Computer Support Forum

winantivirus pro popups in ubuntu linux!

Question: winantivirus pro popups in ubuntu linux!

I am running Ubuntu 7.04 and have recently been getting winantivirus pro 2007 popups every so often. It is really annoying because I know how to handle it in Windows but don't know what to do about it in Ubuntu.

Could someone please help!

Thanks.

More replies
Relevance 100%
Preferred Solution: winantivirus pro popups in ubuntu linux!

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Relevance 63.14%

I have a T42 coming my way. For my plans with this system, I can eliminate needing a spare hdd if I can simply run the linux VMWare w/ a Windows XP or Server 2003 image.

Right now, my plans were to be running XP Pro w/ VMWare XP/2003 image, and doing most of my work in the VMWare image(running FTP tasks, etc.) on the 40gb it comes with, and use a 20 for Ubuntu.
But, if I can run Ubuntu on the 40, and re-use the images I already have set up, I can save myself a lot of time and effort.
Does anyone know if a pre-existing image made on a Windows machine will transfer and operate properly if used in Linux's VMWare?
 

Answer:Want to move to Ubuntu Linux; do VMWare machines made in Windows work in Linux?

Yes. VM machines created in Windows will work fine in Linux vmware enivronment. And the vice versa is true as well.
 

2 more replies
Relevance 62.32%

Hello,I have just recently started having very frequent random IE popups. They are very random, with some examples being a televsion website and even yahoo once. Firefox has slowed down to a crawl and I get winantivirus 2006 popups in firefox. Firefox is my primary browser. Thank you very much for looking at my Hijackthis log.Logfile of HijackThis v1.99.1Scan saved at 10:02:02 PM, on 5/27/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Fil... Read more

Answer:Random Ie Popups And Winantivirus Firefox Popups

Welcome to the BleepingComputer HijackThis Logs and Analysis forum garrettherzig Please download Combofix and save to the desktop:http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exeNote: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause the program to freeze/hang. *********************************Now go to: C:\Documents and Settings\Garrett\Desktop\HijackThis\HijackThis.exeRight click on Hijackthis.exe and select 'Rename', rename it to abc.batDouble click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.

7 more replies
Relevance 61.09%

Out of the box, Ubuntu and Linux Mint look very different. From colors and icons to the placement of launchers themselves, each distro offers a completely unique experience when compared to one another.

But perhaps the biggest difference between the two distributions is each one's overall direction. Ubuntu is attempting to become a jack of all trades, offering Ubuntu experiences for the desktop, Ubuntu TV and smartphones. Linux Mint on the other hand, is quite content in keeping its original mission of providing a great desktop experience.

For example, Mint offers a typical desktop experience when it comes to browsing your menu, locating installed software and browsing files. Ubuntu however, has sweetened the experience a bit by allowing the Unity desktop to provide a dock for frequently used application, in addition to being able to locate and launch software using the Unity Dash. The idea, of course, is that the Ubuntu approach is easier to navigate. Personally, I tend to disagree, but others seem to enjoy Ubuntu's approach.Click to expand...

Source & rest of article.
 

Answer:Linux Desktops: Ubuntu vs. Linux Mint

Out of those that I've tried, I would go Linux Mint, but some features I like in Ubuntu though.
 

15 more replies
Relevance 60.27%

i keep getting crazygirls popups and winantivirus popups appearing randomly on my machine. winantivirus tries to make me install it by bringing up a message box. my hijack this log is as follows, would much appreciate if somebody could help.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:38:10, on 24/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\khooker.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\PROGRA~1\McAfee.com\PERSON~1\Mp... Read more

Answer:~Crazygirls popups and Winantivirus popups! HELP!

Hello and welcome to TSF.

Sorry for the delay. If you still need help and not receiving help elsewhere, please follow the instructions in IMPORTANT - Read This Before Posting A Log and post the two text files, main.txt and extra.txt produced by the Deckard's System Scanner (formerly Comboscan).

1 more replies
Relevance 58.22%

Hi,

WinAntiPopups have been happening for over a month now. I can't take it anymore. Please help.

Attached is the HijackThis logfile.

Thanks
 

Answer:Help! WinAntiVirus Popups

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
CounterSpy - ONLY IF you were not able to run Windows Defender
Bitdefender - from step 6
Panda Scan - from step 6
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat
HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs
&... Read more

6 more replies
Relevance 58.22%

I?ve recently spent a considerable amount of time attempting to rid my computer of irritating WinAntivirus and other popups, some of which are not appropriate for my young children. I run McAfee Antivirus and purchased McAfee Antispyware in a futile attempt to stop the popups. I then tried CWShredder, Ad-Aware, Spybot, and Windows Defender, all in normal and safe modes, to no avail. At this point McAfee was recognizing a Trojan virus at startup, but was not able to correct it. After further digging into various forums, which are really helpful (thanks to all who take the time to help out those with less of an aptitude for computers), I downloaded and tried VundoFix which found nothing. I then downloaded Trojan Hunter which identified and renamed an infected module (C:\Windows\system32\pmkhi.dll) and found and supposedly removed a Vundo virus. This seems to have solved my popup problem, however, now when I open two of the three accounts and my computer a window opens on login saying ?Error Loading C:\Windows\system32\pmkhi.dll ? The specified module could not be found.? If the virus was removed why then is something still looking for this module. Do I have a disabled virus which could eventually resurrect itself? I?ve included the log from HijackThis. Thanks in advance for any help!
 

Answer:WinAntivirus and other popups

Please look in Add/Remove Programs for the following and uninstall if found:

Logitech Desktop Messenger

WinAntivirus

Next we need to disable or close McAfee AntiSpyware and Windows Defender to that they will now block anything we attempt to fix.

Please run the below two online scanning tools and make sure you save and attach the logs later to any request for help that you post. You will need to use Internet Explorer to run these online scans.

*** MAKE SURE YOU RUN BITDEFENDER BEFORE PANDA ACTIVE SCAN ***

Bitdefender agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files. Once Bitdefender completes the scan:

Click-on the Detected Problems tab. Then select Click here to export the scan report

When the window comes up to save the report, change the Save as type: box to Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click save. This will save a file named bdscan.txt in whatever folder you are currently in when you save the file (take notice of where you are at so you can find it later). This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.

If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us.

Post the bdscan.txt file as an ATTACHMENT. S... Read more

11 more replies
Relevance 58.22%

On my friends PC, he keeps getting the winantivirus popups. I have run McAfee antivirus, Microsoft AntiSpyware, AdAware SE and CWShredder against this pc and it cleared up most everything except these popup.

Please review my HIJackThis log and provide me with any suggestions. I did use PCAnywhere to access this machine and have used WebEx on this PC in the past. THANKS Passman

Logfile of HijackThis v1.99.1
Scan saved at 2:02:28 PM, on 2/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system\drvweb.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\GSP\Software\GspTray.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\GSP\Software\GspComposer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe
C:\Program Files\Microsoft AntiSp... Read more

Answer:Winantivirus popups

Welcome to TSF.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

The Temp folders should be cleaned out p... Read more

4 more replies
Relevance 58.22%

Hey BC, I managed to get myself all tied up with this little nasty annoyance and I can't seem to be able to remove it with the usual software wondering if you guys might be able to lend a hand.Heres the Log:Logfile of HijackThis v1.99.1Scan saved at 2:56:33 PM, on 10/6/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\system32\DVDRAMSV.exeC:\P... Read more

Answer:Winantivirus + Other Popups

Hello there and welcome to Bleeping Computer's security forum.My name is David, I will be helping you with your log today.It is strange that there are no 02's or 020's in the log.A new infection is hiding these entries from a Hijackthis scan.This means certain infections cannot be seen and are therefore hidden to the helper. Go to this folder where Hijackthis is kept and rename the hijackthis application to "analyse".This can be done by right clicking on the program and clicking "rename". Press enter, then open "analyse.exe" by double clicking.Post a new Hijackthis log from the newly named application.

12 more replies
Relevance 58.22%

I use windows XP and today have started getting the winantivirus popups as well as have lost my control panel and administrative privileges. Including a copy of Hijack this log obtained. I would greatly appreciate any help. thanks

gfile of HijackThis v1.99.1
Scan saved at 7:02:38 PM, on 9/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NETSUP~1\client32.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\printer.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Adobe\Acrobat 7.0... Read more

Answer:Winantivirus Popups

11 more replies
Relevance 58.22%

I have tried many things. I have an anti-virus and anti-spyware program - neither of which have been able to get rid of it. I downloaded Adaware - the first scan showed 9 items, removed, them, rebooted, scanned, showed 9 items, removed them, rebooted, scanned, no items shown.I downloaded Spybot Search and Destroy - First scan showed 4 items, one being winantivirus. Removed all 4. A Winantivirus popus came up again. Subsequent scans from Spybot result in nothing.I also ran Trend Micro's antivirus and McAfee Stinger. Trend Micro found nothing. Everytime I reboot, Trend Micro's Anti-spyware pops up and tells me there is an IE brower plugin and I need to approve or deny it. It is Plugin File: C:\WINDOWS\system32\gebyw.dll. No matter how many times I delete it, when I reboot, Trend Micro pops up and tells me the same thing. I also get a Real-time notification from Trend Micro every once in awhile detecting HKTL PROCKILL.A. Spybot also just popped up while I was typing this warning me about a browser helper.Anyway, here is my HijackThis log that I just ran:Logfile of HijackThis v1.99.1Scan saved at 11:36:36 PM, on 7/3/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:�... Read more

Answer:Winantivirus Popups

Hi,Welcome to BleepingComputer. I will be more than happy to help you work on your problems.Please give me some time to review your log as this can be a lengthy process. As soon as a BleepingComputer Staff Expert reviews my fix, I will post it for you.In the mean time, if any problems occur. Please let me know.Please only use this topic to reply to. Do not start another thread.The fixes we will use are specific to your problems and should only be used for this issue on this machine.If you?re unsure of anything at all please stop and ask!

