Computer Support Forum

HELP!! virus/malware/adware keeps coming back!!

Question: HELP!! virus/malware/adware keeps coming back!!

Please help!!! I'm at a loss to keep vicious stuff off my computer after deleting it. Norton found W32.allim after my daughter clicked on Hey check this out! in AOL AIM. I think I got if off the computer because Norton doesn't find it anymore. However, I'm getting a dozen other things that I get off only to come back after restart such as Esyndicate, Aproposmedia, the stupid Hunt Bar constantly comes back, and upon restart, I get the message that C:/windows/system332/gmi4i9ir.exe is causing Runtime to terminate in an unusual way. I've run Microsoft Antispyware, Adaware, Xoftspy, Spybot Search & Destroy. It seems to be affecting my web browser--changing the URL home page and pop-ups are occurring. The following is my Hijackthis log file.

Logfile of HijackThis v1.99.1
Scan saved at 2:44:41 AM, on 5/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\msaccrt.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\windows\system32\uKZIWXP.exe
C:\windows\system32\ad1l2S.exe
C:\WINDOWS\system32\rdpepim1.exe
C:\WINDOWS\system32\rcpmsdrm.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Network ICE\BlackICE\blackice.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\uKZIWXP.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\Keith & Sandy\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\msaccrt.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.foxnews.com/"); (C:\Documents and Settings\Keith & Sandy\Application Data\Mozilla\Profiles\default\eqj5znis.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Keith & Sandy\Application Data\Mozilla\Profiles\default\eqj5znis.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [uKZIWXP.exe] c:\windows\system32\uKZIWXP.exe
O4 - HKLM\..\Run: [ad1l2S] C:\windows\system32\ad1l2S.exe
O4 - HKLM\..\Run: [gmi4i9ir] C:\WINDOWS\system32\gmi4i9ir.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [sFrT38U] rdpepim1.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [do03RUYnR] rcpmsdrm.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: BlackICE Agent.lnk = ?
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Relevance 100%
Preferred Solution: HELP!! virus/malware/adware keeps coming back!!

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: HELP!! virus/malware/adware keeps coming back!!

16 more replies
Relevance 80.36%

Hi,

I have an acer aspire 5670 running windows XP professional. I've had it for over 3 years now and never had 1 problem or one spyware...out of nowhere...its infected and I cant get it fixed. I have hijackthis, combofix, malwarebytes, spybot s&d, spywareblaser, superantispyware, atf cleaner, and antivir antivirus on my computer. Ive cleaned out the pc countless times, including deleting all cache and prefetch and temp data...ive cleared out all suspicious keys and paths in the registry. Also, there are multiple hidden objects on my computer (26 to be exact) that I cannot find, view or delete...but I did block them with the group policy editor. Everything I've done only seems to be a temporary fix.

There have been multiple issues with things such as antivirus pro 2007/2009, etc (other fake spyware programs). My google links or other search engine links are all redirected to other sites. After I clean the pc...it fixes the issue but only for a short while. Also, most of my processes in my task manager are UPPERCASE...after i clean the pc...again, they go back to lowercase but only for a short while. Ive deleted spyware with names such as svchast, and multiple other trojans. I'm pretty computer savvy and fix computers in my spare time....so I'm able to stop the issue, but it seems I cannot find the source of my problem and it just keeps coming back. I am going to include a log from hijackthis and anything you can do to help would be greatly appreciated... Read more

More replies
Relevance 80.36%

This VBS:Malware [Gen] virus keeps showing up on my pc and I don't know where it's coming from or even if it's getting deleted in the first place. Normally I delete it, but this time I chose to send it to the "chest". How do I keep this from coming back?

Logfile of HijackThis v1.99.1
Scan saved at 9:49:50 PM, on 2/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Tray Tools\atitray.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Program Files\No-IP\DUC20.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Fil... Read more

Answer:VBS:Malware [Gen] virus keeps showing up. How do I keep if from coming back. w/HT log

7 more replies
Relevance 79.54%

I know this problem has been posted before (EX: techguy.org/1032793), but I'm not seeing a sufficient answer for it as it pertains to me. So this is me posting on behalf of myself.

I did all the suggestions from BleepingComputer.com... it fixes the problem for a couple days, but then it comes back which makes me think it's not been completely removed properly in the first place. I do not use Limewire or Kazaa. I try to be responsible and only download things from reputable sources. I am not seeing a pattern in my behavior as it relates to this virus. I normally don't get viruses, and the handful of malware is usually taken care of by Spybot. I don't usually have these problems, let alone have one that can't be easily fixed.

Is this a virus or is it malware or both or what?
Where does it come from to begin with?
Why does it keep coming back?

Maybe if I understood it better I could prevent getting it again.
Please help, this one is driving me crazy!
____________________________________________

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista™ Home Premium, Service Pack 2, 64 bit
Processor: Intel(R) Core(TM)2 Duo CPU T9300 @ 2.50GHz, Intel64 Family 6 Model 23 Stepping 6
Processor Count: 2
RAM: 6141 Mb
Graphics Card: NVIDIA GeForce 8800M GTX
Hard Drives: C: Total - 464051 MB, Free - 213353 MB; D: Total - 10239 MB, Free - 1440 MB;
Motherboard: Dell Inc., 0KX412
Antivirus: avast! Antivirus, Updated ... Read more

More replies
Relevance 79.54%

I am a desktop tech at a municipality. I have 2 pc's out of 1200+ that are infected with the same virus/malware.

It disables regedit....takes away the 'manage' option when right clickin on my computer and restricts .cpl files causing add/remove programs to disappear. I can get all of these things back by going into gpedit.msc and reenabling regedit and then going into the registry and deleting the offending keys, but it comes back on the next reboot. Please help. I don't want to reimage these pc's if I don't have to.

Malwarebytes' Anti-Malware 1.39
Database version: 2435
Windows 5.1.2600 Service Pack 2

7/15/2009 2:50:39 PM
mbam-log-2009-07-15 (14-50-34).txt

Scan type: Quick Scan
Objects scanned: 104482
Time elapsed: 3 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl\1 (Malware.Trace) -> No action taken.

Re... Read more

Answer:malwarebytes finds malware/virus but it keeps coming back

Hello usualsuspect and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the... Read more

2 more replies
Relevance 78.72%

Can someone please take a look at my logfile and see if you see anything funky. I have run malwarebytes and spybot and cleared out things. but virus keeps coming back:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:04:31 PM, on 1/12/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\AOL\1252339344\ee\AOLSoftware.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Fi... Read more

More replies
Relevance 73.8%

It's not just Browsers now, Steam as well, it shows up the adware and every time i click something i opens a new tab with more adware.
 

More replies
Relevance 73.8%

I have tried spybot, Ad-aware, even the purchased version of pest patrol corporate edition. This computer of one of my employees at work continues to have some spyware on it I simply cannot remove
11 Each program finds things, but I keep getting zestysearch, and popups. I tried doing them in safe mode with Sys res off. I manually deleted a directory called 64 32 Joy, after I killed a process that had something like love dumb..... now It says there are 2 dlls I need to remove, but I can't delete them. Here is a Hijack this log. Thanks to anyone that can help!!

Logfile of HijackThis v1.97.7
Scan saved at 7:10:48 PM, on 6/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\nancy.CCRS.000\Local Settings\Temp\Temporary Directory 2 for... Read more

Answer:Adware keeps coming back!

13 more replies
Relevance 73.8%

I can't seem to get this adware to go away! Can you help?

Logfile of HijackThis v1.97.7
Scan saved at 3:22:23 PM, on 6/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Panasonic\Panasonic-DMS\MFP Utilities\MfpDtMng.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\NORTON~1\NORTON~3\QDCSFS.EXE
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://allaboutsea... Read more

More replies
Relevance 73.8%

I've been getting nonstop ads/pop-ups for almost a month now, I ran spybot and it picked up things like Advertising.com Avenue A, Inc. and some others, It fixed the problem temporarily but everytime I start my computer and run spybot the problems come right back up again.Here's my HJT log:Logfile of HijackThis v1.99.1Scan saved at 2:56:02 PM, on 6/3/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\Program Files\Musicmatch\Musicmat... Read more

Answer:Spy/adware keeps coming back.

Hello Travis_C and welcome to the BC forums. After reviewing your log I see no signs of viruses or malware at this time. The log is clean.

I do see that you have Limewire installed. This applicaiton is known to have malicious programs included in its installation. I would recommend removing the program and deleting the folder. That should take care of any trojan issues you are having.

