asking for permission to save a cookie from ad.yieldmanager.com.

Also the shortcut to internet explorer disappeared from the start menu and my desktop.

It seems the longer I wait without resolving the issue more problems crop up….

I'm using window... Read more

Answer:Solved: spyware removal my home page changed -update alert keeps popping up

16 more replies
Relevance 65.19%

Apple has finally accepted that there is a malware problem affecting many of its customers and plans to stop it with an upcoming system update.

The problems began earlier this month with a black hat search engine optimization campaign launched by scareware distributors on Google Images.

Such campaigns are common and one can pretty much expect to find rogue links among the top search results for all hot topics at any given time.

However, this time it was different because the cyber crooks also targeted Mac OS X users via a piece of scareware called Mac Defender that was specifically designed for Apple's platform.

Scareware, or rogueware, are terms that refer to fake applications that trick victims into paying for licenses in order to fix fictitious problems on their computer, usually malware infections.

Ironically, for a user base that largely doesn't trust antivirus programs and believes that Macs are malware-free, a lot of people ended up installing Mac Defender.

By extrapolating from tech support call figures related to this issue, ZDNet recently estimated that between 60,000 and 125,000 Mac users were affected by this piece of scareware.

What's worse, Apple apparently prevented its tech support operators from telling users how to remove the malicious program on their own.

However, after the issue got significant press coverage Apple published a knowledge base article of its own, which includes manual removal instructions.

The company makes some mist... Read more

Answer:Apple Late to Anti-Malware Party, Issues Alert and Removal Instructions

Good to see that they are taking actions, since malwares are now quite more appearance in Mac.
 

1 more replies
Relevance 64.78%

Norton 360 alerts me that services.exe zeroaccess!inf4 is an unresolved security risk and that it must be manually removed. Norton is keeping it at bay and nothing is wrong with my computer as of yet. No scan that I have tried has worked and I am unsure of what to do. I would really appreciate ay help. Here is my DDS log.
Thank you.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Eddie at 15:26:16 on 2012-08-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.5628 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Window... Read more

Answer:Norton 360 alert: Infected File C:\windows\system32\services.exe manual removal required

Good evening. For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive. Plug the flashdrive into the infected PC and then enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:

Restart the computer. As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears. Click on Repair your computer menu item. Select US as the keyboard language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account and click Next.On the System Recovery Options menu you will get the following options: Startup Repair System Restore Windows Complete PC Restore Windows Memory Diagnostic Tool Command Prompt Select Command Prompt. In the Command Window type in notepad and hit <ENTER>. When a notepad window opens, under File menu select Open. Select "Computer" and find your flash drive letter and close the notepad. In the command window type e:\frst64.exe and hit <ENTER>.

Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run. When the tool opens click Yes to disclaimer. Press Scan button. A log, called FRST.txt, will be created on the flash drive - please copy and paste the contents in your reply.

13 more replies
Relevance 63.55%

Staff Advisory: This post needs to remain here until one of the malware team advise that it can be moved. This member cannot access our malware forums due to their infection. ~ Animal----------------------------------------------------------------------------------------------------------------------Hello, I got some help from some nice people in the live chat. I have made a log with your hijackprogram and am posting it at the bottom. It created two .txt files so there are two reports. I am unable to open ANY link that has the words anti-spyware anywhere on the page or in the address bar so unfortunately I cannot post this in the malware removal forum because the internet window closes every time. I am in dire need of some help! I have a subscription to spy sweeper and it is keeping things out but I was infected with Antivirus xp 2008 and possibly some viruses because the computer was un-protected for about a month while I was in the hospital..I run with Windows XP and a wireless connection. If someone could take the time to look at this for me I would be so incredibly thankful! I offer my services as a photographer/graphic artist/professional gift shopper/myspace designer/beginner web designer. You can see what I do at www.perfectionpictures.com and contact me if you need anything at all!Current Symptoms (in the order of appearance)Random Total system crash then restart then blue screen then back to windows. msvcp71.exe is missing so a program is being prevented ... Read more

Answer:Antivirus Xp 2008 Removal Help/am I Infected? Can't Open Malware Removal Forum

Hi & welcome,I would like to try a couple things before we go much further so I have a bit better picture of what is happening and can take the needed cautions.1.) click start> run> type msconfig and hit enter.click "boot.ini" tabCheckmark /bootlogClick "apply" and "close"Reboot when askedLocate and delete this file:C:\windows\ntbtlog.txt (in case your extensions don't show it looks like a notepad)RebootLocate & post:C:\windows\ntbtlog.txt2.) Click start> run> type: cmd.exe and hit enter.type the following commands exactly as you see em & hit enter after each one:cd c:\windows\system32dir userinit.exeNote the file size please & report that back to me. Leave cmd open a sec.Back at the cmd window...Type:cd dllcachedir userinit.exedir spoolsv.exeNote file sizes & report that back to me.Type exit in the CMD window & hit enter. (this closes it)3.) Can you see also if you can get this program installed please:http://download.bleepingcomputer.com/hijac.../HJTInstall.exeSave file> run it> follow prompts to install excepting defaults.Allow it to "launch" hijackthis.Click the "Do a System Scan and Save a Log File" optionSave the log file and then it should open with NotepadGo to Edit, Select All and then Edit, Paste to paste the contents of the log hereLet me know if you had any problems with the above please.I advise keeping the system offline as much as possib... Read more

3 more replies
Relevance 63.14%
Question: 7106 Bogus Alert!

As soon as the latest "blonder" looked over something immediately stood out! The first image here with the System Infor for Windows tools seems to lack quite a bit over what was just seen with the 7077! Have a look for yourself.



If you don't see why that looks "BOGUS"! take a second look at the screen just taken when looking for the expiration date.... oops! gave that one away! not seen as should in the second screen from the 7077 builds!



As suspected the simplified Chinese version of one of the latest builds being the 7068 or 7077 was simply "renumbered" during the translation! Additional examination will most likely reveal other faults to add here.

Like they say if it sounds too good to be true it most likely isn't!

Answer:7106 Bogus Alert!

You mean that the Chinese build is missing the expiration date?