13 more replies
Relevance 58.22%

I think I am infected with two malware programs. One of them causes popups for WinAntiVirus to appear, usually soon after I have opened the internet. If I try to close the window, the program tries to download anyway, and if I cancel that, all my open windows close also. When I try to search for the program with Adaware, it crashes the whole computer, and I cannot detect it with Norton. The second program is just a general popup spyware, but I cannot remove it because the WinAntiVirus program crashes my Adaware. Finally, I visited a site called http://www.hijackthis.de, which has an automated analysis. It came up with several 'nasty' entries, but I think some may be genuine windows files and wanted a second opinion.Here is my HijackThis log, any help would really be appreciated:Logfile of HijackThis v1.99.1Scan saved at 5:19:42 PM, on 7/13/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGR... Read more

Answer:Winantivirus And Other Popups

Hello and welcome! You are currently using HijackThis from a temporary directory, this can cause problems.HijackThis creates backups, these are needed in case of any recovery issues.Please create a directory on your C:\ drive called C:\HJT, download and unzip HijackThis into that directory. Run the program from that directory from now on.STEPS For Creating Folder1. Please go to My Computer, open your C:\ drive, Select: New >> Folder and name the folder HJT.2. Download HijackThis to the new folder:3. Double Click on 'HijackThis.zip' to extract and install HijackThis.exe to the new folder.DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTERThen please do the following:Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Put a check next to Run VundoFix as a task.You will receive a message saying vundofix will close and re-open in a minute or less. Click OKWhen VundoFix re-opens, click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will shutdown your computer, click OK.Turn your computer back on.Please post the contents of C:\vundofix.txt and a new HiJackThis log.

6 more replies
Relevance 58.22%

I'm presently running the following anti-spyware, virus programs:Ad-AwareAVG FreeOutpost FirewallHJTHere's the latest HJT log - hope you can help, 'cause I don't know what I'm looking for:Logfile of HijackThis v1.99.1Scan saved at 11:15:51 AM, on 20/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeE:\AVG\avgamsvr.exeE:\AVG\avgupsvc.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\nvsvc32.exeE:\Agnitum\Outpost Firewall\outpost.exeC:\WINDOWS\system32\spss_lmd.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEE:\AVG\avgcc.exeE:\AVG\avgemc.exeC:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Analog Devices\SoundMAX\Smax4.exeE:\ASUSTeK\ASUSDVD\PDVDServ.exeC:\Program Files\Skype\Phone\Skype.exeE:\Adobe\Acrobat 6.0\Distillr\acrotray... Read more

Answer:Winantivirus Popups

Hi and welcome. My name is kairis and I will be helping you. You have some crap there! But don't worry; we'll get you cleaned up! Please follow my steps in the right order... We'll start with this: Step 1: Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a fresh HiJackThis log. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot. Step 2: Run a scan with HijackThis and tick the following entries, if present: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - (no file) O2 - BHO: (no name) - {9A21B249-D9E4-453B-AE33-1EEF05B956FF} - C:\WINDOWS\system32\gebcc.dll O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file) O20 - Winlogon Notify: gebcc ... Read more

2 more replies
Relevance 58.22%

I keep getting Win Antivirus pop-ups opening in tabs in my Firefox browser. I also get random Internet Explorer windows popping up on me for sites such as Orbits.com. I have run Spybot S&D numerous times. Sometimes it even reports Winantivirus as a problem and I have gone through the fix selected problems process and get a result of all entries fixed. Yet, I still get the Win Anti virus pop ups. I downloaded hijackthis and ran it here is my log file: Logfile of HijackThis v1.99.1 Scan saved at 11:18:21 PM, on 10/1/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\QWxseQ\command.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WgaTray.exe C:&#... Read more

Answer:I Can't Get Rid Of Winantivirus And Ie Popups

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download SmitfraudFix (by S!Ri) to your Desktop.Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.=======================Please download Ewido Anti-spyware and save that file to your desktop.This is a 30 day trial of the programOnce you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.Once the setup is complete you will need run ewido and update the definition files.On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.Once in the Settings screen click on "Recommended actions" and then select "Quarantine".Under "Reports"Select "Automatically generate report after every scan"Un-Select "Only if threats were found"Close ewido anti-spyware. Do not run a scan yet!========================Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press EnterThis program will scan large amounts of files on your computer for known patterns so please be patient while it works. When... Read more

14 more replies
Relevance 58.22%

Today I got a new popup telling me to download WinAntiVirus 2006. I canceled multiple times and wasn't even using the internet but it keeps appearing. Any help would be appreciated, thanks.

and also, I have been told a few times to get sp1 already and I think I got it, can anyone confirm this somehow?

Here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 3:47:41 AM, on 6/22/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\AirPlusG DWL-G122\AirPlus.exe
C:\Program Files\Aim\aim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/hp/search.html
O2 - BHO: (no name) - {10b2e556-744a-40e0-a38f-f501262475be} - C:\WINDOWS\system32\hpindit.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk =... Read more

Answer:WinAntiVirus popups

16 more replies
Relevance 58.22%

I am getting these popups almost every couple of minutes, along with more and more frequent notifications from my antivirus (Symantec) of detected Trojans. Please help me! I've tried all that I could but to no avail. Here is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:51:00 PM, on 10/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:... Read more

Answer:WinAntiVirus Pro Popups!

16 more replies
Relevance 58.22%

DECKARD'S SYSTEM SCANNER LOG

Deckard's System Scanner v20070426.43
Run by Justin Do Carmo on 2007-05-16 at 23:42:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
90: 2007-05-17 03:42:20 UTC - RP195 - Deckard's System Scanner Restore Point
89: 2007-05-16 21:00:47 UTC - RP194 - Software Distribution Service 2.0
88: 2007-05-16 03:22:54 UTC - RP193 - Restore Operation
87: 2007-05-16 03:13:37 UTC - RP192 - Restore Operation
86: 2007-05-16 03:05:42 UTC - RP191 - Removed J2SE Runtime Environment 5.0 Update 9


-- First Restore Point --
1: 2007-02-16 22:50:59 UTC - RP106 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Justin Do Carmo.exe) -------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:45:18 PM, on 5/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshie... Read more

Answer:winantivirus pro popups

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

This will take a few rounds to clean.

Is F drive location of Windows a backup? Or a dual boot?

---------------------------------------------------------------------------------------------

Download combofix.exe to your desktop. We'll use this shortly.

---------------------------------------------------------------------------------------------

Copy and paste the following text in the quote box into Notepad (don't forget to copy and paste REGEDIT4):


Quote:




REGEDIT4


[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{B033CF39-07CF-1033-0826-050713060001}]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{B033CF39-07D0-1033-0826-050713060001}]





Save the file as &... Read more

10 more replies
Relevance 58.22%

I've been getting all sorts of popups lately, and i just did a scan with spysweeper, Spybot S&D, Adware SE Professional...but it seems to come back again and again...i also have AVG free edition installed but that causes troubles of its own....it pops up and minimises my game when it detects some trojan....

The following is my hijackthis log.

Hijack this log said:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:50:28 p.m., on 9/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
E:\AnyDVD\AnyDVD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe... Read more

Answer:WinAntiVirus Pro, and other popups...

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:58:37 p.m. 9/09/2007

+ Scan result:

HKU\S-1-5-21-1708537768-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : No action taken.
C:\WINDOWS\system32\srvuqsja\srvuqsja1.exe -> Adware.UltimateDefender : No action taken.
C:\WINDOWS\system32\srvuqsja\srvuqsja2.exe -> Adware.UltimateDefender : No action taken.
C:\WINDOWS\system32\srvuqsja\srvuqsja3.exe -> Adware.UltimateDefender : No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : No action taken.
:mozilla.220:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\y5tzyhza.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.232:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\y5tzyhza.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.256:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\y5tzyhza.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.27:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\y5tzyhza.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.49:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\y5tzyhza.default\cookie... Read more

1 more replies
Relevance 58.22%

I've been getting the dreaded WinAntiVirus popups plus a couple others.
I've read many of the previous posts and have tried to solve the problem by myself but have been unsuccessful.
I've istalled and run the following with their latest updates:
Ad-Aware - fixed all problems identified
Spybot-S&D - fixed all problems identified
SpySweeper - no problems found
AVGFree - found 2 Trojans that it placed in the Virus Vault but could not Heal: Downloader.Generic2QJQ

Here's my HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 2:54:25 PM, on 9/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program ... Read more

Answer:WinAntiVirus and other popups

8 more replies
Relevance 57.4%

Please help me! i keep getting pop-ups from winantivirus pro and winfixer... along with a few others. I dont know what to do and it seems like they are getting worse and worse. thanks so much

Brian

Answer:i keep getting popups from winantivirus and winfixer

Please download HijackThis - this program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\PROGRAM FILES\HIJACKTHIS\

Double click on HijackThis.exe to run the program.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.

7 more replies
Relevance 57.4%

I've tried so long to get rid of these popups and finally decided to stop fooling myself and run the scans and get the logs from your read and run me first thread. I hope I'm doing this right.
 