Cheers.

OT

3 more replies
Relevance 73.8%

So I've been having this Adware for 2 weeks or so. I used every kind of program people recommended and yet it still comes back after a time. Creating shortcuts of Google Chrome and Mozilla Firefox on my computer. When I scanned with malwarebytes last night (And it was a whole pc scan even searched for rootkits took 2 hours to finish.) It showed 0 threats but when I woke up today there were 162 threats detected by Malware Bytes. I don't know I'm so frustrated about this but I don't want to reset my computer and lose all of my files and downloadings (since in my country I have a limited amount of data I can download and it would take me months to download them back.)
 

More replies
Relevance 73.8%

Hi...
 
Hope someone can help.  I have a Inspirion 910 mini that is super slow loading web pages in all browsers.  I usually use chrome and have seen things that it is waiting for on the lower left corner.  I googled some of them and found out they are adware tracking cookies.  One common one that shows up is g.doubleclick.net.
 
I ran several removers "super antimalware" "malwarebytes" ect. and they find them and remove them.  When I rescan after booting they are still gone.  However...as soon as I open a browser and start surfing they come back.  I can then rescan and find 30 to 115 at one point.
 
How do I get these to go away for good? 
 
Thanks..
 
Hartwa

Answer:Adware Keeps Coming Back

Hello hartwa

In Chrome check for and disable or remove any unwanted add-ons.
How to Disable Extensions in Google Chrome - How to Uninstall Extensions in Google Chrome

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
[list]Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
.
ADW Cleaner

Please download AdwCleaner by Xplode and save to your Desktop.Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.Click on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.After reviewing the log, click on the Clean button.Press OK when asked to close all programs and follow the onscreen prompts.Press OK again to allow AdwCleaner to restart the computer and complete the removal process.After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.Copy and paste the contents of that logfile in your next r... Read more

8 more replies
Relevance 72.98%

Dear forum,
 
I don't know how this started, but I've tried so many things to just get rid of these adware showing up in these scans but they just keep coming back. They all appear to be SQLITE. I have no idea what SQLITE is and a lot of the times web searches say these are harmless. I could just switch off the computer cleaning off 64 of them on one day, and switch them off and have 100 in a scan on another day.
 
What started it? I think it was that last time I was trying to stream a movie and clicked on some faux link instead. I think that's what started it. I think.
 
I tried blocking it on Blocksite, and AdBlock. So far AdBlock detects these better, and I've actually been looking at the scan logs and finding the website names in the Adblock "Open blockable items" feature and blocking them. But I only frequent some sites, and I can't find them other SQLITEs anywhere. So far I only have histats.com blocked on Adblock. ||s4.histats.com/stats/* <--- They kinda look like this in the Custom Filter tab.
 
So far, I noticed that it opens "disappearing pop-ups" where you just click on something or just somewhere on a browser page and a pop-up seems to come up for 0.5 seconds and disappear into the moonlight, but I know that was a pop-up and disappearing pop-ups are a thing.
 
I've attached FRST, Addition, and the SuperAntiSpyware logs here so you can see what's going on.
 
If you can help me in a way that in the future I can also help myself if si... Read more

Answer:Many adware (SQLITE) keeps coming back

The adwares keep increasing with every scan. Should I be worried or delete them first?

11 more replies
Relevance 72.98%

Trojan.winfixer AND adware.vundo keeps coming back on my computer. I've deleted so many files its not even funny. I ran safe mode, put all hidden folders to "unhidden" and ran SUPERAntiSpyware Professional, I deleted the vundo files and restarted my computer normally. BUT...SUPERAntiSpyware detected it AGAIN for some reason. I've also tried VundoFix, Symantec FixVundo, Ad-Aware 2007, The new Spybot Search and Destroy...
Everything is up-to-date...
I've been up since 4 am trying to fix this problem and I am really frustrated. Please Help!!!
I posted my HiJackThis Log below

Logfile of HijackThis v1.99.1
Scan saved at 5:35:27 PM, on 3/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.e... Read more

More replies
Relevance 72.98%

EDIT again: Added superantispyware log. EDIT: Added two of the malwarebyte logs. One being the orginal scan with a bunch of crap and the other being the most recent having only 2 items infected.I keep getting rid of it with Malwarebyte and Super Anti Spyware but it almost immediately comes back every time. Here's a hijackthis log. Also, most of the ads want me to download some sort of BS antivirus and stuff like that. edit: BTW I use windows XP service pack 2 and I use IE and FF interchangeably, and I seem to be getting more of the popups with IE.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:20:36 PM, on 12/22/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.17184)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Common Files\Sonic\Update Manager\sgtray.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exeC:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exeC:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\WINDOWS\system32... Read more

Answer:adware/trojans. Keeps coming back.

Sorry for the long wait.  We are VERY backed-up right now!  If you still require assistance, please post new logs and we'll see what we can do.

7 more replies
Relevance 72.98%

The adware wants to redirect to ourluckysites.com. It keeps creating files in windows 86 folder. Something to do with snarer.dll or kitty, whatever it is.
 

More replies
Relevance 72.98%

I am having a major issue here. For some odd reason, I keep getting back the Trojans, Hijackers, and other Malware/Adware.

My computer's speed has been some what affected, especially internet browsing. Which reminds me, my browser redirects me to some random site.

I've tried running so many things, MBAM, SUPERAntiSpyware, but somehow, the things keep coming back after being removed - I even tried doing the removal processes both one after another and simultaneously, as well as with my internet cable unplugged.

Any suggestions?

Here's another thing I found off, thought I'd share it...

These are from my "temp" folder....

-130 (TMP File) - Unknown file type icon
-hxgmeu - Unknown file type icon
-jar_cache8144

None of these files were there before, they just got thrown in there... And ever since the infection, my task manager and "temp" folder both show files with names such as:

-asam.exe
-daltvqntssd.exe

and other randomly generated names such as hxgjjkl92m11.exe or ht9llnm32yckm.exe. the number of characters is always changing - and they keep coming back after every virus scan.

Thanks guys.

More replies
Relevance 72.98%

hi, i'm new as i'm sure is obvious. i'm using spyware doctor from the google pack and it detects a high risk infection called Agent.Adware.Bn. I'll delete it but then it will come back after a few days. I am completely new to registry editing so here is the hijackthis scan. If there is anything I need to change please reply. Thanks in advance.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:34:54 PM, on 14/10/2007Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16546)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Windows\vVX6000.exeC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exeC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\Alwil Software\Avast4\ashDisp.exeC:\Program Files\Spyware Doctor\SDTrayApp.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\ehome\ehtray.exeC:\Program Files&... Read more

Answer:Agent.adware.bn, Keeps Coming Back Help!

dude empireNot much showing up in your logRun an online virus scan called Kaspersky from HERE.1. Click on "Kaspersky Online Scanner"2. A new smaller window will pop up. Press on "Accept". After reading the contents.3. Now Kaspersky will update the anti-virus database. Let it run.4. Click on "Next"->>"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.5. Then click on "My Computer". And the scan will start.6. Once finished, Select Save error report as Then in the file name just type in kasperskyUnder save as type Select text .txt Save it to your DesktopOpen the Kaspersky.txt file Copy and post the results of the Kaspersky Online scan==========Note: The Kaspersky online scanner is not yet fully compatible with IE7. You may get returned to a window without the Accept/Decline buttons after allowing the ActiveX control. The buttons are there - you just can't see them! Click on the zoom button (bottom, right of the window) and change it from 100% to 75%. You should now see the buttons. Reset to 100% once the license has been accepted.

1 more replies
Relevance 72.98%

A friend of mine who I THOUGHT knew about Adware and Spyware sent me a link. I clicked it, and now I'm infected (I have a link in my AIM profile, that's how I know I'm infected).

Here's where it get's to be a pain in the ***. I use Webroots Spysweeper (Adaware will NOT run on my computer for some stupid reason. I've installed and reinstalled it about half a dozen times, and it just will NOT run). When I run spyweeper, it takes care of everything, but when I restart my computer the f'ing link comes back to my AIM profile. Is there ANYTHING that I can do besides formatting? I just got everything on my computer patched and updated from a recent format, and I don't want to format it again. Please help!!

Answer:SpyWare/Adware Keeps coming back!

Have you tried uninstalling AIM (removing all AIM registry settings and AIM folders), getting rid of the worm with spyweeper and then rebooting? After you reboot, run it again and see if it's back. If not, re-install AIM and you should be good to go.