9 more replies
Relevance 63.14%

Hi, After opening an infected email (suspected) I began getting Warning and Alert pop-ups and my browser gets automatically directed to unwanted sites. I believe my computer is infested either by some sort of worm, trojan, or some other virus.Here is my hijackTHis log (taken after running Ad-Aware and Spybot). Please review and tell me what to delete.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:31:47 AM, on 12/27/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: Safe modeRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h... Read more

Answer:Bogus Alert Pop-Ups - Infected PC

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

3 more replies
Relevance 63.14%

The latest: Removal Tool from Symantec:

http:[email protected]html
EDIT:
PLEASE NOTE: Since Symantec did a major change on how to handle this worm from their first instructions, (and my first post) I have totally modified this post, as of 0326 EDT Sept 20, 2003, to reflect those changes. This should avoid the problem that Alison had and was most likely the reason for Symantec's change.

You have been bitten by the latest worm, [email protected], and want to know what to do and how to get rid of it.

We here at TSG want to make that process easier for you.

The following is a short(er) version of what can be found at Symantec?s site.
http:[email protected]

Please go to the above link and read and understand about the Swen worm first, then return and follow the short version.

Removal Instructions

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec and Norton AntiVirus product lines.

1. Disable System Restore (Windows Me/XP).

How to disable or enable System Restore in Windows ME

How to disable or enable System Restore in Windows XP

2. Modify the association for Registration Entries ( .reg files).
3. Create a repair.reg file on Desktop, double-click on repair.reg file to fix association settings for other file types.
4. Update the virus definitions.

5. Do one of the following:
a. Windows 95/98/Me: Restart the computer in Safe mode.
b. Windows NT/2000/XP: End the Trojan process.
6. ... Read more

Answer:[email protected] Worm Removal instructions + New Removal Tool

16 more replies
Relevance 63.14%

Apologies, but i'm a bit of a novice. my computer did a scan when i started it and came up with some trojans. when i tried to delete them, a malware removal programme tried to install itself so i closed the download dialog box. unfortunately, i cannot remember the name of the software that was trying to install itself. please would you review my log below and help me clean my computer?

many thanks
---------------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by 0 at 19:57:35.67 on 02/01/2010
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.3000.1826 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows&... Read more

Answer:attempted removal of trojans try to install "malware removal software

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 63.14%

Hi Guys,
Recently I have gone through a serious virus which is not catchable by updated anti-virus symantec 14 october 2009.
When i put my pendrive, the system shows autorun.inf deleted. But the underlying virus,
autorunme.exe exists in location Drive:/RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe.

Even I delete this virus, this gets automatically generated by itself or recreates itself.
autorunme.exe is not the actual virus, but it is just a duplicate.

Then actual underlying virus which triggers autorunme.exe is SERVCE.EXE
Note SERVCE.EXE is not service.exe or services.exe. It is new named SERVCE.EXE

Manual removal autorunme.exe process:
After connecting your pendrives, when it shows the file RECYCLER in hidden state,Open your task manager and end the process SERVCE.EXE

Now delete the entries Drive:/RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe , Drive:/RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\desktop.ini and Drive:/autorun.inf.
They will not recreate now.

Then open C:/WINDOWS and find SERVCE.EXE and to be on safe side just make a local copy of file to some other place and delete SERVCE.EXE

Now even if you restart your computer, since SERVCE.EXE is not running at start up of system, the system is safe and manual removal of virus is complete.

SERVCE.EXE is the actual culprit. http://static.techguy.org/smilies/biggrin.gif
 

More replies
Relevance 63.14%

I am running Windows XP Pro Version 2002 with SP3 on a Dell Inspiron E1505. I have Norton 360running for internet and firewall protection. I was experiencing the BSOD frequently and finally Windows would not boot. A Norton scann gave me the following "Tidserve Activity 2 Threat requiring manual removal detected". I downloaded the TDSSKiller from Kaspersky and removed seemed to remove the threat. I was able to get Windows up and running, but since then have had the following issues:
1. Occasional popup window with the message "C:\Windows\System\MSVIDEO.DLL is not a valid windows image. Please check this against your installation diskette"
2. Internet access is not possible. The DHCP won't function due to dependencies, specifically AFD, which has a yellow exclamation point in the Device Manager. AFD won't start. So I'm currently working via a flash drive to transfer files from the laptop to a functioning desktop.
Is my system still infected?
Thanks very much-
Richmo
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Dell at 22:46:39 on 2012-01-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.371 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *Enabled*
FW: Norton 360 *Enabled*
.
============== Running Processes =============... Read more

Answer:No internet and AFD issues after apparent removal of Tidserve Activity 2 Removal

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing... Read more

84 more replies
Relevance 63.14%

I recently started my daughters laptop to find a Windows Security window pop up prior to desktop starting up. It mentioned there is a Worm, WIN32.NETSKY that has infected my system, and that I should perform a full scan to remove the worm. I have McAfee on my computers so I contacted them for help. They concurred with the Windows suggestion. I did a complete scan of the system. 14 infections were found. McAfee quarantined them all and I deleted them. I re booted. After the Windows XP boot screen I got a standard blank screen with the shut down immediately going into process. It would restart and go through the same process again. Shutting down and restarting. I have found out through this site what the WIN32.NETSKY worm/virus is, i can imagine how it got into the computer, So how do I fix this? I might also add the computer will NOT let me enter safe mode. So at this point I can do nothing but go through an eternal reboot! Also I can't figure out weather I removed the worm or not!



Thanks in advance, Tom

Answer:[SOLVED] Computer won't start up after removal of WIN32.NETSKY removal

This is what can happen with viruses. They shred your Windows OS files.

What happens when you keep pressing F8 at start up? Can you get to the advanced options menu to do a "repair install"?

Otherwise I think you will probably have to recover your personal data off the drive, completely reinstall Windows, but cleanse that personal data with anti-virus cleaners before you migrate it back to the new installation so the machine doesn't get infected all over again.

4 more replies
Relevance 62.32%

I had trouble trying to uninstall Trend Micro Security 2010. Upon reading a forum from this site, I tried AppRemover, which successfully took the software off, however, I am unable to connect to my wireless network because the driver connections seem to be messed up(?). I have tried uninstalling and reinstalling the drivers for my wireless LAN, but this does not seem to work. I have tried troubleshooting via Microsoft's website and have used the Microsoft FixIt program, however it has failed to fix the issues. This is what the program says:Fix it Center:Use hardware and access devices connected to your computer. 5 problems need attentionHide detailsProblems found StatusThere is a problem with the driver for Microsoft ISATAP Adapter #2. The driver needs to be reinstalled. Not fixedThere is a problem with the driver for Teredo Tunneling Pseudo-Interface. The driver needs to be reinstalled. Not fixedThere is a problem with the driver for Intel® WiFi Link 1000 BGN. The driver needs to be reinstalled. Not fixedThere is a problem with the driver ISATAP Adapter #3. The driver needs to be reinstalled. Not fixed DetectedI am running Windows 7 on my ASUS notebook. I have internet connection when I'm directly connected through the cable, but I cannot get wireless connection. My other computer connects to the wireless network fine. Please help. THanks a lot in advance.*moved topic to Am I Infected as requested by narenxp. - Queen-Evie*

Answer:Difficult Antivirus removal, even more trouble post removal

Hello,Before trying to fix windows you should try the Diagnostic Tool from Trend Micro it should remove all the leftovers and maybe at the same time fix the problem you have.Download the Trend Diagnostic Toolkit and save the file to the desktop, make sure you select the tool that matches your Operating System and the 32-bit or 64-bit version.Boot the PC and enter Safe Mode (press F8 durring Boot), run the tool, click on the Uninstall tab and follow the program instructions.