Answer:winantivirus pro and videozapping popups

other logs

except counterspy which was too big
 

23 more replies
Relevance 57.4%

Ok, first off, let me say that I have read through a few threads on your site, and I really appreciate what you people are doing.

Lately I've been getting popups from winantiviruspro 2007, broadcaster.net, along with several other obscure sites, and sites that use ip's instead of Domain Names. I use firefox, and these popups will usually (although not always) show up in an IE window. It has slowed my computer down quite a bit. I have also noticed that no matter how many times I change the appearance of firefox, it always reverts back. (The bookmarks toolbar keeps showing up, and foxytunes keeps getting minimized)

I have read through, and performed everything from the "Read and Run Me First" guide, and I hope that I have done everything correctly. However, I am currently in normal boot and I am still receiving these popups. I was also still recieving them in safe mode with networking.

The following are my logs. I apologize if it is apparent that I have done something incorrectly. If you point it out I will try to get it straighted away as quickly as possible.
 

Answer:Winantivirus Pro, Broadcaster, other popups

here are the rest of my logs
 

4 more replies
Relevance 57.4%

I followed the procedures to remove malware, and it removed a bunch of stuff. I am still getting popup ads for things like sysprotect, winantivirus, and registry cleaner. Here is my hijack this log:Logfile of HijackThis v1.99.1Scan saved at 10:42:39 AM, on 7/21/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exeC:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\Program Files\BroadJump\Client Foundation\CFD.exeC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeC:\WINDOWS\System32\qttask.exeC:\Program Files\DIGStream\digstream.exeC:\Program Files\Trend Micro\Internet Security 2006\pccguide.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Messenger\msmsgs.ex... Read more

Answer:Sysprotect / Winantivirus Popups

Download and run Silent Runners.vbs from HERE It generates a log, please post the information back in this thread

10 more replies
Relevance 57.4%

hello, i am very much a newbie when it comes to these things. My computer keeps getting popup ads from winantivirus 2006 even when i dont have an internet browser open. A friend told me to run msconfig and uncheck everything. I can recheck everything if you guys want. I really dont know what to do. Here is my Hijack This log.Logfile of HijackThis v1.99.1Scan saved at 11:05:40 AM, on 8/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5450.0004)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ewido anti-spyware 4.0\guard.exeC... Read more

Answer:Help With Winantivirus 2006 Popups

Hello and welcome aboard 1) Please recheck everything from msconfig (Start => Run => type: msconfigHit enter and go to the startup tab -- check everything and click Apply and hit ok for any warnings etc), I really need to see all the info I can get out of your HijackThis log.2) Please rename HijackThis.exe to Scanner.exe. This will allow me to see your O2 & O20 entries since you would seem to have the new Vundo infection.3) Please only use ONE anti-virus and ONE firewall running at the same time on your computer. Either keep AVG and uninstall Norton Anti-virus or vice versa. 4) Post a fresh HijackThis log (running the renamed Scanner.exe) when all this is done.

12 more replies
Relevance 57.4%

Its seems like I've gotten the pop up to stop by choosing to disable

CATLEvents Object Browser Helper Object vrslru.dat

using the manage add on tools provided with SP2. I would like all portions of this popup garbage off of the machine. Any assistance would be greatly appreciated. I have run ad aware, and CWShedder and it doesn't prevent the pop up from appearing when that BHO object above is enabled.

Here is the Hijack Log:

Logfile of HijackThis v1.99.0
Scan saved at 12:33:39 PM, on 12/26/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4mon.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\Program Files\QuickT... Read more

Answer:Please Help (winfirewall, winantivirus popups)

Hi and Welcome to TSF

Please move hijackthis to the root of C:\ and NOT another drive or partition.

Before attacking an adware/spyware problem with hijackthis make sure you have already run ad-aware SE with VX2 add-on cleaner, Spybot Search & Destroy (with updated database) and CWShredder as these programs will clean a lot of the crap out first. All links to programs are in my signature. Ok..on to the log?..

Download and install CleanUp http://cleanup.stevengould.org/

Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also. Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Open add/remove programs and remove Viewpoint if listed. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be but make sure)

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Fonts\urlsrv.exe
C:\WINDOWS\system32\drivers\cmddb.exe

Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry)

O2 - BHO: CATLEvents Object - {D487068E-9B04-4FE5-8A83-08344F800BF5} - C:\DOCUME~1\iminort\LOC... Read more

6 more replies
Relevance 57.4%

followed steps listed for malware removal, here are my logs:
 

Answer:Random popups for WinAntiVirus and others in IE

here's the rest:

My question is what would be the best program(s) to use to get rid of what's left on my comp? I typically use Spybot/Ad-Aware/AVG AntiVirus (in that order), and up until now they have kept things regulated. Any suggestions? Thanks!
 

7 more replies
Relevance 57.4%

i've been having a problem with a alert that says the your computer is infected when clicked it sends me to winantivirus site. plus i get a popup says the following,

"warning! potential spyware operation!
your computer is making unauthorized copies of your system and internet files. run full scan now to pervent any unatherised access to your files! click here to download spyware remover...."

and it also send me to winantivirus site. i checked the net and it says its probable a malware. can you help? i have winxp.

thanks you for listening.
 

Answer:need help removing winantivirus popups

16 more replies
Relevance 57.4%

Another winantivirus problem Lots of popups and cant get ride of em, have tried vundofix, says no vundo findings. Please help me out guys... thanks. Windows swedish XP pro

Logfile of HijackThis v1.99.1
Scan saved at 16:47:17, on 2006-08-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\iTunes\iTunesHelper.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Winamp\winampa.exe
C:\Program\Google\Gmail Notifier\gnotify.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Program\CyberLink\PowerDVD\PDVDServ.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program\Java\jre1.5.0_06\bin\jusched.exe
C:\Program\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.... Read more

Answer:Winantivirus and misc. popups

Hi, Welcome to TSG!!

Look in your control panel add/remove programs for PuritySCAN By OIN, OuterInfo, Snowballwars by OIN or similar , click on it and click remove.

REBOOT afterwards!!

If not listed, download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe

Post your HJT log again after you have done that.
 

1 more replies
Relevance 57.4%

I've noticed a lot of these threads, although none of them seem to work for me. So I am hoping to get answers specific to my HJT log.

I get random popups regarding Winantivirus and Sysprotect when I am going through folders (specifically My Computer and my hard disk).

Here is my HJT log.

-------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:44:26 AM, on 7/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehSched.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Fi... Read more

Answer:Winantivirus, Sysprotect popups

16 more replies
Relevance 57.4%

oy. so this is the second time this has been on my computer. help please.

hijackThis logfile

Logfile of HijackThis v1.99.1
Scan saved at 2:12:12 PM, on 7/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\psimsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\arxavis.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\... Read more

Answer:winantivirus + unwanted popups..again

8 more replies
Relevance 57.4%

Whoever knows how to get rid of these things please help!
I'll post 'Hijack this' log PLEASE HELP!!!

Logfile of HijackThis v1.99.1
Scan saved at 오후 5:25:55, on 2006-11-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\HAURI\Common\hsvcmod.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HAURI\Common\Base\vrmonsvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files... Read more

Answer:Help!!! Winantivirus Pro 2006 popups!

Hi and welcome to TSG,
It is likely that you have a variant of the Vundo trojan that hides itself from HijackThis.exe so if we rename HijackThis, the entries should become visible.

Go to the C:\Program Files\HijackThis folder. Right click on the HijackThis.exe file and select "Rename". Rename it puppy.exe.

Then run HijackThis again and post a new log please.
 

3 more replies
Relevance 57.4%

My computer was hit yesterday when downloading a program I thought was clean for MSN Messenger. Multiple popups and then an instant downloader for WinAntivirus began. It's in the start up registry because after I rebooted this morning, it started again.

I know there is an altruistic uber geek just for me out there to help!

Here is my HIjackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 4:39:45 PM, on 9/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Mic... Read more

Answer:Solved: Popups & WinAntivirus

7 more replies
Relevance 57.4%

how can i get rid of this two popups
this is my current log of hijackthis

Logfile of HijackThis v1.97.7
Scan saved at 6:44:38 AM, on 6/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Eset\nod32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\XPPRESP3\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://192.168.*
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\bin\IDMIECC.dll
O2 - BHO: (no name) - {54CBB12C-3481-4C5D-942D-4976C0F0A406} - C:\WINDOWS\system32\efcdcdb.dll (file mi... Read more

Answer:winantivirus & broadcaster.com popups

9 more replies
Relevance 57.4%

Here is my logfile from HiJack This....

Logfile of HijackThis v1.99.1
Scan saved at 11:35:16 AM, on 7/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\CDProxyServ.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WI... Read more

Answer:Solved: WinAntiVirus and Other Bad Popups... Help

15 more replies
Relevance 57.4%

okay, i seem to have tried all i can to get rid of the popups/virus... but as you can see i still dont know what i have for sure- is it spyware, adware, trojan virus, worm??? i am clueless and quite illiterate when it comes to computers, so i need instructions in as basic a language as possible!the link http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/has been most useful to me, as it is simple and easy to understand. i have followed (as best as i could) up until step 7- getting a firewall. the "sygate personal firewall" link directed me to symantec, so i downloaded the Norton Personal Firewall, which i have right now, but it keeps alerting me that i have no virus protection! i already have symantec antivirus installed on my computer though! (am i currently not protected then- should i uninstall this trial Norton Personal Firewall?)step 8 i ignored, because i am not sure what version of windows i have.so now i have my HijackThis Log ready:Logfile of HijackThis v1.99.1Scan saved at 23:44:09, on 01/04/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\I... Read more

Answer:Amaena.com And Various Other Popups- Winantivirus!

why isnt anyone replying? :'(

17 more replies
Relevance 57.4%

Hi and first of all congrat for this work! This is my first post...