-Mike

9 more replies
Relevance 72.98%

I run Spysweeper at least 2-3 times per day. Right after running it, my computer does seem to get a little faster but within no time at all - it is back to being slow. Spysweeper continually finds things such as WebRebates, TwainTech, Winad, Vesbiz Downloader, BargainBuddy, etc., but most often it comes back showing WildMedia. Below is a copy of my hijack this log. Any help you could give me would be greatly appreciated.
Kelly
Logfile of HijackThis v1.98.2
Scan saved at 8:24:50 AM, on 10/7/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\lxamsp32.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\documents and settings\owner\local settings\temp\n1tKgyikn.exe
C:\WINDOWS\System32\uydtpjx.exe
C:\documents and settings\owner\local settings\temp\mS.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\navapsvc.e... Read more

Answer:adware keeps coming back - log attached

Download and save these freeware/donationware programs to a permanent folder. Remember to check for updates and run them weekly.
***NOTE***A new version of Ad-aware has been released.
***ALSO***A new version of SpyBot's been released (v1.3...it's no longer in beta). If you have been using 1.2 you can install right over it. If you downloaded and used 1.3 beta it is suggested you remove it and reboot prior to installing.
Ad-aware SE download

Configure Ad-aware
First in the main window look in the bottom right corner and click on "Check for updates now." then click Connect and download the latest reference files.

From the main window, click Start then under "Select a scan Mode " select "Perform full system scan.

Next deselect "Search for negligible risk entries.

Click the "Next" button.

When the scan is finished mark everything for removal and get delete the selections. (Right-click within the window and choose "Select All" from the drop down menu and click Next)

Restart your computer.
SpyBot Search and Destroy download

Open SpyBot.

Click the button to "Search for Updates" Download and install the Updates.

Next click "Check for Problems".

Put a check mark beside the red entries.

Choose "Fix Selected Problems" and allow Spybot to fix the red entries.

I also highly recommend you install and update SpywareBlaster Click the link below, in my signature, to read a tu... Read more

1 more replies
Relevance 72.98%

Hi,
Recently I've found this virus Purityscan popping up ads through IE. Symantec has detected and fixed it, but after a reboot, the virus just comes back and gets detected again. Also, the process msdtc.exe keeps taking 90%+ of CPU; I'm wondering if this process has anything to do with the Purityscan or not and how to fix this. Please help, Thanks in advance.
Following is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:44 PM, on 6/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\COMMON~1\TSKS~1\regedit.exe
C:\Program Files... Read more

Answer:Adware.Purityscan keeps coming back

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

We'll begin with ComboFix. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/comb...o-use-combofix

**Note: It is important that ComboFix is saved directly to your desktop**

Please ensure you read this guide carefully and install the Recovery Console. This will help us restore your system in the event of a serious crash. It's very simple to complete and will only take a few moments. A quick guide is detailed below.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
See here for a guide to... Read more

6 more replies
Relevance 72.98%

The adware wants to redirect to ourluckysites.com. After a bunch of effort to purge it, it no longer seems to do changes to my browser, but it still install itself to my laptop everytime i try to remove it. The interval between the adware reinstalling itself seemed random. I usually use roguekiller to remove the adware everytime it comes back. It usually install files named ckafege_ and MIO to program files(x86) and an application named kitty though i'm not sure where it's located. It also used to say something like "snarer.dll cannot be found everytime" it crashes google chrome, though it no longer did that and i don't know why it doesn't show that anymore. Please bare with me here as i'm not an expert on computer and i'm new in this forum. thanks for your help.
 

More replies
Relevance 72.98%

# AdwCleaner v6.046 - Logfile created 03/05/2017 at 21:16:07
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-05-03.1 [Local]
# Operating System : Windows 10 Home (X64)
# Username : Vartotojas - ASUS
# Running from : C:\Users\Vartotojas\Downloads\adwcleaner_6.046.exe
# Mode: Scan
# Support : Customer Support & Help Center

***** [ Services ] *****

No malicious services found.
***** [ Folders ] *****

No malicious folders found.
***** [ Files ] *****

No malicious files found.
***** [ DLL ] *****

No malicious DLLs found.
***** [ WMI ] *****

No malicious keys found.
***** [ Shortcuts ] *****

No infected shortcut found.
***** [ Scheduled Tasks ] *****

No malicious task found.
***** [ Registry ] *****

Key Found: HKLM\SOFTWARE\ScreenShot
Key Found: [x64] HKLM\SOFTWARE\InterSect Alliance
Value Found: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found: [C:\Users\Vartotojas\AppData\Local\Google\Chrome\User Data\Default\Web data] - 9initialpage123
Chrome pref Found: [C:\Users\Vartotojas\AppData\Local\Google\Chrome\User Data\Default\Web data] - 36initialpage123
Chrome pref Found: [C:\Users\Vartotojas\AppData\Local\Google\Chrome\User Data\Default\Web data] - 23initialpage123
Chrome pref Found: [C:\Users\Vartotojas\AppData\Local\Google\Chrome\User Data\Default\Web data] - 91initialpage123
Chrome pref Found: [C:\Users\Vartotojas\AppData\Lo... Read more

Answer:I can't delete Adware, it keeps coming back!

Edit: I added FRST and Addition files
 

1 more replies
Relevance 72.16%

Hi, so here is my problem: This virus (I guess its adware? not completely sure) keeps coming back. It hijacks my proxy settings and when I browse the web ads popup in different browsers.
 
I have looked up countless forum posts on here, have followed other directions (run adwcleaner, junkware removal, minitoolbox, malwarebytes, etc, etc).
I run them, they get rid of the virus, and everything goes smoothly from there on out. Heres the thing: 2-5 days later, it comes back out of nowhere! (and its the same virus)
 
From my observations the obvious virus/adware that keeps coming back is:
"Jelbruss secure web"
and "PrivoxyService"
 
I delete them with the antivirus' listed above, and then re-scan and they say everything is great. Then, like I said before, 2-5 days later they come back.
 
Any help would be appreciated, thank you 

Answer:Adware keeps coming back even after complete removal

Hello twiggle and Welcome to the BleepingComputer.
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.
Before we move on, please read the following points carefully.
Please complete all steps in the specified order.
Even if tools don't find malware, I want you to post the logfiles anyway.
Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
Don't install or uninstall software during the cleanup unless you are told to do so.
If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
Please reply to this thread. Do not start a new topic
As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
Please open as administrator  the computer. How is open as administrator  the computer?
Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do ... Read more

5 more replies
Relevance 72.16%

Hello,

First my superaitispyware found this (please see the following):
Generated 07/15/2009 at 10:09 PM
Adware.MyWay
HKU\S-1-5-21-2104054462-3242262833-941974269-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}
HKU\S-1-5-21-2104054462-3242262833-941974269-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
Then superantispyware found all these one after another, I kept on doing scan and delete, and they just kept on coming back (please see below):
Generated 07/17/2009 at 00:21 AM
Adware.Tracking Cookie
C:\Documents and Settings\Others\Cookies\[email protected][1].txt
Generated 07/18/2009 at 10:09 PM
Adware.Tracking Cookie
C:\Documents and Settings\Others\Cookies\[email protected][2].txt
C:\Documents and Settings\Others\Cookies\[email protected][2].txt
Generated 07/19/2009 at 12:09 PM
Adware.Tracking Cookie
C:\Documents and Settings\Others\Cookies\[email protected][2].txt
C:\Documents and Settings\Others\Cookies\[email protected][2].txt

Please help,
Thanks,
Tom

Answer:Adware.Tracking Cookie, keep on coming back, please help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:26 PM, on 7/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\IcbcDaemon.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\reliz\akeys.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pr... Read more

2 more replies
Relevance 72.16%

Win 7 Home 64bit
WD primary drive C: D: E: F:
Maxtor second drive G:
WD10EZEX new drive installed, but not formatted, and no drive letter
 
I am installing a new larger hard drive in my desktop to be my primary drive. In order to clone the drive I started to download the free Macrium Reflect, but didn't like all the stuff it wanted to add, and the things it wanted me to agree to, so I did not continue with the process. But, there is a Macrium folder on my C: drive.
 
Next, already having EaseUS on my machine, I decided to download the newer free version of Partition Master and Todo Backup. This I did.
 
Now I have Wander Burst adware on my computer and can't get rid of it. Adwcleaner will find it, and I tell it to delete it, but it comes back when I restart my computer. I disable it in FireFox Extensions, but it is enabled again upon restart. Adwcleaner doesn't find much, but I don't let it delete everything it finds because I'm not sure what some of it is.
 