15 more replies
Relevance 62.32%

Hi all, my first post in here, so hello to everyone.

Could anybody be able to tell me how to completely remove Windows malicious software removal tool as it keeps coming up every time I turn on the laptop.
I have tried all usual channels like add/remove etc but can't see it anywhere. Could someone shed some light, many thanks

Answer:[SOLVED] Removal of 'Malicious software removal tool'

Have you let the MRT finish? The MRT is an On Demand anti virus scanneer with a very limited impact on the PC or
resources. there are NO reasons to remove it.

The utility is...
%windir%\system32\MRT.exe

Command line switches...

/? or /HELP = displays the command line switches
/Q = quiet
/N = detect only
/F = force extended scan
/F:Y = force extended scan and automatically clean infected files

If you really want to remove it browse to C:\Windows\System32 and delete MRT.exe

4 more replies
Relevance 62.32%

Hey there experts =)

My son clicked something a few days ago, giving us the Win 7 security virus. I followed the directions here, and removed it with malwarebytes.
Everything was running smoothly.

Today I get home and see that my browsers (all of them, firefox, chrome) are being redirected. When they are being redirected my McAfee detects a virus and removes it, yet it continues to happen. After much reading, here and on other computer boards ... there seems to be something leftover from that virus that isn't always detected? From what I've read, there's a possibility there's a virus in the MBR ?

I do not have a Windows 7 disc, as this came pre-installed, nor do I have a recovery disc. All advice points towards running combofix, although all that advice comes saying 'DO NOT RUN combofix unless instructed to do so by a professional'

Well? You guys are the professionals so here I am. You're my last resort to getting this fixed, sans taking it into a shop which I'm REALLY trying to avoid. ;)

I do work a full time job, so my responses may not be immediate, but I will check daily or multiple times daily when I can and follow your directions ... if you can and are willing to help!

Thanks in advance!

Beachy

Answer:Help with removal of hijacker after Win7 security virus removal

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The ... Read more

14 more replies
Relevance 62.32%

Hi,I have tried many ways to get rid of some Malware that has only recently infected my PV. I hope someone can help me as this is my work PC and I need to plug back into my office network in a few days, but think this would be a bad idea at the moment.The problem first showed itself by insisting I had many viruses etc, and I should install Internet Security 2010. I have installed Malware Bytes removal tool, and installed as instructed. It found the above, said it was removed, but still it appears to exist, although the name of the infection has changed a few times, and is currently redirecting my brower to a similar page to the above malware. A popup now shows that I should install Cyber Security to remove the infections. This is obviously another malicious antivirus/malware program.I have McAfee Enterprise installed (which I can't seem to disable)I have also run SuperAntiSpywarePlus, which did the trick removing a similar problem about a year ago on a different PC. However, although this program also finds problems, and supposedly removes t5hem, the problem is still there.Please help. I have shown Hijackthis log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:58:42 PM, on 29/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\... Read more

Answer:Cyber Security removal; Malware removal not working

Hi,I have tried everything I know of to remove this pesky piece of malware. It seems to keep changing names, starting out as Internet Security 2010, and redirecting me on a google search to a webpage trying to convince I was riddled with viruii and malware, and then trying to sell me thier software, which is really just a scam. I ended up here after a few days of tearing my hair out, almost beaten. I went through the tutorials, but unfortunately that was before I fired off a post in desperation. Please delete my previous post, as I have now followed the suggested path, and run the utilities to help diagnose my problems. The resulting files are attached.Please help. I hope the files uploaded can provide an insight into whats happening.Apologies for jumping right in and posting a Hijackthis log before I had read the tutorials.ntents belowDDS.txt contents pasted belowDDS (Ver_09-12-01.01) - NTFSx86 Run by Greg.Middleton at 15:30:23.26 on Tue 29/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.3063.2330 [GMT 9.5:30]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\windows\Syst... Read more

3 more replies
Relevance 62.32%

Hi All,

running XP sp3 on Dell dimension 9100 on my home network with 3 other machines all with AVG. All uptodate.

The following problem only seems to affect this one machine (the most used one):

When I click on my "My Documents" destop shortcut I am randomly blocked from proceeding with a Security Alert stating:"Your current security settings do not allow this action".

I can work around by accessing the folder through My Computer and after I reboot the Security Alert disappears and doesn't show up for weeks, then, randomly it appears again.

The only non-standard thing about my system is that I have moved My Documents to a dedicated partition and configured the shortcut to point there... which it usually does with no problem.

Coincidentally (or perhaps not so coincidental? I don't know) I am recieving constant cookies from atdmt which I delete every time I get the AVG warning. But they come back usually the next day or even later the same day. (I use Firefox)

Otherwise the beast seems to be working quite well.

Any suggestions?
thanks in advance. Dins
 

Answer:Faulty or bogus security alert

The first thing I would recommend is heading over to the Malware Forum and completing all the steps in the Read and Run Me First thread (including posting your logs) to ensure the machine is clean.
 