I have tha problem with WinAntivirus popups. I have tried Spy-sweeper, Ewido, Spybot, Xoft Spy, Scan spyware, spyremover, Noadware (!!!) and nothing!

Here is my hijack log...

Please help me!

Logfile of HijackThis v1.99.1
Scan saved at 17:37:03, on 17/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Antivirus\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Antivirus\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\TV Tuner\WinTV\Ir.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\SAGEM\OTEnet-SAGEM Fast 840\dslmon.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Antivirus\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adob... Read more

Answer:WinAntivirus popups problem...

9 more replies
Relevance 57.4%

My pc has been infected with WINANTIVIRUS popups...
How can i remove it?

Here is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 2:44:37 PM, on 10/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\next06.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Progr... Read more

Answer:WINANTIVIRUS PROBLEM with popups

16 more replies
Relevance 57.4%

Hello to the Bleeping Computer Crew:I am trying to get this darn PC working again fully. I have had problems with the Winfixer pop ups and just need some help. I have been fiddling with this problem for almost a week and I am at my wit's end. I run Windows XP Pro SP2, and I have the Norton Internet Security Program. Previously this week, when I would be running my Spyware Doctor v.3.5 or so, it would always make it through the scan until it was about 75% done. This occured right around the ActiveX Control scan. Either it would just reboot itself, it would go to the dredded Blue Screen saying that I had an unknown device driver, or it would just plain lock up and only the cursor would work. CTRL-ALT-DEL wouldn't even work. Please help!Here is my HijackThis Logfile as required:Logfile of HijackThis v1.99.1Scan saved at 1:29:19 AM, on 3/11/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS&#... Read more

Answer:Winfixer2006 / Winantivirus Popups

Hello LT Dan 74 and welcome to the BC HijackThis forum. Let's try a different scanner and see what it shows us. Download WinPFind.zip and unzip the contents to the C:\ folder.Start in Safe Mode Using the F8 method:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.Use the arrow keys to select the Safe Mode menu item.Press the Enter key.Locate the c:\winpfind\winpfind.exe file and double-click it to run it. Now click the Start Scan button to begin the scan.When the scan is complete reboot normally and post the WinPFind.txt file (located in the WinPFind folder) back here along with a new HijackThis log and I will review the information when it comes in.OT

5 more replies
Relevance 57.4%

I started out with several virus, worms and adware popups. I followed the instructions using the AD-Aware, SpyBot and other programs. I went through the sequence several times and each time more problems were removed leaving two, the Trojan_Awax virus and the WinAntiVirus Popups. In the process two new problems developed. One, at bootup I now get a RUNDLL error which reads, ?Error loading C:\WINNT\system32\bwvjaqwy.dll.? Second, while on the net I repeatedly get an Internet Explorer Error which reads as follows, ?Microsoft Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience.?My Operating system is Windows 2000 Professional version 5.0.2195.Norton identifies the problem file with the Trojan_Awax virus as hggfeec.dll. I tried deleting in safe mode but could not because it said that Windows was using the file.Here is the HijackThis log:Logfile of HijackThis v1.99.1Scan saved at 11:38:04 AM, on 1/15/2007Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\system\dllhost.exeC:\WINNT\System32\svchost.exeC:\Program Files\Symantec\Norton Ghost 2003\Gh... Read more

Answer:Canít Get Rid Of Trojan_awax And Winantivirus Popups

Hello,Uninstall VSAdd-in via software > add/remove programs.Reboot.Then,* Please download VundoFix.exe to your C:\.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will shutdown your computer, click OK.Turn your computer back on.Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.After reboot,* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present (some entries won't be present anymore):O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dllO4 - HKLM\..\Run: [Anti-Virus Update Scheduler] C:\djsi.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE <== this is a resource hog.O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\... Read more

11 more replies
Relevance 57.4%

There are two problems that i have encountered and are driving me up the wall,
The first is popups, normally Winantivirus2006, drivecleaner or sys protect being the worst out of the three, that actually downloads the program onto my pc, ive heard that these popups are more than just that, they are related to viruses or spyware that download themselves onto pc's and make up problems until you purchase the so called "cleaner",
I browse the same sites, and have never had these popups before, if i close them they get worse and keep coming back,

The second problem is explorer.exe, that i have never noticed before in windows task manager, but has suddenly started using up all my CPU and ram, whilst im browsing the internet,it seems to happen every 10 secs or so, and my pc will go really slow, i think its related to the popups as this happened after them,
Explorer.exe can be related to a virus too,

I have done all the steps stated in removing basic spyware, malware and viruses, Explorer.exe seems to have stopped but the popups haven't

Here are the results in the attachements and hopefully this can be sorted out,

Thanks for your time,
 

Answer:Winantivirus popups and explorer.exe using 100% of my CPU!

Welcome to Majorgeeks!

You need to attach the other two logs that were requested in step 6. The GetRunKey and ShowNew logs.

Explorer.exe is always running on a PC. It is your Windows shell. Without it, you would have no Desktop, no icons, no Start button, not tray,....etc. It is also Windows Explorer (the file manager) when open subsequently after startup. This is what you see when you double click My Computer or right click Start and select Explore.

You have a Virtumonde infection and remnants of a winlogonhook infection that we need to remove.
 

3 more replies
Relevance 57.4%

I'm being bombarded by winantivirus popups, and I need help making them stop.

Here is my HJT logfile:
Logfile of HijackThis v1.99.1
Scan saved at 7:22:26 PM, on 04/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\Upda... Read more

Answer:Solved: winantivirus popups

9 more replies
Relevance 57.4%

Yesterday I had suddenly been attacked by a Trojan Virus by the name of DLoader.AMSO which information on this is scarce apparently. Afterwards I had mass pop ups seemingly on a timed schedule that I could not control. I have scanned my system with McAfee (all the progs I use are up to date)which alerted me to the malware but did not delete the trojan. I then re-downloaded F-Secure after uninstalling and completely removing McAfee. F-Secure allowed me to rename the trojan which then allowed me to delete it off my computer. The pop ups are from WinAntivirus and a few others that keep on coming no matter what I do. I also ran Windows Defender, F-Secure and spybot after the trojan was removed , but there is nothing else left to remove according to the scanners. I am on Windows XP Media Center Edition 2002 with SP2. Any help would be greatly appreciated. Thank You.
 

Answer:WinAntiVirus popups grrrrrrrrr

2nd Post...I apologize for leaving things out the first time. I went into safe mode while modem was unplugged as I use dsl..I ran CCleaner and it cleared the spyware that was current. I also ran Microsofts Malicious Tool cleaner nothing was found. Ran spybot...found nothing. Could not run windows defender from safe mode or safe mode with networking. Panda found spyware 6 to be precise..wasn't sure on how to save that log. Getrunkey is attached as is newfiles.txt. Also the Vundo removal would not work.
 

9 more replies
Relevance 57.4%

I am getting WinAntivirus Pro 2006 popup messages along with a mix of others. I have been reading through your forum and have downloaded HiJackThis. Here is my lastest log from HiJackThis. Thanks for your help.

Logfile of HijackThis v1.99.1
Scan saved at 1:45:17 PM, on 10/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHom... Read more

Answer:Solved: WinAntivirus Pro popups

14 more replies
Relevance 57.4%

I have been reading about this, but have failed to remove the problem. Any help is greatly appreciated. Here is the hijack log file:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:33:35 PM, on 5/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\ge security supra\syncservice.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\hfp.exe
C:\Program Files\GE Security Supra\ProxyDaemon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\a la mode\Sched\eSched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\hffext\hffsrv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Shared Files\CamTray.... Read more

Answer:help with removing winantivirus popups

9 more replies
Relevance 57.4%

Hello, before i ask i would like to mention i cant understand in depth computer details so you may have to explain how to do something to me if its hard.

I keep getting pop ups when i visit sites and even when im not even online. I have just reformatted my computer a month ago because of a virus with the same symptoms (WinAntiVirus, i didnt install it jsut kept getting popups) Even when i had never installed or downloaded anything it just popped up on my computer. Please help!

Oh and i run Windows XP SP2 and Norton AntiVirus. Im also 13 but my father taught me alot about the computer and i apperantly am capable of doing more than my mother can (HA!). She also just bought the Norton subscription after i reformatted so i wouldnt get it again but it stil does.

Another thing i hav enoticed is that my cookie settings keep going down to Accept all cookies. Even after i set it to Block all cookies.

Please help! I do not wish to reformat again! (I can also get my dad to do the regestry things and others that could potentionaly destroy my computer.
 

Answer:Popups (WinAntiVirus Virus?)

16 more replies
Relevance 57.4%

Hi, any help getting rid of these popups would be great. Here is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 22:20:54, on 20/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Anfield Alerts\anfieldalerts.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\regscan.exe... Read more

Answer:Please help with Winantivirus Pro popups. HJT log included

10 more replies
Relevance 57.4%

I've been getting WinAntiVirus popups and DriveCleaner popups and they try to get me to download antivirus software. Is this a trojan? Malware? How do I get rid of it? I've tried to delete all unknown programs with the CCleaner tool you've recomended, still nothing seems to have stopped it...

Thks,
Kevo
 

Answer:How do I dispose of WinAntiVirus popups?