I've also run Microsoft Malicious Software Tool and scaned with Bitdeferder. Bitdefender has twice found and quarantined Gen:Variant.Adware.Graftor.205480 in what must be a hidden folder ProgramData.
 
I may now have other junk on my computer. I'm not sure.
 
Often, but not every time, when I restart the computer, Bitdefernder says it is disinfecting.
 
Thanks,
Harry
 

 Addition.txt   44.88KB
  6 downloads

 FRST.txt   260.01KB
  6... Read more

Answer:Have Wander Burst adware and it keeps coming back.

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Program Files (x86)\Common Files\fccb0821-00ee-466c-acb5-2a5cec258511\updater.exe
() C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\PluginContainer.exe
URLSearchHook: HKU\S-1-5-21-4197695769-2084072578-523761739-1001 - (No Name) - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - No File
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2013-08-02] (Coupons, Inc.)
FF Extension: Block site - C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\2y67u4nl.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-05-30]
FF Extension: Wander Burst - C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\2y67u4nl.default\Extensions\{5eeca95e-41fc-41a2-83b1-b1156bc20be4}.xpi [2015-07-31]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx
R2 Service Mgr Wa... Read more

5 more replies
Relevance 72.16%

A week or so ago, I got a Chrome Adware extension. This seems to have come from some torrent which my dad accidentally clicked (I am not totally sure). The only signs of the infection is that a Chrome Adware extension keeps coming back and it populates ads over every website I visit.

Currently, if I remove the extension, the ads are temporarily gone. However, if I restart the PC and open up Chrome again, the extension comes back. The extension keeps appearing under different names including "PoriceMenus", "TheAdblock" and "Block the Ads". Here is a screenshot of the extension: http://i.imgur.com/ZbaT4wj.png

Tried scanning with Malwarebytes and Kaspersky. Kaspersky found some adware and removed it. Malwarebytes seemed to find a whole lot of stuff (30 or so threats) and remove it all, but the problem still keeps coming back.

Please help! I was planning to do a whole reinstall of the OS before I found this forum.
 

Answer:Chrome Adware Extension Keeps Coming Back

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not be able to help you if you do not follow my instructions.


Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled befor... Read more

1 more replies
Relevance 72.16%

Hi,
I had my laptop tested by Bleeping Computer a few weeks ago. No threats were found at that time. The laptop still becomes very slow with time. I keep cleaning it using SUPERAntiSpyware every few days and I see a number of adware. After these are removed, the laptop is faster again. I think some hidden adware roots are still in the laptop. I wish you could help me one more time.

Below is the latest scan result:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/26/2012 at 11:49 AM

Application Version : 5.5.1012

Core Rules Database Version : 8912
Trace Rules Database Version: 6724

Scan type : Complete Scan
Total Scan Time : 00:21:44

Operating System Information
Windows 7 Professional 32-bit (Build 6.01.7600)
UAC On - Limited User

Memory items scanned : 785
Memory threats detected : 0
Registry items scanned : 35769
Registry threats detected : 0
File items scanned : 8408
File threats detected : 17

Adware.Tracking Cookie
C:\USERS\MKAKBAR\AppData\Roaming\Microsoft\Windows\Cookies\Low\5ZLHUIPX.txt [ Cookie:[email protected]/ ]
C:\USERS\MKAKBAR\AppData\Roaming\Microsoft\Windows\Cookies\Low\0IUOMUXD.txt [ Cookie:[email protected]/ ]
C:\USERS\MKAKBAR\AppData\Roaming\Microsoft\Windows\Cookies\Low\IOBJ2KD7.txt [ Cookie:[email protected]/ ]
C:\USERS\MKAKBAR\AppData\... Read more

Answer:Adware keeps coming back in laptop despite cleaning

Hello makbarThese are CookiesHere part of our quitman7's post on this.See the rest at post 5 here [email protected]@KCookies are text string messages given to a Web browser by a Web server. Whenever you visit a web page or navigate different pages with your browser, the web site generates a unique ID number which your browser stores in a text (cookie) file that is sent back to the server each time the browser requests a page from that server. Cookies allow third-party providers such as ad serving networks, spyware or adware providers to track personal information. The main purpose of cookies is to identify users and prepare customized Web pages for them.

6 more replies
Relevance 72.16%

A few days ago, I have opened up my browser and entered a site, clicked randomly on the page, it redirects me to some adds, "register to some game online", "you are a winner of 1 milion$", stuff like that. I tried removing with a bunch of antimalware software and it keeps coming up, I've run ADW Cleaner and it finds "HKCU/Software/Conduit" as a tracing key, I've deleted it, rescan the system after restart, it says it's not there anymore but after I enter on a random site it appears again.
Please help.
 
Here's the Farbar Recovery Scan Tool logs:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-12-2015
Ran by Sergiu (administrator) on SERGIU-PC (28-12-2015 13:10:25)
Running from C:\Users\Sergiu\Desktop
Loaded Profiles: Sergiu (Available Profiles: Sergiu)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(ESET) C:\Program Files... Read more

Answer:Infected with adware, tracing key keeps coming back

Can't anyone help? Maybe point me in the right direction. I've runned Hitman Pro and it founded this:
HitmanPro 3.7.12.253
www.hitmanpro.com
 
   Computer name . . . . : SERGIU-PC
   Windows . . . . . . . : 10.0.0.10586.X64/2
   User name . . . . . . : SERGIU-PC\Sergiu
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (26 days left)
 
   Scan date . . . . . . : 2015-12-29 14:12:17
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 12m 32s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 82
 
   Objects scanned . . . : 2.782.958
   Files scanned . . . . : 185.558
   Remnants scanned  . . : 1.037.389 files / 1.560.011 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\Sergiu\Desktop\FRST64.exe
      Size . . . . . . . : 2.370.560 bytes
      Age  . . . . . . . : 1.0 days (2015-12-28 13:09:47)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 302FE238A077E891B39A3DA34C25E74AA2716B5272CDA2955386041D0A540132
      N... Read more

8 more replies
Relevance 72.16%

My Google Chrome has an adware extension that keeps repopulating everytime I close out and open it back up. The extension (called "BeistSaveForYou) makes an ad window pop up everytime i click something on my browser window. Im having to go to my Extensions in google Chrome and "remove" it everytime i open my browser before i do anything else in order to be able to use my browser without ad windows popping up. The extension repopulates everytime i open the Google Chrome browser.
 

Answer:GOOGLE CHROME ADWARE KEEPS COMING BACK

Hello, missing Additional.txt report.
 

8 more replies
Relevance 71.34%

Hi there, I have had a problem with my internet connection for as long as i can remember. Basically, whilst using the internet for games and browsing, the little Monitor (bottom right) goes black and the connection is lost or refreshes. The connection takes about 30 seconds to return back to normal. This seems to happen regularly at times and not at all at other times (no loss of connection). it seems to possible happen when more that 2 computers are using the internet and or running azeurus.The adware problem only started recently, i run adaware se and spybot which removes it but it bery quickly comes back. Basically when i click on a link it takes about 7 seconds and gets re-routed to a crappy site, changes every time.I hope that someone can help me out.I have a Bullfrog AirStation WYR-G54 router and virgin media broadband.Many Thanks CorpusluteumLogfile of HijackThis v1.99.1Scan saved at 21:49:40, on 30/08/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32�... Read more

Answer:Keep Losing My Internet Connection + Adware Keeps Coming Back

Hello,You're dealing with several different types of malware, so perform next steps in the right order...* Please download FixwareOut from the following site:http://download.bleepingcomputer.com/lonny/Fixwareout.exeSave it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log.Then we'll do the rest...

8 more replies
Relevance 71.34%

hey their, im posting from my friends computer, as the log will be of his computer. Adaware always finds problems, so he deletes them, but they keep coming back. could you guys analyse this log? :)

Logfile of HijackThis v1.99.1
Scan saved at 7:50:55 PM, on 8/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\AlienAutopsy\TEKS_Service.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\... Read more

Answer:hijackthis log, adware always finds problems, but they keep coming back

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.
* * * * * *
Then download & Install - http://downloads.subratam.org/Fixwareout.exe

When you reach the final page of the installation process, make sure "Run fixit" is checked.
Follow the on-screen prompts & reboot your computer when instructed to do so.

**Do not be alarmed if your computer takes longer than usual to load.

FixWareOut will produce a logfile, report.txt located within the C:\fixwareout folder
* * * * * *
After running FixwareOut & rebooting ...