1 more replies
Relevance 62.32%

This is to let those of you who are uninformed of bogus emails supposedly from Hotmail that yet two more bogus Hotmail alerts are swimmimg around. Mine was from of course a nonexistent addy of [email protected]. The email looks official and asks you to click an addy for more info on a security issue in Hotmail. While we seasoned pc users wouldn't click, some unsuspecting newbie might. So be aware newbies. Take care and have a great day. angelize56
 

Answer:Bogus Hotmail Members Alert

also [email protected]
 

2 more replies
Relevance 62.32%

Recently a yellow traingular icon has appeared in my taskbar with the "Your computer may be infected" or "your computer is working slowly" messege etc.. when clicked it redirects me to about:security and its obvious its some bogus malware or something... I ran smitfraudFIX two times in safe mode and no results.. Ive ran ad-aware, spybot, and avg anti-virus in safe mode again with no results.. spybot detects "smitfraud" when it scans but when suposedly "fixed" it still reappears. Below is my DDR/HIJACK this log... any ideas would be much appreciated...Deckard's System Scanner v20071014.68Run by Grayson on 2008-05-19 21:59:47Computer is in Normal Mode.---------------------------------------------------------------------------------- Last 1 Restore Point(s) --1: 2008-05-20 00:11:15 UTC - RP242 - Last known good configurationBacked up registry hives.Performed disk cleanup.Total Physical Memory: 1015 MiB (1024 MiB recommended).-- HijackThis (run as Grayson.exe) ---------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:00:44 PM, on 5/19/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16643)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\xwusuhzh.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Progr... Read more

Answer:Bogus Alert's In Taskbar... Smitfraud?

taxedThat is a very nasty infection you have there, and it has infected some critical areas of your PC.I am not telling you this to scare you, but to fore-warn you that there is a possiblity that you may have to reload the operating system. I will make every effort to clean the PC to avoid this, but there is no guarantee.So before we begin I am going to suggest that you back up any important files and documents to a USB storage device or to disk before we begin.When you are ready to begin let me know.

8 more replies
Relevance 61.91%

Hello:

I have the blue desktop screen saying that my computer is infected with spyware, and to scan immediately. I am also getting popups from the desktop icon saying the same thing. Windows Security Center is popping up something that mentions something about a trojan virus, however I suspect this to be part of the same deal. Any suggestions? I have never delt with this kind of problem before. Thanks!
-chefschipull
 

Answer:Bogus Spyware Alert Message on Desktop

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:36:33 PM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\spools.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\sbwltbxa.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\System32\svchost.ex... Read more

3 more replies
Relevance 61.91%

I'm getting bogus Security Alert! popup balloons in the notification area of my task bar saying "System has detected a number of active spyware applications that may impact the performance of your computer. Click the icon to get rid of the unwanted spyware by downloading an up-to-date antispyware solution". This started after I had unwittingly contracted the VirusProtectPro malware bug. I have since removed the product but continue getting the popup alerts. How do I get rid of it? I downloaded the latest HijackThis and ran it. Below is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:21, on 7/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
... Read more

Answer:Bogus Security Alert popup balloons

11 more replies
Relevance 61.91%

Can someone please check out my Hijackthis log? Thanks so much.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:37:10 PM, on 8/16/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXEC:\Program Files\McAfee\Common Framework\UdaterUI.exeC:\WINDOWS\system32\lphc3ofj0e91e.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\drivers\svchost.exeC:\Program Files\McAfee\Common Framework\McTray.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC: ... Read more

Answer:Infected With Bogus Security Alert Malware

Hello. I'm Extremeboy and I will be helping you with your log.I will need some time to look over your computer's log. You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here. Please take note of a few guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Thanks With Regards,Extremeboy

7 more replies
Relevance 61.5%

Hello!
In reading more of these threads I can see Im not the only one with the iexplore issue.
Glad to know it can be corrected!!!!

I have multiple pop-ups and my computer is as slow as dirt.
When I get home at 3:30 Calif time I will do the HJTInstall.exe thing and post the results.
Would the results of one that was done two days ago help? Yes I was having the issue then and another company did one and told me to email it to someone, which I did but I havent heard anything back and my computer is close to useless at this point.
Can MFDnNC or anyone else help?
Thanks!!!!
Ginny
 

Answer:malware removal/popup/iexplore removal

16 more replies
Relevance 61.5%

Since the ComboFix will not run on Vista or Windows 7 64-bit, I have to look for new malware/virus removal apps... It was good while it lasted. So what tools do people use for Vista these days when the computer says: "WARNING! YOURS COMPUTER IS AN INFECTED BY HARMFUL VIRUS!!!!"

Answer:64-Bit Virus Removal & Malware Removal Tools?

64-bit Anti-Virus:List of 64-bit Anti-Virus For VistaAnti-virus protection in 64-bit environmentsFree Anti-virus:avast! Free Antivirus Avira AntiVir Personal - Free AntivirusAVG Anti-Virus Free Edition 8.5Microsoft Security EssentialsPanda Cloud AntivirusKingsoft Free Antivirus (Cloud Scan)Paid for Anti-virus:NOD32 Anti-Virus PersonalMcAfee AntiVirus PlusTrend Micro AntiVirus plus AntiSpywareNorman Antivirus & AntispywareCA Anti-Virus Plus Anti-Spyware64-bit Anti-Malware tools:Malwarebytes Anti-MalwareSUPERAntiSpywareKaspersky Virus Removal Tool - How to install and use documentationSpyware TerminatorWindows Defender (64-bit)PrevxSpybot S&DAd-AwareNorman Malware CleanerSunbelt Counterspy (free Trial)Comodo BOClean Anti-MalwareSophos Anti-rootkitSanityCheck Advanced Rootkit and Malware DetectorESET Online Antiivirus ScannerESET SysInspectorAnVir Task Manager FreeWinPatrolStart with these:How to use Malwarebytes' Anti-Malware to scan and remove malware from your computerHow to use SUPERAntiSpyware to scan and remove malware from your computer

3 more replies
Relevance 61.5%

I posted the software forum yesterday and was instructed to complete the malware removal steps and repost here. I have a new computer running Windows 8.1. When I say new, I mean I started having problems within a couple of hours after turning it on!

I have McAfee antivirus protection and downloaded and installed my MSOffice 2013 Home and Student. All seemed to be fine. The MSOffice was up and running and McAfee said I was protected. Suddenly and I don't remember what I was doing...it said Microsoft something (sounded like an antivirus or firewall something) had detected several problems and I needed to "clean my computer". Oh so ignorant of all that was going on with learning Windows 8.1 after using XP for years I told it to clean. Somewhere in there it suggested I do a system restore. All seemed OK until I realized MSOffice was no longer there. I tried to download it again and reload, but with no luck. It occurred to me it had something to do with the system restore so I tried to undo the restore. That of course didn't help. I'm also now getting messages from McAfee that I am covered and safe but that my firewall is turned off and needs to be turned on. However I can get McAfee to do nothing. I can open a screen, but nothing I do makes it do anything. I tried downloading their "Virtual Technician" before I started the process you recommended and it acted like it was downloading, but 20 minutes later it was still "spin... Read more

Answer:malware removal help - removal instructions attempted

Can you try running the tools that were not working before including Hitman, in safe mode please. Let me know how you get on.
 