Welcome to MajorGeeks.com, please follow our standard cleaning procedures:

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support


Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around..
When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
CounterSpy
AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
Bitdefender - from step 6
Panda Scan - from step 6
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat
HijackThis
NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
 

1 more replies
Relevance 57.4%

Windows XP Home, SP2, Nortons Anti virus, Zone Alarm firewall, Spysweeper and a Linksys router.
I also have the Sysprotect, Adult friend finder etc popups taking over my computer. Your help would greatly be appreciated. I have downloaded HijackThis, VundoFix and Ewido. I only ran HijackThis and below is a copy of the log. If you could, tell me what to do next. Thanks, Joe

Logfile of HijackThis v1.99.1
Scan saved at 12:21:50 AM, on 4/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\SM1BG.EXE
C:... Read more

Answer:Sysproyect, Winantivirus, etc popups?

hi, welcome to TSG.
IMPORTANT! Move Hijack this from the Temp, or from the zip folder to it's own folder!
Make a new folder in C:\ and call it Hijack this, and Save hijack this to
this folder so that it runs properly and can make back ups. Click scan,
then save the log and post it here so we can take a look at it for you.

Please download http://www.atribune.org/ccount/click.php?id=4 to your desktop.
∑ Double-click VundoFix.exe to run it.
∑ Click the Scan for Vundo button.
∑ Once it's done scanning, click the Remove Vundo button.
∑ You will receive a prompt asking if you want to remove the files, click YES
∑ Once you click yes, your desktop will go blank as it starts removing Vundo.
∑ When completed, it will prompt that it will shutdown your computer, click OK.
∑ Turn your computer back on.
Go here and downlaod the latest version of java, once
downloaded, go to add/remove and uninstall all previous versions of java
from add/remove and then instlall the latest version you just downloaded!
http://java.com/en/download/manual.jsp
∑ Please post the contents of C:\vundofix.txt and a new HiJackThis log.
 

3 more replies
Relevance 57.4%

hey guys, just want to say before hand that i appreciate all the help and time you spend on here helping those in need. Here is my highjackthis log...


Edit by chaslang: Inline HJT log removed. READ & RUN ME sticky not followed.
 

Answer:SystemDoctor and Winantivirus Popups!!!

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, renaming, running, and posting HijackThis logs as attachments.
Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis​Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.​
When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
CounterSpy - only for Windows XP, 2K, & NT users
AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy. - only for Windows XP, 2K, & NT users
Bitdefender - from step 6
Panda Scan - from step 6
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat
HijackThis

NOTE: You can o... Read more

1 more replies
Relevance 57.4%

hi, I've done all the things that u said before posting here like using adaware, spybot and cwshredder to kill the popups. well, seems like it really like my computer and not wanting to go away. so here I am asking for your help to get the bugger off.

Thanks in advance

My hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 2:54:36 AM, on 8/4/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software... Read more

Answer:winantivirus pro 2006 popups

1. Download this file -

http://download.bleepingcomputer.com/sUBs/combofix.exe

http://www.techsupportforum.com/sectools/combofix.exe

* IMPORTANT !!! Place combofix.exe on your Desktop

2. Go to Start > Run - paste in the following command & click OK"%userprofile%\desktop\combofix.exe" /v vturo3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

9 more replies
Relevance 56.99%

About three days ago, my computer was infected with WinFixer/WinAntiVirus. I now get popups for all kinds of various websites. I've done everything I know of before posting a HijackThis log: I ran Stinger, TrojanHunter, Spybot, AdAware, CWShredder, vx2Finder, and did an online scan with Trend Micro. I now have ZoneAlarm and TrojanHunter running in the background. If you can help, THANK YOU so much!Here's my HijackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:03:14 PM, on 8/19/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files&#... Read more

Answer:[Resolved]Winfixer/winantivirus Popups

Hi jbruin79 and welcome to BleepingComputers Forums.My name is Trevuren and I will be helping you with your problem.A. Some trojans have a way of masking their presence from the HijackThis program when they recognize the name. I think that this is the case here because there are no 02 or 020 entries visible in your log.Please locate the following file on your desktop: HijackThis.exeNext, right click on the file and from the popup menu that appears, choose the RENAME option and rename the file Killer.exe.From now on, when I ask you to start HijackThis, just click on the Killer.exe file.B. Please run the following program: Please download WinHelp2002's DelDomains by right-clicking on the following link, and choosing "Save Target As": DelDomains.inf to your Desktop
http://www.mvps.org/winhelp2002/DelDomains.inf

Then go to the desktop, right click on DelDomains.inf, and choose Install. You may not see any noticeable changes or prompts; this is normal.
Then please restart your computer

Note: You will have to reimmunize with SpywareBlaster, IE-SPYADS, and/or Spybot after doing this if you were using these features before.C. Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will pr... Read more

13 more replies
Relevance 56.99%

Hi,

I am getting bombarded with popups to have me download WinAntivirus/Drive Cleaner, etc. This is something that others are having issues with as well I see. However, I have Windows 2000 instead of XP, the VundoFix won't pop up after a minute has elapsed and my HJT log doesn't have the file that your tech guys have told the others to remove.

If you can offer any advice, it would be greatly appreciated. Thank you

Here's my HJT log....

Logfile of HijackThis v1.99.1
Scan saved at 4:48:22 PM, on 7/2/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINNT\Mixer.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\Di... Read more

Answer:WinAntiVirus/Drive Cleaner Popups, please help

9 more replies
Relevance 56.99%

I am constantly receiving popup windows from SystemDoctor, WinAntiVirus, and Sygate Personal Firewall has detected the following trying to access the internet:H:\Program Files\Common Files\{683AD889-07D9-1033-0310-051124040001}\Update.exetrying to accessdr.mcboo.com [213.251.136.219]I also have a red border around Firefox and a few other things. I've run AVG Free Edition in safe mode and cleaned to the best of my abilities. I have also run Ad-Aware and Spybot to do their best.Please, take a look at my log and tell me if you notice anything unusual!Thanks in advance!Logfile of HijackThis v1.99.1
Scan saved at 8:34:14 PM, on 10/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Sygate\SPF\smc.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:&... Read more

Answer:Systemdoctor, Winantivirus, & Other Popups + Malware

Hi theHeat and welcome to Bleeping Computer You got infections there....Create a new folder named HijackThis to your desktop. Move Hijackthis.exe into that folder.Please rename HijackThis.exe to Scanner.exePlease download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Please post the contents of C:\vundofix.txt and a new HiJackThis log.Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

13 more replies
Relevance 56.99%

Hey, first off, I'd want to thank whoever would be helping me out. I ran Hijackthis and here is the log, but I dont' know what should I be doing next. Anyone who can help, thanks!

Logfile of HijackThis v1.99.1
Scan saved at 12:11:55 AM, on 8/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\SysProtect Free\USYP.exe
C:\WINDOWS\system32\MsgSys... Read more

Answer:Help! Need to uninstall Sysprotect & rid WinAntiVirus '06 popups

16 more replies
Relevance 56.99%

Hello I've been having many IE popups for some winantivirus thing, and also a "windows no disk" at startup. A pic of the dialog shown is as attached. Here's the HijackThis log. Thanks in advance for your help!Logfile of HijackThis v1.99.1Scan saved at 9:24:54 PM, on 4/16/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\PROGRA~1\NavNT\vptray.exeC:\Program Files\Ahead\InCD\InCD.exeC:\WINDOWS\system32\VTTimer.exeC:\WINDOWS\system32\VTtrayp.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Java\jre1.5.0_03\bin\jusched.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Winamp&#... Read more

Answer:Winantivirus Popups And Windows No Disk

Welcome to the BleepingComputer HijackThis forum sonixevo Please go to: C:\Documents and Settings\yeo's\Desktop\Shang Long\Hijackthis\HijackThis.exeRight click on Hijackthis.exe and select 'Rename', rename it to abc.batDouble click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.

11 more replies
Relevance 56.99%

HiA couple of days ago, I got a popup ad for WinAntiVirus - I was trying to go to http://findarticles.com/p/articles/mi_qn41..._n17158993/pg_3 when it appeared. (I tried to access the same site later from a secure computer and got a very similar, but slightly different popup (I think it was pushing a different anti-virus application) I tried again later from the same computer but got a 'popup blocked' message).I dowloaded SpyHunter which detected trojan.vundo. I then ran VundoFix, FixVundo, SpyBot, AdAware, FSBlacklight, AVG AntiRootKit, Kaspersky, Housecall, Panda, Bit Defender and Stinger and found nothing aside from a few cookies (although Housecall also found ADWARE_BHOT_IEHELPER which I understand is not uncommon and might be a false positive).I have uninstalled SpyHunter. Yesterday I got another popup for WinAntiVirus, this time while browsing google.groups for virus information, and this morning I got another one for free screensavers (browsing eBay). I would be grateful if someone could check the Hijackthis log and tell me if I have any infections, please, or explain what is going on with the popups.Thank you.-----Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:23:02 AM, on 8/19/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\... Read more

Answer:Winantivirus Popups - Possible Vundo Infection?

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Lord Sutch My name is Richie and i'll be helping you to fix your problems.Download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.Also post a new Hijackthis log please.