Download & install CleanUp.exe (not recommended for WinXP64) http://www.greyknight17.com/spy/CleanUp4.0.exe

Download Ewido Anti-Malware - http://www.ewido.net/en/download/Install Ewido Anti-Malware
Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the m... Read more

3 more replies
Relevance 71.34%

adware.vundo keeps coming back + windows keep shuting down
not a clue can someone help please i think removed adware.vundo
but still windows keep shuting down

here is my hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:20:16, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\X3watch\x3watch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\alg.exe
C:\W... Read more

Answer:adware.vundo keeps coming back + windows keep shuting down

Hi Welcome to TSG!!
Please visit this webpage for instructions for downloading and running ComboFix.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
 

1 more replies
Relevance 71.34%

For a couple of months now, every time I run Panda Security Scan, I get a message about an infected file in my C: drive (C:/Documents and Settings/USER/Local Settings/temp/blank.gif). I delete it, clear my Recycle Bin, turn off system restore, then turn it back on, but the file keeps on coming back - sometimes within a few minutes, sometimes after a few hours!!!! Malwarebytes doesn't ever detect anything. TrendMicro doesn't either.

Also, when I run the free Panda Security Active Scan 2.0 online, it tells me that the infected file is known as adware/exact.searchbar, so the program then disinfects it. But that keeps on coming back too! I can't find any folder with that name in my hard drive or in the Add/Remove Programs list in my Control Panel. I don't get redirected to different websites because of this malware...although occasionally I experience a slow Internet connection with both IE and Firefox...

I just want to get rid of this thing once and for all! Thank you to whomever can fix this!!!!!!!!!!!!!!

I have Windows XP. Here's my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:58:52 PM, on 3/16/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program File... Read more

More replies
Relevance 71.34%

Hi,

My friend has this computer which was clearly infected with viruses and I know a little about security so I started cleaning it.
Very soon I realized I can't this alone so I asked an IT guy for help. He suggested I run ComboFix which I did.
It cleaned up some things but not everything.
I have tried other tools and it seems like each tools is discovering new things but the root cause still remains. The trojans keep coming

At this point, the machine works fine if it is not connected to internet but starts downloading stuff as soon as I connect it

Also, the following have been run already
ComboFix
MBAM
Microsoft Security Essentials
Norton Scan
Norton Power Eraser
Spybot Search and Destroy

And I am attaching the HiJackThis Log. Any help would be greatly appreciated.
The machine is in a state of Blue Screen right after I did a restart after installing HiJackThis.
And it is not performing a System Restore (which I know will remove the HiJackThis install) but not sure what else will happen.

Answer:Tons of Trojans, Adware, cleaned but keeps coming back

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/459143 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

44 more replies
Relevance 70.52%

Hi, Iam having lots of trouble. Something is constantly adding BHOs, I disable them with BHODemon but more appear. I was having windows opening trying to get me to download winantivurus pro but this seems to have stopped for the time being. Adaware crashes so does spy sweeper. When I run spy sweeper in safe mode it finds virtumonde, I remove it but it comes back by the next scan.

I've run vundofix, this may have helped but my pc is still slow and AVG still keeps displaying that it is finding trojans such as Downloader.Generic4ZQI.

Panda activescan also found trojan Trj/Downloader.OZB.

Iam having trouble getting dss to work cos my cpu keeps going up to 100% usage and stalling for ages.

Here is my log not sure if I'll be able to get the extra bit from dss. Thanks for help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:26, on 05/10/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Webroot\Spy Sweeper\Sp... Read more

Answer:PC slow, BHOs added, trojans and adware keeps coming back

Please disable BHODemon before proceeding with this next step.

Then, download ComboFix
Save it to the Desktop

Double-click combofix.exe to run the program
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to stall.)

When finished, a log, ComboFix.txt, is produced.

~~~~
Run HijackThis once again to obtain a new log.

~~~~
Please post the ComboFix.txt, and a new HijackThis log in your reply.

6 more replies
Relevance 70.52%

last night I encountered some popup problems, (I use firefox now) on my xp computer..so I ran both mbam and suprerantispyware.. both coming up with vundo files, and trojans, after deleting and rebooting twice, it seemed like everything was alright. until I opend up the computer this morning... and I did a rescan of everything and it seems like it keeps coming back and returning upon restart. although there are no more popus like their were last night. any help?! please! I hear vundo is hard to delete. I'd appreciate any quick responses on how to remove completely.thanks!!! here is the last mbam full scan from last night:Malwarebytes' Anti-Malware 1.31Database version: 1607Windows 5.1.2600 Service Pack 21/4/2009 1:15:34 AMmbam-log-2009-01-04 (01-15-34).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 196740Time elapsed: 1 hour(s), 0 minute(s), 12 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 3Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 5Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b4ea9b44-78f3-4bcf-b55d-51cdfc05fed7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{b4ea9b44-78f3-4bcf-b55d-51c... Read more

Answer:vundo, trojans, adware, rogue installers. keeps coming back.. please help!

Hello belezaj16.What antimalware programs are installed on this computer, please? Do you have an antivirus, or other program that provides realtime protection?I suspect you are being reinfected because you lack these.With Regards,The Panda

22 more replies
Relevance 70.52%

I accidentally posted this in "am I infected, what do I do".. but am new to this.. so I posted this one here.last night I encountered some popup problems, (I use firefox now) on my xp computer..so I ran both mbam and suprerantispyware.. both coming up with vundo files, and trojans, after deleting and rebooting twice, it seemed like everything was alright. until I opend up the computer this morning... and I did a rescan of everything and it seems like it keeps coming back and returning upon restart.although there are no more popus like their were last night.any help?! please! I hear vundo is hard to delete. I'd appreciate any quick responses on how to remove completely.thanks!!!here is the last mbam full scan from last night:Malwarebytes' Anti-Malware 1.31Database version: 1607Windows 5.1.2600 Service Pack 21/4/2009 1:15:34 AMmbam-log-2009-01-04 (01-15-34).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 196740Time elapsed: 1 hour(s), 0 minute(s), 12 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 3Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 5Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b4ea9b44-78f3-4bcf-b55d-51cdfc05fed7} (Trojan.Vundo.... Read more

Answer:vundo, trojans, adware, rogue installers. keeps coming back.. please help!

Hello.I have replied to your topic in the Am I Infected Forum here. Please continue the discussions in the topic above. If we are unable to resolve your problem there, you will be asked to post in this forum.This topic is now closed.With Regards,The Panda

1 more replies
Relevance 67.24%

Help! I use Security Task Manager and every time I connect on the internet, a fake 'svchost.exe' is being downloaded in "C:\WINDOWS\security." There are also a "kakijigu.dll" and "makezimu.dll" that appear in Security Task Manager. I use Avast and Malwarebytes but since I got this problem, I cannot update Avast, even by downloading the update through "avast.com" and Malwarebytes virus database is being deleted after I detect and remove some virus.

Another problem is that when I switch my modem on(I use a modem for wireless connection) and the fake "svchost.exe" is running, I get and error message on the "svchost.exe" and I cannot connect to the internet, I cannot open any program and the theme changes to Windows Classic.

Here is my DDS log:
DDS (Version 1.1.0) - NTFSx86
Run by Administrator at 10:21:45.17 on Mon 01/05/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.536 [GMT 4:00]

AV: avast! antivirus 4.8.1229 [VPS 080723-1] *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Sof... Read more

Answer:Malware coming back

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1Link 2Link 3Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall

98 more replies
Relevance 67.24%

 Hi all, my main computer has been infected with the ICE Malware twice now and I don't know what I can do to fix it at this point.
  I have done system restores, I have used malware and Kickstart pro and a couple of other programs and it still comes back.
 Any fix I make only lasts about 24 hours or so.
 I know the problem is with my Windows Registry. A window will pop up asking me if I want to allow the program to make changes to my computer via the registry and clicking no only brings up the window again and again until I click yes. 
Shortly after that, the ICE malware has shown up both time.
 At this point, I am thinking the only thing to do is do a system reformat but I've been told even that might not work.
At least I have everything I really care about backed up on external hard drives (learned my lesson from Cryptowall) but I would really like the stupid thing off my computer for good.
  Any help I can get will be greatly appreciated, as I am at my wit's end.

Answer:Ice Malware keeps coming back

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/555446 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 67.24%

I was infected with some Malware, I thought I had gotten rid of it, but It came back and this time it doesn't go away, What should I do? How do I post a Hijack this Log?
 