16 more replies
Relevance 61.5%

Hello:
I 'm not playing word games here. A month or two ago, I downloaded and ran the "Kaspersky virus removal tool". It found problems the other programs were missing. I followed directions and let it remove the problems. My big mistake was in keeping the program on the desktop to try again sometime. At some point WinUtilities, or Ashampoo Winoptimizer removed the Uninstall made by Kaspersky for this tool. The virus removal tool is not listed as a program, on Revo, Advanced Removal tool, or windows. It won't click to delete, but I feel it's a program, so maybe it shouldn't. It contains 321 MB,& 4890 files. Looking in permissions(security) of this "program", I seem to be lacking "Special Permission" . I'm afraid to tinker with permissions.
I would appreciate sincere , simple, step by step, help. I tried reinstalling a new Kas.virus removal tool, and then uninstalling it. Got rid of the new one , didn't touch the problem.
Thanks.

Answer:Virus Removal Tool Program removal

Try this tool at your discretion*. The utility should pick up on any remaining traces of the program and display it on its list for removal.* The Windows Installer CleanUp Utility is provided "as is" to help resolve installation problems for programs that use Microsoft Windows Installer. If you use this utility, you may have to reinstall other programs. Caution is advised.

4 more replies
Relevance 61.5%

I am working on my Dad's computer in his office and I have a few questions BEFORE I run CCleaner. I am in the process of following the "Read and run this before posting" but I want to make sure of a few things first. When I run CCleaner am I to let it clean all the cookies as well? I know that there are a few sites that my Dad goes to on a regular basis and I am afraid that it will wipe out cookies that he needs. Could someone please advise?
 

Answer:Smitfraud-C Removal and removal steps questions

While cookies are not really problems to be concerned with, it is better to let CCleaner remove them so that the other scans don't take as long to run. In addition it can tremendously reduce the size of logs that have to be read. So yes clean cookies but you can first just tell Ccleaner which cookies to keep. It is part of the features which you should learn to use and configure.

Be careful with Spybot and SmitFraud-C. Lately I have been seeing it remove rundll32.exe which you do not want to do. Also if you truly have SmitFraud, you should run one of the special removal procedures (mentioned in the READ ME). Like one (only one) of the below:

SpywareStrike, Smitfraud, SpySheriff, SpyAxe & PSGuard Removal

SpywareQuake & SpyFalcon Removal Procedure
 

5 more replies
Relevance 61.5%

What is MS Removal Tool?

MS Removal Tool is a fake system security software that is considered as a Rogue. Rogues are malicious programs that hackers use to trick users by displaying false threats and problems that it claims to have detected. In reality, none of the issues are real and are only used to convince the user into buying their software and stealing their personal financial information
Am I infected?

This is a screenshots of this rogue.

Removal Instructions
(If you experience any problems completing these instructions, please start a new thread here)

1. Restart your computer. As soon as your computer turns on, tap F8 until you reach the Advance Boot Menu. Use the arrow keys and select Safe Mode with Networking .

2. Download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3
Save it to your Desktop.
Double click the RKill desktop icon.
It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
(This tools will kill the rogue's process temporarily. As a result, act quickly and move on to the next step.)

3. Download Malwarebytes' Anti-Malware to your desktop.

Rename the file to firefox.exe BEFORE downloading
Double-click firefox.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware

then click Finish.
If an update is found, it will download an... Read more

More replies
Relevance 61.5%

I read and followed precisely "Vista and Win 7 Malware Removal/Cleaning Procedure"

My issue: I was informed my my isp the following: "Mail Log Parsed from Feb 15, 2013 19:47:04 to Feb 16, 2013 19:47:04 User sent approximately 141,801 messages to 136,591 unique recipients. There were 2598 bounces received in this period, 1 percent of the emails sent. "

I have AVG, running constantly. ISP changed my password to stop the mail. I ran AVG in safe mode. Still not sure trojan erradicated. ISP referred me to your site.

I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.

Please advise if you believe my system is clean, or what further I should do. Since I haven't seemed to find anything, it's hard for me to be comfortable that it's clean.

Thank you emmensely!!

Mike Sieber
 

Answer:Help with malware removal--have performed removal instructions

Welcome to Major Geeks!




mike sieber said:





I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.Click to expand...

Not problems. It is just junk from AVG. All of your logs are clean. Many times when something like this happens, it is not an infection. It is due to a spammer/spammers getting your email login and password and they use it from other PCs to send out their spam. There are cases of infections that can cause spamming ( like some master boot record or partition infections ) but you show no signs of these.


If you are not having any other malware problems, it is time to do our final steps:
We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to ... Read more

3 more replies
Relevance 61.5%

I have info stealer detected on my computer by norton. I am unable to locate based on the location listed by norton. I would like to remove it. In addition I keep getting pop-ups from Norton asking if i want to allow a program the files all start with q. For instance these to names are examples: qmhendli.exe and qmlopne.exe, the names keep changing as I continue to block them. Here is my Hijack this Log file:

Logfile of HijackThis v1.99.1
Scan saved at 12:41:54 PM, on 6/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SU... Read more

Answer:Info Stealer removal and removal of exe generator

Download the Trial version of Superantispyware Pro (SAS):
http://www.superantispyware.com/superantispyware.html?rid=3132
Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the ... Read more

1 more replies
Relevance 61.09%

A screen popped up that says:

"Update: Microsoft Internet Explorer"
Security Alert: Spy Software may be installed in your Company
Current Spyware Threats
Location
C:\Windows\Systems\32Spybotter
C:\Windows\Systems\Documents/Trojan.Mitglieder.1
C:\Windows\Systems\My Documents and Settings\AllUers\Blaster.T.Worm
C:\Windows\Systems\My Documents and Settings\Desktop\SoftwareKiller.dll
C:\Windows\Systems\My Documents and Settings\SharedDocuments\W32.Netsky
C:\DocumentsandSettings\Backdoor.Medias
C:\DocumentsandSettings\Desktop\Worm.ExploreZip
C:\DocumentsandSettings\Desktop\Desktop\Sextracked
Unable to Remove Items
>System Status: Urgent Attention
Click the OK button to Remove Items

I ran my "find" for W32.Netsky just to check on one of the items, and my computer does not find it. That's what made me suspicious that this is bogus.

Please tell me if this is real or not and if I should click the OK button.