7 more replies
Relevance 56.99%

Logfile of HijackThis v1.99.1Scan saved at 10:45:48 PM, on 8/10/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\PROGRA~1\COMMON~1\SSTEM~1\chkdsk.exeC:\WINDOWS\System32\zqskw.exeC:\WINDOWS\System32\atievxx.exeC:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exeC:\WINDOWS\explorer.exeC:\Program Files\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.portal.radford.edu/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.portal.radford.edu/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exeO3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program ... Read more

Answer:Ad.bannerconnect, Winantivirus Pro 2006, Ad -w-a-r-e, Other Popups

Hello and welcome First of all, you don't seem to have an Anti-virus client running. This is extremely important.Please get the free version of AVG.Download & install it, configure it how you wish, update it. Next, run a scan with it (set it to scan everything it can). Remove/quarantine everything found. Reboot.----Next....Download Combofix to your desktop:Double-click combofix.exe & follow the prompts.When finished, it shall produce a log for you. Post that log in your next reply. Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

7 more replies
Relevance 56.99%

Hello, I have a sales representative that was having problems with Winfixer and WinAntivirus popping up. Her Ad-aware currently is not working correctly (crashes out) and won't reinstall properly - though I did have her use Spybot. She says that once she removes things via Spybot, it solves the problem of popups for a few hours and then they come back. I also had her run Housecall incase her Symantec was affected. I'm running out of idea on how to assist her in the removal of these popups. Below is her HijackThis log, any help would be greatly appreciated. Thanks guys.


__________________________

Logfile of HijackThis v1.99.1
Scan saved at 8:42:13 PM, on 3/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Prog... Read more

Answer:Winfixer - WinAntivirus - Obscene popups

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.
Put a check next to Run VundoFix as a task.
You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt at the end of this fix .

---------------------------------------------------------------------------------------------

Download and install CleanUp!
NOTE: Do NOT run this progr... Read more

8 more replies
Relevance 56.99%

Hi, i have been trying to get rid of these popup but to no process....

Below are all the scans i made:

From Panda Scan:

Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\IMKHVVBW.DLL
Adware:Adware/eZula Not disinfected C:\WINDOWS\SYSTEM32\BTWTMYUO.EXE
Adware:Adware/eZula Not disinfected C:\WINDOWS\SYSTEM32\HDERTBSP.EXE
Adware:Adware/eZula Not disinfected C:\WINDOWS\SYSTEM32\SFXPBFVE.EXE
Adware:Adware/eZula Not disinfected C:\WINDOWS\SYSTEM32\QNVAOCPS.EXE
Adware:Adware/eZula Not disinfected C:\WINDOWS\SYSTEM32\YLARQORC.EXE
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Desmond\Cookies\[email protected][1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Desmond\Cookies\[email protected][2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Desmond\Cookies\[email protected][2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Desmond\Cookies\[email protected][1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Desmond\Cookies\[email protected][2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Desmond\Cookies\[email protected][3].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Desmond\Cookies\[email protected][3].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Desmond\Cookies\[email protected][1].t... Read more

Answer:Winantivirus and system doctor popups

Download ComboFix to your Desktop.

Reboot to Safe mode:

Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done properly a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

Perform the following actions in Safe Mode.

Double click combofix.exe and follow the prompts.
When finished, it will produce a log for you. Post that log and a new HijackThis log in your next reply
Note: Do not mouseclick combofix's window while it's running as that may cause it to stall
 

1 more replies
Relevance 56.99%

I'm trying to remove sysprotect and stop winantivirus popups and others like it. I'm not very good with computers so please dumb it down. Thanks

Here's my latest HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:22:26 AM, on 8/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C... Read more

Answer:Please help me remove: Sysprotect, winantivirus popups, and others.

p.s. sorry for multiple posts but everyone who was helping me logged off
 

2 more replies
Relevance 56.99%

Hello,

I am getting all kinds of browser popups from things like broadcaster.com and winantivirus. Would somebody be able to help me get rid of these?

thanks very much for your help!
rjb
 

Answer:Solved: broadcaster.com, winantivirus, etc. popups?

9 more replies
Relevance 56.99%

Hi guys,
I see that you've seen this one quite a few times,
sorry to beat a dead horse and all, but this one's killin me.
I'm getting the sysprotect and winantivirus 2006 popups along with a few other random ones like adult friend finder. all my antispy programs detect nothing, and I tried a symantec vundo fix once which found a couple items but did not solve the problem. Also, I am pretty clueless on hijack this. All help is appreciated, thanks.

Here is my Hijack This log.

Logfile of HijackThis v1.99.1
Scan saved at 8:10:48 PM, on 7/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog... Read more

Answer:Solved: sysprotect winantivirus popups...help please!

13 more replies
Relevance 56.99%

Tried cleaning with a bunch of different programs...norton antivirus, ewido anti-spyware 4.0, VundoFix. They all find things that are infected but removing the files doesnt get rid of the pop ups. Just recently I started getting pop ups for random other things as well. Logfile of HijackThis v1.99.1Scan saved at 4:58:04 AM, on 6/26/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\WINDOWS\CTHELPER.EXEC:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXEC:\Program Files\ewido anti-spyware 4.0\ewido.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\ATI Technologies\ATI.AC... Read more

Answer:Winantivirus 2006 And Sysprotect Popups

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Put a check next to Run VundoFix as a task.You will receive a message saying vundofix will close and re-open in a minute or less. Click OKWhen VundoFix re-opens, click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will shutdown your computer, click OK.Turn your computer back on.Please post the contents of C:\vundofix.txt and a new HiJackThis log.

2 more replies
Relevance 56.99%

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:08:24 PM, on 15/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
E:\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\qwerty12.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Nakido\nakido.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
E:\D-Tools\daemon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program ... Read more

Answer:Solved: Help! Adware! (WinAntiVirus popups) Please Help!

16 more replies
Relevance 56.99%

I have the identical problem resolved by Cheeseball81 as posted by ptt102 originating on April 9, 2007. I have completed all the steps up to running Avenger, as the directions cautioned that they were specific to that user. I have run all of the steps, including the Panda scan, up to that point. Below is my Hijack log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:33:14 PM, on 6/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\WINDOWS\system32\sdsnvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\gtk.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda antivirus 2007\WebProx... Read more

Answer:WinAntivirus popups -- need to know which files to run Avenger

16 more replies
Relevance 56.99%

Starting getting some popups the other day. Searched the site tonight and referenced this thread
http://forums.techguy.org/security/476386-solved-pop-ups-system-doctor.html?highlight=spyware+doctor

to follow the steps to see what I need to do.

I've run Vundofix, and nothing showed up. I've downloaded Webroot SpySweeper and here is the log from it :
********
8:54 PM: | Start of Session, Tuesday, June 27, 2006 |
8:54 PM: Spy Sweeper started
8:54 PM: Sweep initiated using definitions version 708
8:54 PM: Starting Memory Sweep
8:59 PM: Memory Sweep Complete, Elapsed Time: 00:04:32
8:59 PM: Starting Registry Sweep
8:59 PM: Found Adware: ist istbar
8:59 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\conflict.1\istactivex.dll (ID = 129171)
8:59 PM: Found Adware: keenvalue/perfectnav
8:59 PM: HKCR\pwrswmda.pwrswmda\ (3 subtraces) (ID = 129387)
8:59 PM: HKLM\software\classes\pwrswmda.pwrswmda\ (3 subtraces) (ID = 129427)
8:59 PM: Found Adware: orbit explorer
8:59 PM: HKCR\oesearch.oesearchhook\ (5 subtraces) (ID = 136468)
8:59 PM: HKCR\update.redirector\ (5 subtraces) (ID = 136472)
8:59 PM: HKCR\clsid\{341fb59f-3507-443b-8147-423b4e3b2b15}\ (11 subtraces) (ID = 136473)
8:59 PM: HKCR\interface\{030a8576-686b-479a-af79-94b9fea79bc5}\ (8 subtraces) (ID = 136477)
8:59 PM: HKCR\interface\{1d22a25e-b181-4aee-88ff-2209f7c24fcb}\ (8 subtraces) (ID = 136478)
8:59 PM: HKCR\interface\{ec99cbb3-6275-4923-bc54-8f27ac45f577}\ (8 su... Read more

Answer:Winantivirus popups, spyware, viruses

8 more replies
Relevance 56.99%

I now these are both malware, and I've read a post about it here, but just starting a new post so I can post my log from SmitfraudFix... I don't know if/where to get other programs if needed for help, but here's the Smit log....


Edit by chaslang: Inline SmitFraudFix log removed. READ & RUN ME sticky not followed.
 

Answer:System Doctor and WinAntiVirus Pro Popups

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, renaming, running, and posting HijackThis logs as attachments.
Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis​Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.​
When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
CounterSpy - only for Windows XP, 2K, & NT users
AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy. - only for Windows XP, 2K, & NT users
Bitdefender - from step 6
Panda Scan - from step 6
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat
HijackThis

NOTE: You can o... Read more

1 more replies
Relevance 56.99%

G'day--hope like the dickens you can help. System's been slow for several weeks, with no clear reason. Worsened a few days ago; I had only Firefox open and it took 45-60 seconds to load a page. Up to that point, Norton never picked up a thing while I was logged in.Popups started in earnest yesterday. Finally found hard evidence of the virus, and left Housecall's online scan overnight to see what it found. This morning, the browser was closed. Moved on; now 12 hours into diagnosis and repair, and still getting a bunch of crud popping up. A number of trojans, viruses and rootkits have been found by Norton, AVG, and Panda Anti-Virus Online scans. Each detector has been successful on some level at cleaning the problems, but the problems keep propagating. Tried the online scan with Housecall again about two hours ago and my browser was shut down again. Just finished scanning, deleting and destroying with Ad-Aware, Spybot, Panda, and Stinger. Haven't restarted yet, nor did I restart in between. That just seems to make trouble. HiJackThis log looks like this:Logfile of HijackThis v1.99.1Scan saved at 9:19:22 PM, on 2/17/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS&#... Read more

Answer:Virtumonde/winantivirus Popups/smitfraud, Too?