Answer:Malware Keeps coming back

* Click here to download HJTsetup.exe.
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

1 more replies
Relevance 67.24%

A couple of weeks ago when I started my computer (Windows XP Pro) a popup appeared, without me going on the internet. In the title bar it said http:// morze . cafreedom . com, and the popup was saying I might have spyware and to click a link to begin scanning - as if I'd click it!Anyway I ran Ad-Aware and it found a few items, but the one that stood out was VX2 and was categorised as MalWare. It couldn't delete the file vgz.dll, so I had to delete it via the command prompt. Doing this closed all Explorer and Internet Explorer windows, which presumably is because it was running/using Explorer. It actually restarted explorer completely, so everything disappeared for a moment.Having got rid of it, I had no problems... until the next time. It keeps coming back, sometimes when I'm logged on, other times when I've restarted... I can't see when it's coming back - just seems random.I haven't been on any dodgy sites, so I can only assume that there's another file other than vgz.dll still on my hard disk somewhere that Ad-Aware, Spybot and AVG won't detect.Any ideas?Thanks in advance,Gary

Answer:VX2 MalWare Keeps Coming Back!!!

You can try this add-on from ad-awareclick here

10 more replies
Relevance 67.24%

I made the mistake of installing a program from an unknown source and now my computer has malware. Malware Bytes scanner keeps removing them, but they keep coming back. I think it was wooden seal and smeazymo.
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-02-2016
Ran by Mohamad (administrator) on MOHAMAD-PC (25-02-2016 19:11:42)
Running from D:\Downloads
Loaded Profiles: Mohamad (Available Profiles: Mohamad)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(Scarlet.Crush Productions) C:\ScpServer\ScpService.exe
(Microsoft Corporation) C:... Read more

Answer:Malware keeps coming back.

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Your FRST log is clean.Please paste the Addition.txt file created by the Farbar tool.I will review it.

6 more replies
Relevance 67.24%

Recently my computer was infected with something that changed the time to *:** VIRUS ALERT!, disabled display options, disabled taskmanager, and disabled regedit among other things. It also installed a toolbar called fqbewlna(which is still there). I scanned the computer in safe mode with Malwarebytes anti-malware and it detected about 73 items and removed them. I rebooted in normal mode scanned with norton antivirus and malware bytes and found nothing. Everytime i reboot now, i get the VIRUS ALERT and everything disabled. I have to scan without malwarebytes (i now only get about 23 results) and reboot; this gets rid of it until the NEXT time i reboot.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:50:48 PM, on 9/14/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\agrsmsvc.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Hotspot Shield\bin\openvpnas.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:�... Read more

Answer:Malware Keeps Coming Back

bump

3 more replies
Relevance 67.24%

Despite regular PC anti-virus scans, Avast, and online scanners like ESET and scans from Malwarebytes, which usually returns little, the one that captures malware best for me is Spybot.

But it seems I keep removing same malware like Fastclick etc.

Any other scans available?

I've posted Hijackthis scans many times in past, but stopped as I recently get no responses.

This forum must be really busy now.
 

More replies
Relevance 67.24%

I have already been through the "Am I Infected" forum and I am sure that I am but I don't know how or with what. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/305217/security-breach/ ~ OB We have run MBAM and GMER and removed some infections and the next day when I ran my Spyware Doctor, I was reinfected with two new infections. Already identified them as keyloggers and one was some type of autodialer. Anyway, I was told to run a DDS and post it here. Time for an operation, I guess. LOL I am hoping to learn something from the process. I have already learned a lot just reading and researching on my own before I broke down and came to bleepingcomputer for help. I know when something is over my head and whatever this is.....is it! Thank you so kindly for the help! Here is the DDS. I did run a GMER last night but for some reason, my system had crashed when I returned the computer so I did not have the results. If you would like for me to run another one, please advise and I will do it ASAP. DDS (Ver_10-03-17.01) - NTFSx86 Run by Compaq_Owner at 0:48:56.29 on Sun 04/04/2010Internet Explorer: 7.0.5730.11Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.191 [GMT -4:00]AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.ex... Read more

Answer:Malware keeps coming back.

Hello and and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have sinceresolved your issues I would appreciate if you would let me no so I can close this topic.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.%SYSTEMDRIVE%\*.exe/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.sys/md5stopCREATERESTOREPOINTPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedThanks

42 more replies
Relevance 67.24%

I have some sort of malware or virus on my computer. My computer is:
Dell Mini XP Home Edition Version 2002, Service Pack 3, CPU 1.60 GHz, 0.99 GB Ram
I connect to the internet wirelessly.

I have run Avast! scans which found and removed several items. I have used Ad-Aware to remove some items. I have also used CCleaner that removed items. However, the main problem keeps re-occuring. Several times it appeared to be gone, but always came back within one day. It does not appear to matter which websites I visit.

The main symptom:
Websites that I normally go to take more time to do anything, and then a big browser screen with some ad pops up full screen in front. This happens in both IE7 and Firefox. These are sites I am accustomed to go to and have visited daily for months and am fairly aware of their performance on this machine. Some of these sites do not work at all, until I kill some other process. However, there is really nothing extra that is normally running, so I end up killing the Avast! On-Access scanner.
Also when I try to install Malwarebytes, the main mbam.exe is never present, so I can not run this. I am not sure if the malware is preventing normal install of this program.

In the system startup items there is always something like (from CCleaner):
Program:tipejabov
File: Rundll32.exe "c:\windows\system32\biluguki.dll",a
the name of the file varies. It was nonomasu.dll yesterday. it was wituloru.dll the day before.
I susp... Read more

Answer:Malware keeps coming back

Hello these are Vundo (malware)files. Since the malware is affecting your ability to scan let's do it this way.Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.2. Restart your computer (very important).3. Download and run this utility. Mbam clean4. It will ask to restart your computer (please allow it to).5. Due to the reboot,you need to run RKill again.6. After the computer restarts, install the latest version from here. http://www.malwarebytes.org/mbam-download.phpNote: You will need to reactivate the program using the license you were sent.Note: If using Free version, ignore the part about putting in your license key and activating.Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.Restart the computer again and verify that MBAM is in the task tray and run a Quick Scan and post that log.Rerun... Read more

20 more replies
Relevance 67.24%

Hi, I've had this problem for about a week now. Something seems to have gotten onto my computer. The main thing I notice is there is a program called brastk.exe that gets autorun on startup. There are also a number of startup entries in msconfig that reactivate even if I disable them. They are:
"rundll32" which runs a dll called drkly16j.dll
"dumprep 0 -u"
"brastk.exe"

If I delete brastk.exe or drkly16j.dll they just get recreated on the next boot. It appears that something besides a program is running at startup, possibly a service or a program running on shutdown. There is also something redirecting my google searches, and when I plug in my flash drive an autorun file gets created along with a file called system.exe.

EDIT: uh-oh, I just tried to run HJT and Spybot and neither will start! No error messages, just double clicking on the program and nothing happens.

Answer:Malware keeps coming back

Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.Make sure that e... Read more

8 more replies
Relevance 67.24%

It started with the AntiVirus 2009 pop-in the new firefox tab. So, I installed Malwarebytes and ran the test. It found a bunch of stuff, deleted it, but it all comes back within a day. If I run Malwarebytes again, it finds it, deletes it, but it keeps coming back.

I installed and ran SDFix, but upon reboot it hangs on the finishing. Also, now I get rundll errors upon startup due to this.

Please help! Thanks in advance for any help anyone can provide! Here is my Hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:38:28 PM, on 11/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common File... Read more

More replies
Relevance 67.24%

SuperAntispyware keeps detects

Roque.Internet.Antivirus
Browser.Hijacker.MJcore
Roque.Antivirus2009
browser.hijacker.webtools
browser.hijacker.skra
trojanxp security center
adware media-codec/zlob

ANy ideas?
 

Answer:Malware keeps coming back?

Heres the log from smitfradfix which i was told to attach before proceding.
 