Thanks much!
Sue
 

Answer:Is this a real or bogus security alert from MS Internet Explorer?

10 more replies
Relevance 61.09%

Hi there,This looks like a great help site. I hope you can help.I used to consider myself fairly computer literate, however, I'm beginning to wonder. An associate of mine has evidently acquired a rather nasty, and very tenacious virus that appears to be, from what I have read so far, a "redirect virus", and the symptoms appear to be the same as one of the posts I read that dubbed it "The Google Redirect Virus".I have run Avast! AV, Spybot, AdAware, and Malwarebytes Anti-Malware, both from the normal windows environment, and from Safe Mode, and also have run those that provide the option as a boot scan ... I have also searched for everyone suspicious file (and found number of them) and deleted or quarantined them, but have not been able to find and/or eradicate this stinkin' virus.I have read the instructions provided on your site, and believe I correctly followed them:- Downloaded Defogger, DDS, and GMER;- run each of them in the order given, and saved the reports as indicated;- downloaded RKUnHooker, but HAVE NOT run it yet- registered on this site (obviously);- Posting this new topic- Pasting the DDS.txt file copy below;- Attaching the zipped ATTACH.txt file.The following is the cut-n-pasted text from the DDS.txt file:--------------------------------DDS (Ver_10-03-17.01) - NTFSx86 Run by Sherry at 14:31:03.39 on Sat 09/18/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.429 [GMT -7:00]... Read more

Answer:Need help removing Redirect Virus plus Bogus AV Alert Warning

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

19 more replies
Relevance 61.09%

I seem to have a common problem that I think I have partly fixed but still have some problems. Here is my tale of woe.

I had the "Windows Security Alert: Warning! Potential Spyware Operation..." popup along with the restriction of my access to the Control Panel and to Windows Updates and it changed my default browser to IE and my homepage to Google. I booted in Safe Mode and ran Spybot and AVG Antispyware and deleted whatever they found, then ran AVG Antispyware 7.5 which found a Trojan that I quarantined. I booted normally, still got the popup, still had no access to Windows Update, but gained access to Control Panel although most features were restricted. As well, during bootup I got a message in a box with a title bar of "16 Bit MS-DOS Subsystem" and the box text was
"C:\WINDOWS\System32\command.com
C:\WINDOWS\SYSTEM32\AUTOEXEC.NT. The system file is not suitable for running MS-DOS and Microsoft Windows applications. Chose close to terminate the application."
I chose close and bootup continued.

I then went to Run: gpedit.msc and was able to restore access to my Control Panel contents and to Windows Update, installed the most recent Windows updates, rebooted, and now the popup is gone. However, now every time I bootup I get a box with the title bar "C\WINDOWS\system32\printer.exe" and box text "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." Other... Read more

Answer:Solved: Bogus Windows Security Alert Popup

16 more replies
Relevance 61.09%

I removed the 'file_recovery' virus and got everything else back to normal using:

http://malwaretips.com/blogs/file-recovery-virus/

which included using unhide.exe, but now I think my system files are all showing, even though I have checked 'hide system files' and 'do not show hidden files'.

If I go to a place where I think there are supposed to be system files that are supposed to be hidden (like windows/system32) and show the 'attributes' column, they say 'A' (archive) is the only attribute.

Shouldn't they say 'S' (system) and 'H' (hidden)? If so, is there a way to put the 'system' and 'hidden' attributes back on the appropriate files (without doing it manually one by one because that would take forever and I wouldn't know which ones to do)?

I am running Windows Vista.

Thanks! unhide.exe really saved me!

Answer:After 'file_recovery' virus removal, system files lost 'system file' attribute

That's not possible.May be you could ask for Grinler opinion herehttp://www.bleepingcomputer.com/forums/topic405109.htmlgood luck

1 more replies
Relevance 61.09%

StartupList report, 6/18/2010, 12:17:38 PMStartupList version: 1.52.2Started from : C:\Program Files\hijackthis\Trend Micro\HiJackThis\HiJackThis.EXEDetected: Windows XP SP2 (WinNT 5.01.2600)Detected: Internet Explorer v8.00 (8.00.6001.18702)* Using default options==================================================Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\spnsrvnt.exeC:\Program Files\Reliance Netconnect - Broadband+\bin\MonServiceUDisk.exeC:\Program Files\Netbooster Client\Client\ventc.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\DAP\DAP.EXEC:\Program Files\Skype\Phone\Skype.exeC:\Program Files&#... Read more

Answer:System security AV pop up/removal of malware anf trojans from the logs/system slowed down

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.I would like to get a better look at your system, please do the following so I can get some more detailed logs.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appe... Read more

3 more replies
Relevance 60.68%

I got a virus that changed registry switches, windows graphics, and disabled many functions- most of this has been fixed (I think), using AVG Anti-Virus and various other tools-

But now- there is still a "VIRUS ALERT!" message embedded in the toolbar clock at the bottom right, basically the clock is followed by a colon and the message- if I hide the clock, the message goes away with it- I ran Hijack this if that helps:

Please Help!?!?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56: VIRUS ALERT!, on 5/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\syst... Read more

Answer:Removal of "VIRUS ALERT!" message embedded in toolbar clock???

Virus Alert in windows clock

I made a post (below) about this earlier- but I just realized that the Virus Alert is also embedded in the Date and Time Properties, in the Internet Time tab- next to the time as described below:::

Is there anyway to reinstall the clock and nothing else? I think it's harmless now- but very annoying-



(previous post)

I got a virus that changed registry switches, windows graphics, and disabled many functions- most of this has been fixed (I think), using AVG Anti-Virus and various other tools-

But now- there is still a "VIRUS ALERT!" message embedded in the toolbar clock at the bottom right, basically the clock is followed by a colon and the message- if I hide the clock, the message goes away with it- I ran Hijack this if that helps:

Please Help!?!?
------------------------------

2 more replies
Relevance 60.68%

What is "Windows Security Alert"?

"Windows Security Alert" is a fake system security software that is considered as a Rogue. Rogues are malicious programs that hackers use to trick users by displaying false threats and problems that it claims to have detected. In reality, none of the issues are real and are only used to convince the user into buying their software and stealing their personal financial information
Am I infected?

This are some screenshots of this rogue.

[attachment=149]

[attachment=150]

Removal Instructions
(If you experience any problems completing these instructions, please start a new thread here)
1. Restart your computer. As soon as your computer turns on, tap F8 until you reach the Advanced Boot Options. Use the arrow keys and select Safe Mode with Networking .
2. Download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3
Save it to your Desktop.
Double click the RKill desktop icon.
It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
(This tools will kill the rogue's process temporarily. As a result, act quickly and move on to the next step.)