Welcome to BC Fursty Go to:C:\Fixers\HijackThis.exeRight click on Hijackthis.exe and select 'Rename', rename it to abc.batDouble click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.

13 more replies
Relevance 56.99%

my laptop infected with winantivirus, i have uninstalled, and used several antyspyware aplications, but poopups still appearing, I'm posting hijack this log and combofix log, if someone could help me , will be great.hijackthis log:Logfile of HijackThis v1.99.1Scan saved at 12:03:58 PM, on 3/25/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\SYSTEM32\SVCHOST.EXEC:\WINDOWS\SYSTEM32\SVCHOST.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\SYSTEM32\SPOOLSV.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\Program Files\Trend Micro\Internet Security 2006\pccguide.exeC:\Program Files\Windows Defender\MSASCui.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\eHome\ehRecvr... Read more

Answer:Infected With Winantivirus, Popups Killing Me, Don't Go Away

PLEASE I NEED HELP!!!!!!!!!!!!!!!!!!!!!!!!!

2 more replies
Relevance 56.99%

Hi I keep getting WinAntiVirus Pro popups and sysprotect and ive tried antivirus, firewall, windows defender and nothing helps. I keep seeing hijack this reports so here it is:

Logfile of HijackThis v1.99.1
Scan saved at 4:51:49 PM, on 15/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.ex... Read more

Answer:Solved: WinAntiVirus Pro popups and sysProtect help

15 more replies
Relevance 56.99%

Help. My computer has been acting up for like 2 days now. I get popups from Winantivirus telling me to download because I have a virus. Then when I open IE I am redirected to the Winantivirus website. I am also getting PUP trojans that say they can't get deleted or cleaned. Some are called win158~1.exe.

Here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 1:01:31 PM, on 7/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symante... Read more

Answer:Slow pc and Winantivirus Popups/win158`1.exe

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Please read this post completely before begining. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *


Please download SmitfraudFix
Extract the content (a folder named SmitfraudFix) to your Desktop.

Download Dr.Web CureIt & save it on desktop. We shall be using it later

Download & install - CleanUp.exe (not recommended for WinXP64)

'UNPLUG'/DISCONNECT your computer from the Internet when you have finished downloading.
It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.


* * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * *


Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider initially to Standard CleanUp!
3. Uncheck the following:Delete Newsgroup cache
Delete Newsgroup Subscriptions
Delete Cookies
4. Click OK
5. Press the CleanUp! button to start the program.

* CleanUp! will not create any backups!!


* * * * * * USING HIJACKTHIS' DELETE ON REBOOT * * * * * *


HijackThis is able to create backups w... Read more

1 more replies
Relevance 56.99%

Followed all steps prior to posting, all anti-virus software is up to date an run, problems still occur.

Heavy.com and PartyPoker are the main popup ads
WinAntiVirus occassionally pops up as well wanting to be downloaded
Various sound clips play automatically, commercials for things like Pampers and such.

Logfile of HijackThis v1.99.1
Scan saved at 3:22:23 PM, on 9/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage ... Read more

Answer:Ad Popups, Sound Clips and WinAntiVirus

Do a HijackThis scan & place a check next to these items and select "Fix checked":

O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nst7.dll
O2 - BHO: (no name) - {D996FC10-62D7-3701-ADA8-601344D96DC4} - C:\WINDOWS\system32\nvrydme.dll
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O20 - Winlogon Notify: vtsqn - vtsqn.dll (file missing)


* * * * * *


1. Download this file using either of these links

http://download.bleepingcomputer.com/sUBs/combofix.exe

http://www.techsupportforum.com/sectools/combofix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

19 more replies
Relevance 56.99%

Hi all,

Like many other people, my computer has been infected with Winantivirus Pro 2006 and other similar unwanted popups stating that I have all these problems with my computer. The problem has gotten worse recently and I'd like to do something about it, if possible. Also I'm unable to boot PC in safe mode properly, ie. I'm able to boot PC into safe mode but I'm left with a black screen with safe mode written in the 4 corners of the screen and nothing else happens. I've used ewido and panda scans and this doesn't solve the issue.

I did a search regarding other peoples similar problems, but my understanding is that every case is unique. So I figured I'd post here and hope some nice person with experience in this field would let me know what to do...

BTW here is a HJT log of my system:

Logfile of HijackThis v1.99.1
Scan saved at 10:42:54 PM, on 28/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Cyberlink\Shared files\RichVideo... Read more

Answer:Winantivirus 2006 and other annoying popups

Being helped here

http://forums.techguy.org/security/486790-spyware.html
 

1 more replies
Relevance 56.99%

Getting popups in firefox every so often, and a while ago I winantivirus installed itself. Help would be much appreciated Logfile of HijackThis v1.99.1Scan saved at 3:20:27 PM, on 11/4/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\QuickTime\qttask.exeC:\DOCUME~1\Owner.Dan\LOCALS~1\Temp\2006111151316_mcinfo.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Microsoft Office... Read more

Answer:Winantivirus, System Doctor, And Popups

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the cleaning process; please copy/pa... Read more

13 more replies
Relevance 56.99%

I mistakenly posted to another forum - so sorry for the dupe entry.I keep getting a popup message that I may be infected with the "blackworm" virus and prompted to download winantivirus pro 2006. I know this is a hoax, but I can't seem to get rid of it. I've run AVG, Spybot and Adaware ...nothing. I swapped out AVG yesterday for Microsoft OneLive (per the advice of the microsoft website). Nothing.Here is a copy of the hijack this log from today. Please help!!! Thank you very, very much!!!ToddLogfile of HijackThis v1.99.1Scan saved at 12:56:36 PM, on 3/6/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\System32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exeC:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\Program Files\Common Files\Symantec Shared\ccSetMgr.exec:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\svchost.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\... Read more

Answer:Winantivirus Pro 2006 Popups Problem

Here's a new Hijack This Log after running CCleaner, Dr Web, MWav and Spy Sweeper:Logfile of HijackThis v1.99.1Scan saved at 10:50:18 PM, on 3/6/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\System32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exeC:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEc:\Program Files\Common Files\Symantec Shared\ccSetMgr.exec:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Microsoft Windows OneCare Live\Firewall\mpssvc.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\system32\VTTimer.exeC:\WINDOWS\AGRSMMSG.exeC:\WINDOWS\ALCXMNTR.EXEC:\PROGRA~1\Sony\SONICS~1\SsAAD.exeC:\Program Files\Micr... Read more

20 more replies
Relevance 56.99%

Hi all,

Like many others, my computer has been afflicted with Winantivirus Pro 2006 and other similar unwanted popups claiming that I have all these problems with my computer. I've probably noticed about 10 different popups, but I'm guessing they're all related and/or affiliated. The problem has gotten worse recently and I'd like to do something about it, if possible.

I did a search, but my understanding is that every case is unique. So I figured I'd post here and hope some kind soul will tell me what to do...

Thanks,
Len
 

Answer:Solved: Winantivirus and other problematic popups

15 more replies
Relevance 56.99%

here is my hijackthis log and my vundofix log. thanks in advance for your help.Logfile of HijackThis v1.99.1Scan saved at 12:02:17 AM, on 10/28/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\BCMSMMSG.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wuauclt.exeC:\hijackthis\HijackThis.exeO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Nort... Read more

Answer:Log Looks Clean But I Still Get Popups Everywhere Including Winantivirus

Welcome to Bleeping Computer, brute force.* Please rename your HijackThis.exe into WhatYouWant.exe. * Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.Updating Java:Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9.Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".Click the "Download" button to the right.Check the box that says: "Accept License Agreement".The page will refresh.Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.Close any programs you may have running - especially your web browser.Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.Check any item with Java Runtime Environment (JRE or J2SE) in the name.Click the Remove or Change/Remove button.Repeat as many times as necessary to remove each Java versions.Reboot your computer once all Java components are removed.Then from your desktop double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version.* Please download Look2Me-Destroyer.exe to your desktop.Close all windows before continuing.Double-click Look2Me-Destroyer.exe to run it.Put a check next to Run this program as a task.You will receive a message saying Look2Me-Destroyer will clo... Read more

9 more replies
Relevance 56.17%

Hijackthis Log:

Logfile of HijackThis v1.99.1
Scan saved at 17:35:38, on 28/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Ben\Desktop\Ben's Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/ ... Read more

Answer:Laptop getting popups from many websites: abcsearch.com, winantivirus.com etc.

Hi Ben,

Welcome to Tech Support Forum!

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

OK, here?s what we do first.

Spyware Doctor's OnGuard protective functionality may interfere with certain fixes we need to make. Please follow these instructions to disable it.

To deactivate Spyware Doctor's OnGuard Tools:From within Spyware Doctor, click the "OnGuard" button on the left side.
Uncheck "Activate OnGuard".

You can re-enable it once your system is clean.


NEXT:

Please download VundoFix.exe by Atribune and save it to your desktop.Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click YES, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HijackThis log.

NOTE : It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "click the Scan for Vundo button" when VundoFix appears at reboot.

7 more replies
Relevance 56.17%

I'm sorry if this has been addressed before but it used to be only popping up with ie ( which I can easily terminate in task manager ) but after my friend downloaded ccleaner and ran some scan for me the pop ups have started to appear in my firefox!

here is my hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 11:36:58 PM, on 14/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rrhuhicaxqrj.net/68AyvCp3w7T1... Read more

Answer:winsoftware,systemdocotr,winantivirus popups in my firefox!