2 more replies
Relevance 67.24%

Hey, so i've gotten this malware and i know what program caused it but i deleted it and have no clue now, sorry :/ But the main issue is, as i said i cleaned it with Adwcleaner and it finds it and removes it (I'm certain that's it but when i restart chrome it "re-installs" itself. Also I've used FRST but i don't know how useful it will be as i'm puzzled whether it worked or not Now enough from the cryptic talk.

it's under
C:\Users\my user\Appdata\local\google\chrome\user data\default\secure preferences
inside the file (opened with notepad++)
this is the culprit:
plnkhmnoajbfccclonaeepohggeolcih (more details in uploaded logs)
Also, over time due to the popups it also installs some random tinytask thing + uk.ask.com or whatever search provider (also in logs)
Now, as i mentioned above i've checked installed programs and services and found nothing out of the place. I have no clue how the hell should i go about fixing this as its a nasty malware that doesnt wanna get removed. The only sites i found relating to this issue are spanish and the forums even with translate didnt help much so i'm here to ask for some help! Thanks for anything in advance
 

Answer:Malware keeps coming back

Hello,

Your FRST report is empty and you are missing Addition.txt report.
 

9 more replies
Relevance 67.24%

Ok, so I scanned my computer with Avast and had some Trojan?s and avast got a lot of them out, although my Firefox Process runs at 100% after about 2 minutes of using the app. So I assume I have some sort of a virus, I scanned my comp with Malwarebytes and it found some and deleted then but other malware viruses keeps coming back. I also did spybot S&D it found cookies, online Bitdefender found IRC-Worm and some other generic Trj's it deleted them, it seems avast did not detect some that Betdefender did, RemoverIT Pro v4 detected lots and could not remove some(list is below), I have Vista 64bit so : RootRepeal screend didn't work. I did what the instructions told me to do and this is where I?m at. What I do most of the time when I have a virus that does not want to go away is I try safe mood scans or boot time scans, i do not have avast pro anymore so i can't do a boo time scan. Safe mood scan detected some of the following below
Avast
Sign of "JS:Downloader-FT [Trj]
Sign of "Win32:Malware-gen
Sign of "HTML:Framer-inf [Trj]
Sign of "Win32:VB-LLP [Trj]
Sign of "Win32:VB-LLP [Trj]
Sign of "JS:FakeAV-AX [Trj]"
Sign of "HTML:IFrame-CJ [Trj]"

These where sign's of the trj or malware, it seems to keep coming back so i can't find the main file infecting my pc. Also these things have got into my windows files.

Usually what i would do at this point would be to back up and reinstall windows, although i have an extra TB hard driv... Read more

Answer:malware and Trj's keep coming back

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.

First Location
Second Location
Third Location

Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this repor... Read more

7 more replies
Relevance 67.24%

Working on a friend's laptop, running Win XP - and it seems to be really infecfted.
 
I ran MalwareBytes and SuperAntiSpyware, and they found and removed multiple items (PUP Desktop, Yontoo, etc).  
 
They don't seem to stay gone.  I briefly connected the laptop to the net and it seemed to self re-infect pretty quickly.
 
He was only running an outdated Mcafee and his kid had previously done some file sharing.
 
I'm leaving the laptop disconnected from the net and working through a desktop for this.
 
 
I ran through all the prep steps in this forum and should be ready to go.
 
Here's my DDS scan, and I've attached the zip file.
 
 
==================================================
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by Owner at 21:41:16 on 2013-10-29
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2047.1557 [GMT -4:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SearchProtect\bin\CltMngSvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\CD... Read more

Answer:Malware keeps coming back

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).=== Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifications.On completi... Read more

17 more replies
Relevance 67.24%

OK, first i would like to say how great this forums is, its helped me alot over the years to come to terms with fixing my computer! Normally i have no problem browsing through to find a specific error and get things sorted.. but this evil worm virus keeps cming back and i cant kill it!

When the virus first emerges i kept getting Error in: Users\Alex\AppData\Local\Temp\(randomfilename).dll

Missing entry: run

So i tried too manually fix the error by using hijack this and autoruns, but it keeps coming back, and is getting worse! No i cant even set a desktop background without it going insane, and making IExplrer browser pop up and auto load adverts over and over! Agh!

Ok so this is my Hijackthis scan log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:16, on 02/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g... Read more

Answer:Malware Keeps Coming back PLEASE HELP ME ^_^

6 more replies
Relevance 67.24%

I am in the process of finishing up the requested scans. As I got to near the end of the scans, the obvious malware .exe files that had been deleted started to come back. I am in the process of the final last scans and am collecting the log files to send. I really need help on this one because it seems to be something really deep/behind the scenes.
 

Answer:Need Help - Malware keeps coming back

Hi mismgr

Welcome to Major Geeks!
You'll need to post twice to attach the logs. We'll look at them when you've finished them all. Please make sure your HijackThis log is renamed analyse.exe and that it's in the folder HJT or HijackThis under C:\Program Files

abri
 

23 more replies
Relevance 67.24%

I'm not entirely sure what infection I have here, but I think it has something to do with the Coupon Printer my friend downloaded a while back (I'm cleaning her computer for her)It started out with a bunch of fake AV programs screaming at me to "fix all the infections". I downloaded and installed MBAM, but I couldn't run it until I rebooted in safe mode. It found 8 or 9 items and I cleaned them all. One of them was the following:C:\Users\Haley\AppData\Local\Temp\Low\COUPON~1.DLLEvery time I restart the computer and re-run MBAM, that same file shows up, no matter how many times I've tried to delete it.I thought I had fixed all the nasties because the fake AV is now gone, but I'm not so sure anymore. I'm pretty good at malware removal, but not great, so I thought I'd ask you guys to take a look.Thanks!!DDS (Ver_10-03-17.01) - NTFSx86 Run by Haley at 0:15:15.58 on Tue 05/11/2010Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3034.1804 [GMT -6:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssc:\Program Files\Microsoft Security Ess... Read more

Answer:Malware that keeps coming back

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

12 more replies
Relevance 67.24%

I've had a frustrating issue lately with my PC.

A storm knocked out our ISP for an hour, and when the internet came back on, I was was swarmed with malware.

We cleaned it off with Kaspersky, Hitman Pro, and Norton. But the next morning, it returns. We clean it off again. The next day, it returns with rogues and backdoors.

And Norton/Hitman Pro says that the computer is completely clean, but as soon as it gets uninstalled, the rogues and backdoors are back again.

What is the issue here? Is our IP address compromised?

Answer:Malware Keeps Coming Back

Hello Mazy,

Yes and no. The problem is that none of the tools you've run have been able to properly eradicate the malware. Please follow the instructions in our pre-posting topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 67.24%

Hey guys,

I been using AntiVir and there have been lots of pop up saying that y.exe is a malware and i deleted it using antivir but it kept appearing. Also, I have found many unknown file in C:\Windows\system32 and searched them up which they came up as malware/spyware

I have run hijackthis and here is the log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:59 AM, on 11/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\W... Read more

Answer:Malware kept coming back

Hi, welcome to TSF!

Before we continue, please follow the instructions presented in this thread: http://www.techsupportforum.com/secu...oval-help.html then post the requested logs.

2 more replies
Relevance 66.42%

I'm running Vista 32-bit.I got hit with Vista Security 2012 a couple of weeks ago, and thought I had successfully removed it. However, I've recently noticed problems that it's not quite gone - I occasionally get pop-up advertisements on sites that don't have pop-ups historically, Explorer would crash & reboot itself "mysteriously," and for a time Windows Firewall and Windows Security Center were disabled. I've been using MSE, Rkill & Malwarebytes Antimalware to try and clean this up. MSE points towards Java exploits and FakeRean. I ran a few scans with TDSSkiller while trying to treat it as well, but it turned up nothing the last time I ran it.Rkill terminated these programs the last time I used it:\\?\C:\Windows\system32\wbem\WMIADAP.EXEC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeI've used DeFogger to disable any CD emulation software. I've attached the DDS logs below. I unfortunately do not have a GMER log, since my laptop either crashed while that was running or when it went into hibernation. I will get one posted as soon as I can get a log..DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24Run by Fred at 13:13:40 on 2012-01-18Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.2549.1423 [GMT -5:00].AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160... Read more

Answer:Go away, malware I've tried to remove that keep coming back

I managed to sit down and get this worked out earlier today, so you can just disregard this. Thanks!

2 more replies
Relevance 66.42%

Hello I am having a really bad problem with my computer. I have some nasty trojan that keeps comig back. I cleaned up my computer with MalwareBytes Antimalware and it removed the trojan, i can say this because after i restarted the computer i did a new scan and it came out clean.
So the computer was doing ok for about 4 days and then again the trojan activated. I tried using again the malwarebytes but it didnt run, i then scanned with avg and remove some files that were trojans after this i could reinstall th Malwarebytes. It cleaned again the computer but after some days the virus activated again.
I ran combofix and i have attached the log, please help me fix this nasty problem thanks.