3. Download Malwarebytes' Anti-Malware to your desktop.

Rename the file to firefox.exe BEFORE downloading
Double-click firefox.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes&#... Read more

More replies
Relevance 60.68%

What is "Your codec version is too old" (Fake alert) ?

"Your codec version is too old" is a fake system security software that is considered as a Rogue. Rogues are malicious programs that hackers use to trick users by displaying false threats and problems that it claims to have detected. In reality, none of the issues are real and are only used to convince the user into buying their software and stealing their personal financial information
Am I infected?

This are some screenshots of this rogue :

[attachment=671]

[attachment=672]

Removal Instructions
(If you experience any problems completing these instructions, please start a new thread here)
1. Restart your computer. As soon as your computer turns on, tap F8 until you reach the Advanced Boot Options. Use the arrow keys and select Safe Mode with Networking .
2. Download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3
Save it to your Desktop.
Double click the RKill desktop icon.
It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
(This tools will kill the rogue's process temporarily. As a result, act quickly and move on to the next step.)

3. Download Malwarebytes' Anti-Malware to your desktop.

Rename the file to firefox.exe BEFORE downloading
Double-click firefox.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malw... Read more

More replies
Relevance 60.68%

OK, i'm thinking i might have to do some reimaging of my system, again. It's all starting to feel very suspicious. I want to check some things first though. This is regarding windows 8 64 bit on toshiba hardware, the system imaging tool used is "windows 7 file history" in control panel.
1.Security. Will a system image utterly eradicate ANY malware that is lurking on the current system? Log off the infected system, plug in the image USB stick and use advanced recovery options to restore the image, but can malware get into the USB containing the image and infect it?
2.Reliablility, system images have worked before as a method of restoration for me, but system recovery via "system restore" or with "refresh/reset" or "recovery discs" have all failed. If system image based restoration has worked well in the past for me but all other types have failed then will system image always work fine (providing i have good system images backed up on USB sticks) in future, or could it randomly decide one day that system image was not going to work either?
3.Long term use. Is there a limit to how many times a system can be safely restored from an image, will something deep in windows or deep in the hardware decide "right you've reimaged enough times, this time i won't let reimage run"? Or will repeated reimagings cause a large amount of aging and degradtion of the harddrive or of othr hardware components? Also is system reimaging(with the windows built in "windows 7 file recovery" system imagi... Read more

Answer:System images, risks from system imaging and malware removal

!) If the image is malware free, it will produce a malware free OS. Imaging the HDD/SSD etc will include malware and all. It is a copy/clone of the source drive.
2) Never had a problem with re-imaging a drive as long as I did not modifymove it in any way.
3) One can reimage a drive until it ultimately fails physically: Unfettered and free from restrain(s)....
4) An image can be used to recover no matter current OS.

4 more replies
Relevance 60.68%

Hi,
Firstly thanks in advance for any help.
My HP NC2400 running XP became infected with "system tool".
I found the removal guide and followed it until section 19, which stated I should allow a reboot if this was requested.
I allowed the reboot but unfortunately since then my bootup stops at "multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\DRIVERS\AVGIDSEH.sys, then goes briefly to a blue and white screen "beginning dump of physical memory, then keeps looping. I have tried "safe mode" "last good config" etc with the same result.
Any help fixing this would be much appreciated.

Stupidly I have not backed up this computer recently.
Anybody know if "Ubunto" is any good at backing up files from a dead system please?

Thanks
Pete

Answer:After attempting system tool removal, system hangs at avgidseh.sys

Have you tried Last Good Configuation? Also Ubuntu does have it's own forums.

8 more replies
Relevance 60.27%

Hello.Saturday night I got a notice from my virus checker (Norton 2004) of a Trojan attack. I thought that it had been successfully blocked, but when I rebooted on Sunday I started getting the following popup about every 5 minutes (mispellings and all):Windows Security AlertWarning! Potential Spyware Operation!Your computer is making unauthorized copies of your system and Internet files. Run full scan now to pervent any unathorised access to your files! Click YES to download spyware remover...I also discovered that I am locked out of many administrative applications (e.g. task manager)I followed the instructions in the Preparations Guide before posting to this forum, but I am still getting the popup and I am still locked out of administrative applications. I have pasted my HijackThis log below.A few other notes which I hope are helpful:I ran Adware 2007 5 times; it reported over 310 infections the first time and indicated that it had repaired them. However, the 3rd, 4th, and 5th times I ran it, it showed 118 infections each time, even though it indicated that it had repaired them each time. Also after running Adware, I started getting an error message each time I shut down stating that that reg.exe had failed to initialize with the following error code: 0xc0000142. Now, intermittantly on restart, Windows stalls at a blue screen with the Windows logo and "Please wait..." It eventually it gets past this and loads.One of the virus checkers recommende... Read more

Answer:Bogus Windows Security Alert; Locked Out Of Admin Tools

Addendum: I also ran Spybot as outlined in the Preparation Guide. After running it a few times (and rebooting between each scan) I got the same 5 problems detected each time. As with some of the other scanners, Spybot indicated that the problems were fixed, but each would reappear with each subsequent scan.

Whee.

Thanks in advance for any suggestions.

Mike

26 more replies
Relevance 60.27%

Just removed System Security virus with Malwarebytes. No more System Security problems but Firefox and IE are running at a snails pace. Any suggestions would be helpful.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:37 PM, on 6/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program F... Read more

More replies
Relevance 59.45%

i got the system fix virus. i ran virus removal but the icons on my desktop are not there or in the toolbar. Also when I click on program files, I cannot view any of the folders, only when I click view hidden folders. So I dont know if the virus is there but can you see and then tell me what to delete? also, it takes a while for my computer to start. i dont know if its a virus but it always has taken a long time to start. thank you in advance!

Logfile of Trend Micro HijackThis v2.0.4
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common ... Read more

More replies
Relevance 59.45%
Question: QT System removal?

I'm trying to remove QTSystem from my computer to reinstall itunes update, and my system keeps telling me " i need permision to delete this program !
Can anyone suggest a removal tool or method to get rid of the obsolete program?
Thank you

More replies
Relevance 59.45%

I had the system fix virus take over my computer and after following the directions here, my computer is now working properly. Yea! I have continued to run updates for Malwabytes and also SuperAntiSpyware and nothing bad is located. However, in my progams listing in the start menu, I have listed a System Fix program that has two components to it. One is System Fix and the other is uninstall system fix. I sure don't want to click on either of these after the time I had with the removal last week of the virus. I am running with XP operating system.