16 more replies
Relevance 56.17%

As with anyone else that has this popup problem, i'm seeking how to remove it. I get the winantivirus, error detected popup, something about friends or lovers popup, and system doctor popup.

can anyone help?

here is the hijack logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:43:39 AM, on 10/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\qawjqdvp.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\... Read more

Answer:Solved: Errordetected/winantivirus popups, how do i remove

12 more replies
Relevance 56.17%

I've been getting popups for a few days. Mainly for WinAntivirus and SystemDoctor, but occasionally another that I forget. It's a dialog box giving me a yes and no option. When I close that box, it opens IE to the homepage of said program.
Sophos Antivirus, Windows Defender, and AdAware all find no problems.
The popups are pretty far apart. Sometimes I go four or five hours without a single one.

Any help would be extremely appreciated.
Anyway, on to what matters.. My HijackThis log.

Logfile of HijackThis v1.99.1
Scan saved at 9:29:41 PM, on 6/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
D:\NikonView\NkvMon.exe
C:\WINDOWS\SYSTEM32\Wtablet\TabUserW.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminServic... Read more

Answer:Solved: Popups: WinAntiVirus, SystemDoctor, others. HJT log posted.

11 more replies
Relevance 56.17%

I was recommended to this site from a friend because he received invaluable help here. Anyway, my laptop has now been infected with malware. The best way to describe it is that whenever I use Mozilla or IE, a popup will usually come up, regardless of whatever site I go to (even my e-mail). Half of the time, those popus will deal with some sort of fake software called WinAntiVirus (something like that). This problem is causing my laptop to run like my old Pentium 200Mhz, which is not good considering that this is finals week for me.

Anyway, I have the hijack and Panda ActiveScan logs attached. However, I think I realize one of the problems; there are two .dll files in my windows/system32 folder that AVG Anti-spyware is picking up as infected, and I cannot delete/quarantine it. I've tried pocket killbox, but that hasn't helped one bit. I've already run scans in safe mode and it only contains the problem, but not resolve it. Please help me!

EDIT: AVG Anti-spyware picks up these two .dll as BHO browser plugins. The CLSIDs are 3F9D0C61-737D-44D1-BD80-91AF857061CC and 4575D4AE-A10F-4627-BD1C-5914E5F6AC4D. I hope this helps out.
 

Answer:WinAntiVirus malware, popups and slow performance

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.





When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
CounterSpy
AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
Bitdefender - from step 6
Panda Scan - from step 6
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat
HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two mess... Read more

3 more replies
Relevance 56.17%

Hello. I keep getting Winantivirus Pro 2007, Winantispyware 2007, and System Doctor popups for the most part but I've also been getting music download and personal ads as well.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:31:55 PM, on 10/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explor... Read more

Answer:Plz help!winantivirus, winantispyware, system doctor popups

Hello and welcome to TSF


Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

===============================================================

Please follow all instructions and in which order they come,if you have any questions,please ask before proceeding.

================================================================

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.
What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycl... Read more

1 more replies
Relevance 56.17%

Hello,I originally posted in the Am I Infected What Do I Do? forum, but I'm coming here because that didn't do the trick. In addition to running AVG Anti-Spyware 7.5, I did everything as layed out on the "before you post your hijack log" topic. I started getting these antispyware malware popups (winantivirus, systemdoctor, a few others i can't remember as they're more infrequent) in IE, so then I started exclusively using firefox...now that gives me as many problems. Recently, I've been getting a lot of redirects to tangentially related websites (example: if i'm on youtube, i'll be redirected to another video website) in addition to the malware popups. My computer definitely runs slower than it used to and freezes much more. usually the problem has been explorer (not IE) freezing up. So now I'm wondering what the next step to take is. Thank you in advance.Logfile of HijackThis v1.99.1Scan saved at 6:08:02 PM, on 10/24/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exeC:\Program Files\Panda Software\Panda Internet Security... Read more

Answer:Winantivirus, Systemdoctor Popups, Also Random Redirects

Hi eddieizzard You got some infections there...Please rename HijackThis.exe to Scanner.exePost a fresh HijackThis (scanner.exe) log to here.

1 more replies
Relevance 56.17%

I've downloaded HJT and pasted the log below. Thanks in advance for your help.
Logfile of HijackThis v1.99.1
Scan saved at 8:12:29 AM, on 4/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.e... Read more

Answer:Getting winantivirus, adult friend finder popups

7 more replies
Relevance 56.17%

- Win XP Home SP2 (All current updates installed)
- Updated Java to the latest version
- I turned off Windows Restore
- VundoFix & VirtumundoBeGone found nothing
- Windows Defender found nothing
- Ewido (AKA AVG Antispyware 7.5)/Adaware/Spybot SD found some things but popups still show up
- AVG Antivirus 7.5 couldn't scan the boot sector in safe mode for some reason but removed a virus (yup, popups still there)
- I have the latest Spywareblaster updated and running

...and here is my HJT Log (Thanks in advance!):

Logfile of HijackThis v1.99.1
Scan saved at 10:14:56 PM, on 1/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Fil... Read more

Answer:Need help removing popups please (WinAntivirus Pro, Amaena, ~ Click Me!)

7 more replies
Relevance 56.17%

I am getting numerous popups in IE bringing me to WinAntiVirus sites, and Norton detects WinFixer

here is my HJT log


Logfile of HijackThis v1.99.1
Scan saved at 4:05:52 PM, on 8/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\flexlm\i486_nt\obj\lmgrd.exe
C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\Program Files\flexlm\i486_nt\obj\ptc_d.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Norto... Read more

Answer:WinAntiVirus IE popups and Norton detects WinFixer

Please rename Hijackthis.exe
It's currently located at C:\HJT\HijackThis.exe
Rename it from Hijackthis.exe to HJT.exe

Then post a fresh Hijackthis log that isn't enclosed with [code ] tags

13 more replies
Relevance 56.17%

I have tried everything . I ran spybot, ewido. I also have windows defender and stopzilla. But i still get random popups and security warning saying that machine is insfected please install systemdoctor another popup is the winantiviruspro website.I cannot enable IE's popup blocker, the enable popupblocker option does not stick.My Hijack log is as follows. Any help on this will be highly appreciated. Logfile of HijackThis v1.99.1Scan saved at 12:55:01 AM, on 10/11/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\IPSSVC.EXEC:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft�... Read more

Answer:Winantivirus, Systemdoctor, Countexitexchange, And Other Annoying Popups

Hi milind_shah and welcome to Bleeping Computer You got infections there....Please rename HijackThis.exe to Scanner.exeThen run a new scan and post a fresh HijackThis (Scanner.exe) log to here.Then we'll begin

1 more replies
Relevance 56.17%

Hi,I was recently infected with several malware, and I think I have all the major ones off thanks to reading information on these forums, but I'm still having a few hiccups when I use Internet Explorer. I get WinAntiVirus Pro popups all the time and I'm unable to do Windows or Microsoft Update. I've ran virus scans with Avast!, AVG, and Panda OnlineScan and I'm clean now. For spyware/adware I've run Ewido (now AVG Anti-Spyware), Ad-Aware, Spyware Blaster, and Spyware Bot. I get reports I'm clean, but then when I run another scan I'll always get one or two, but they seem to miss the ones that cause the popups. Here's my HJT log...Logfile of HijackThis v1.99.1Scan saved at 6:40:32 PM, on 11/4/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\... Read more

Answer:Winantivirus Pro Popups, Can't Do Windows/microsoft Update

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

8 more replies
Relevance 56.17%

Okay, so I keep getting these popups sometimes when I am surfing the internet. I also realised my computer's performance is starting to slow down, and shutting down takes quite some time too.I've just ran Vundo Fix and VirtumundoBegone, but none detected anything. My McAfee Spyware scan and AdAware (all updated definitions) had caught nothing either. I'll be really grateful if someone can tell me what's really going on! Logfile of HijackThis v1.99.1Scan saved at 6:03:30 PM, on 8/23/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\progra~1\mcafee\mcafee antispyware\massrv.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\fxssvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\slrundll.exeC:\PROGRA~1\COMMON~1\... Read more

Answer:Hijackthis Log Analysis - Errorsafe, Winantivirus Popups

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Your log doesn't show me much, so let's get a more detailed log.Please download ComboFix and save it to your desktop.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

24 more replies
Relevance 56.17%

Running: Windows XP
Virus Scan: Symantec Antivirus
Also equipped with: Ad Aware, which says I'm clean now.
Web browser of choice: Mozilla Firefox

Problem: I recently got hit by a bunch of different popups for phoney antivirus programs that keep insisting I install them. Something managed to worm its way into my computer. I ran my antivirus, cleaned out some junk, ran ad-aware, cleaned out more junk, then uninstalled firefox and reinstalled it after cleaning out its folder. Then I did a little looking around the web when popups persisted; I paid attention to the products they kept trying to push on me. One of them was Sysprotect, the other was Winantivirus. I found a solution to the sysprotect stuff on Symantec's site yesterday and cleaned its clock, but I noticed, peculiarly, that only a few of the files that Symantec mentioned existed--possibly because I never let sysprotect install, but that's just a theory. I've been running my computer all day, and finally, around 12:30-1:00 AM, I got hit with another set of Winantivirus popups while browsing through my music folder. I couldn't find a solid solution to Winantivirus just cruising around the 'net--at least, not one that exactly fit my unique situation of having removed--I THINK, at least--most of the components of the worm it was part of. They also described popups that I didn't get.

I need to get this junk off my computer, and I need to be sure I got everything. Please help!

Here'... Read more

Answer:Solved: Spyware problem; Winantivirus popups

9 more replies