Any thoughts about removal further?

Thanks

Answer:Removal of System Fix

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart th... Read more

29 more replies
Relevance 59.04%

Hello Major Geeks,

I am here once again, as I can not seem to get rid of Spyware FunWeb Products.
I have ran Spybot and Adaware Ten times to no avail.
Any help greatly appreciated.
Also my son visited a web site for video game cheats and we were inundated with pop-ups and I beleive a virus or two.

I found out that my Symantec Norton Anti-Virus has expired. What is the best Anti-Virus software to purchase.
I have ran a HighJack This log entered below. All help so appreciated.
Thank you,
River

Edit by chaslang: Old version, unrequested, inline log removed
 

Answer:Spyware Removal & Virus Removal - please help

Please read the announcement and sticky threads. HJT logs should only be posted when requested and then they must be attachments to your message. Your HijackThis version is way out of date too.


Please run the steps below.

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
After doing ALL of the above you still have a problem, boot into normal mode and make sure you follow these directions:
- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
 

4 more replies
Relevance 59.04%

HEY GEEKS NEED A LITTLE HELP. I HAVE A WINANTIVIRUS POP U THAT COMES UP EVERYTIME I AM ON THE NET, AFTER U X IT OUT 5 TO 6 OTHER POP-UP COME UP ABOUT A VIRUS. I AM RUNNING AVG EVERY MORNING, SYBOT SEARCH AND DESTROY, AD-WARE 6.0. HERE IS A HIJACK THIS LOG FILE TELL ME WHAT TO GET RID OF PLZ.

EDIT: Removed inline HJT log


THANKS

DOOKIE
 

Answer:winantivirus removal, malware removal

Hi and Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.


Run this first

Virtumonde aka Trojan Vundo Removal - some people also refer to this as WinFixer

Then run the below and atach the requested logs for the malware experts to look over.


Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.



When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

[*]runkeys.txt - the log from GetRunKey.bat
[*]newfiles.txt - the log from ShowNew.bat
CounterSpy - ONLY IF you were not a... Read more

1 more replies
Relevance 59.04%

My computer, running Windows2000 with all latest patches, is infected with some sort of CWS variant. I am running SpywareGuard, Norton Antivirus2004 (useless),ZoneAlarm. I have run Adaware, Spybot Search & Destroy, CWSShredder, and HijackThis. CWSShredder now seems to run much slower than it used to a few days ago on my system. It claims to have removed CWS.Searchx and CWS.jkSearch (i don't remember exact name, but it had jk in it), but adware/trojan/browser hijacking symptoms and componets seem to keep re-appearing -- even if not connected to the internet! I am also using a HOSTS file. I also switched to Firefox Mozzilla browser from IE and installed Sun Java VM (but can't seem to find directions for deleting MS Java -- do I just delete the msjava.dll from c:/WININT/system32 ?)

Am I still infected with something? If so, how do I get rid of it for good? Last two entries look suspicious to me, but I get and error if I try to let H/T fix them. Advice would be most appreciated. Thanks in advance.

H/T error message:
-------
An unexpected error has occurred at procedure: cmdFix_Click()
Error #75 - Path/File access error (30 items in results list)

Please email me at [email protected], reporting the following:
* What you were doing when the error occurred
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.00.2195
MSIE version: 6.0.2800.1106
HijackThis version: 1.98.0

This message has been copied to yo... Read more

Answer:Need Help with CWS variant removal/removal verification

I WISH I could help you - believe me. I got CWS_NS3 on one of my computers last week and tried EVERYTHING. Nothing worked that I tried. You might look for something on AboutBuster - one of the forums I was in indicated there was a fix there in conjunction with HJT. I don't really know - I just gave up and did a clean re-install of XP - but that is drastic. My System Restore was going thru the motions but wouldn't set restore to any point that was there. CWS kept adding "exe" files at bootup. It seems this is becoming more and more prevalent. Hope you find something that will work. I got disturbed when my System Restore quit working and gave up. Let me know if you find something to fix this - just in case I get it again. Good Luck.
 

2 more replies
Relevance 59.04%

I have just tried to install a program and encountered problems while doing so. I tried too remove it using the ADD & REMOVE opption in control panel but found that it was still there even though no trace could be seen on my hard drive.I have tried to re install the software but the program is saying that it is still there. Is this because the program is still on the ADD & REMOVE list and if so can I remove it from the list.Any Help would be greatfulCheers Graham

Answer:Removal of Program ID from ADD & REMOVAL list

Shouldn't make any difference. Something has fouled up. What program and what OS.

9 more replies
Relevance 59.04%

Greetings,

First of all, I apologize for the breech in protocol. I am unable to post a log because my computer is not allowing me to launch any programs except for Internet Explorer. I write this from my wife's computer because the malware has blocked your site. After it became clear that it was going to block any site that mentioned Malwarebytes, I used her computer to burn a renamed mbam.exe onto a CD and loaded it onto my computer in safe mode with networking. It blocked the program from installing.

I've also tried explaining to it that I'm not angry, just disappointed. That also failed to fix the problem. frowny face.

Do I have a Sony Vaio Paperweight, or is there a fix out there? Everything beyond Malwarebytes seems to have serious consequences if used incorrectly, and so I hope that somebody will be willing to help me.

Thanks,
DS

Ok, people, I have more info.
After convincing my computer to run Malware bytes and Registry Repair several times, I continue to have the following issues:
-My hard disk appears to have nothing in it. ("My Documents" also had this problem, but 'unhide' fixed that. Note that the space that is used on the disk has remained about the same as it did prior to the MS Removal Tool pop-ups first appearance.)
-The application that I usually use to connect to the internet has stopped working. I am currently connected through the default windows program.
-My Start Menu only has Malwarebytes, Glary's Registry Repai... Read more

Answer:Intermediate MS Removal Tool Removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

3 more replies
Relevance 59.04%

My laptop does not work properly. I think virus has attacked my laptop. How to remove virus from laptop ?

Answer:Virus Removal / Spyware Removal

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.    Scan with DDSDownload DDS and save it to your desktop from here or here orhere.Disable any script blocker, and then double click dds.scr to run the tool.When done, DDS will open two (2) logsDDS.txt: save to your desktop then post its contents in your topicAttach.txt: save t... Read more

3 more replies