Answer:Trojan or Malware keeps coming back

Hello and welcome to TSF.

I Apologize for the late response.

If you still require assistance, we would like to see the latest state of your system. So, please post a fresh DDS log and a new GMER log as described in this topic. In your reply, I would also like to know any symptoms you may still have and how your computer is running at the moment.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don?t hear from you in three-five days this thread will be closed.

With Regards,
Extremeboy

3 more replies
Relevance 66.42%

I have already posted a topic here about another computer in my household. Hopefully, you guys can help me with this..

My boyfriend has run SpyBot & AdAware several times but he can not manage to get rid of ALL the Malware. His PC is sluggish, refuses to open programs, & often crashes.

Here is his HJT log..

ANY help is GREATLY appreciated! Thank you!

Logfile of HijackThis v1.99.1
Scan saved at 1:31:42 PM, on 2/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Canon\MultiPASS\mpservic.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\r... Read more

Answer:Urgent! Can NOT get rid of Malware! Keeps coming back!

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


* * * * * *


Something that requires your immediate intervention. I notice that you have more than one anti-virus programs on your machine (AVG & Symantec). That's not a good idea!!

This messes up the machine pretty badly. Alike firewalls, anti-virus programs have conflicts co-existing with each other & may produce undesirable results. Please uninstall ALL leaving only one of them.

ALL the antivirus programs must be removed via add/remove program.
For any program that doesn't have an add/remove entry, you will have to do this:re-install the program -> reboot -> uninstall## Do NOT proceed with the rest of the fix until you have resolved the dual antivirus programs ##


* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *


Download & install CleanUp.exe (not recommended for WinXP64)

Download LSPFix.exe

Download and install Ewido Security SuiteWhen installing, under "Additional Options",uncheck - Install background guard

H... Read more

7 more replies
Relevance 66.42%

Hi, Spybot search and destroy used to take care of my malware, recently I've added malwarebytes to my defence. Unfortunatly they are not enough. I play league of legends a lot and about every three games I'll start getting huge lag spike (usually I have 87ms, then it shoots to about 20000ms)I check resource manager and it doesn't pick up anything leaching my interent besides the game. (and svchost of course) Please help me out, I don't want to have to scan for malware everytime before I start playing -_-Logfile of Trend Micro HijackThis v2.0.4Scan saved at 7:58:03 PM, on 7/15/2011Platform: Windows 7 (WinNT 6.00.3504)MSIE: Unable to get Internet Explorer version!Boot mode: NormalRunning processes:C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\iTunes\iTunes.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exeC:\Users\The Bola\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\The Bola\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\The Bola\AppData\Local\G... Read more

Answer:Hijackthis log - Malware keeps coming back

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:***************************************************First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/409750 and follow the instructions there. If you do not still need help, this is all you need to do. If you do need help please continue below.***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have p... Read more

1 more replies
Relevance 66.42%

Hello, I have ThinkPoint Malware on my system, I have the free Malwarebytes and it cleans it off, but it keeps coming back. Very frustrated, please help.

DDS (Ver_10-11-10.01) - NTFSx86
Run by PORTON at 11:04:29.29 on Fri 11/19/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.210 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\PROGRAM FILES\DELL\DELL LASER MFP 1600N\PSU\ScanToPc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\taskmgr.exe
C... Read more

Answer:ThinkPoint malware coming back!

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

You can read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

-------------------------------------... Read more

11 more replies
Relevance 66.42%

I have an 8GB SD card. I scanned it with ESET SS and Malwarebytes and removed all the detected infections. Still when I remove it and plug it again the scanners detect the malware again! I can neither format nor scan the drive for errors. Please help!!!

Answer:Malware in SD card just keep coming back!

Try this free program : MCShield ::Anti-Malware Tool:: since I started using it nothing got through from USB memories. Did you scan whole computer or just USB ?

23 more replies
Relevance 66.42%

I have an 8GB SD card. I scanned it with ESET SS and Malwarebytes and removed all the detected infections. Still when I remove it and plug it again the scanners detect the malware again! I can neither format nor scan the drive for errors. Please help!!!
 

Answer:Malware in SD card just keep coming back!

Hi,

Before we begin, I want you to have this in mind:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

I visit forum several times at day, making sure to respond to eveyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me.
Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.

Please attach all report using button below. Doing this, you make it easier for me to analyze a... Read more

11 more replies
Relevance 66.42%

Hi,

I can't seem to get rid of some malware that's infecting my comp with popup ads.

Please help. Thanks!
 

More replies
Relevance 66.42%

Ok so i remove these files with malware bytes anti-malware every day, but after afew hours it just comes back again, and is very very irritating.
so far the only obvious signs are that windows live messenger will receive a message about it having an error, but i simply ignore it and continue msn.
another thing is that my 'show hidden files' cannot be activated, and i assume it has been changed by one of the viruses.
can someone help me find ways to get rid of them permanently?
attached is the log file.
Also, is there a way to make MBAM be forever running on my com in the background and alert me of any detected viruses infiltrating my com?(like the other anti-viruses)

Answer:5 viruses/malware keeps coming back

Hi,

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.Disable any script blocking protection
Double click dds.pif to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT



Download GMER Rootkit Scanner from here or here. Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

9 more replies
Relevance 66.42%

Hi there I have a problem with some trojans and stuff, I have done few scans with PC tool, Panda, Kapsersky. Scans tell me they have been removed but everytime I restart my comp the pop up keeps coming back.

win32.monder
virtumonde

are the main cuprits

Pop ups are adult material and its so annoying.

please help.

here is my log ...

________________________

Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-19 18:10:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
44: 2008-06-19 17:10:14 UTC - RP109 - Deckard's System Scanner Restore Point
43: 2008-06-19 16:02:50 UTC - RP108 - Installed Kaspersky Anti-Virus 7.0.
42: 2008-06-18 18:33:36 UTC - RP107 - Removed Apple Software Update
41: 2008-06-18 16:44:12 UTC - RP106 - Software Distribution Service 3.0
40: 2008-06-17 11:52:52 UTC - RP105 - Installed QuickTime


-- First Restore Point --
1: 2008-06-17 09:34:39 UTC - RP66 - Removed Logitech Audio Echo Cancellation Component


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:12:29, on 19/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
M... Read more

Answer:Malware removed but keeps coming back

Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer pr... Read more

1 more replies
Relevance 66.42%

Hi there,

I have been noticing a slow down of my computer and issues with my weekly backup. I have Malwarebytes installed and have used it daily. It keeps finding this pup.datamngr malware and removing it. Obviously, this is not a permanent removal. I have looked up (on the internet) how to remove it manually and with Combofix, but I am worried about crashing the computer.

I am prepared to do what I need to do, but need some guidance.

Thanks in advance.

Answer:PUP.Datamngr malware keeps coming back

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

20 more replies
Relevance 66.42%

Hi, My name's Kelly, and I use Windows XP 2002 Professional with SP3, I use trend online security as a anti-virus. I scan my computer about once every 2 days and i keep detecting a cookie called COOKIE_ATDMT and other cookies but not this time i scanned... it says its being deleted but when i scan it again, its still there, and i dont know how to remove it, i press the link and it gave me a solution which was run the housecall thing from the trend website, but that wont even load, guess my computers really slow for some odd reason, plus my internet connection keeps getting disconnected and i use broadband.. If you need any more info, please tell me..I will try my best since I really know nothing about computers, that why I keep getting infected..
 

Answer:Cookie malware keeps coming back

8 more replies
Relevance 66.42%

Hello everyone so im having some malware problems..This malware is hiding in my CD or this malware is so deep in my system that i dont know how to remove it..I have tryed almost all scanners what i know and what i found gmer,tddskiller,malwarebytes,panda cloud cleaner,hitmanpro many more more scanners i have done malwarebytes full scan and almost with every scanners full scan still they doesent seem to find this malware.I have 3 DVD+RW DVDS and they are all infected..Today when i putted 1 of my cds in my cd drive weird things started to happen first my desktop started to flash my desktop icons and then it started to run programs automatically this time it ran microsoft one drive.And only all of these scanners eset found first 2 threats and then only 1 but i couldnt remove those because this malware blocks it somehow and crashes eset online scanner..all requested logs attached and screenshot of this scanner..And forgot to say this malware now blocked fully Access to google chrome.

More replies
Relevance 66.42%

Is it possible to prevent spyware and malware from getting into your computer? It seems that it is always the same stuff that I regularly remove with SpyBot, AdAware, A-squared etc...I use Spywareguard and Spywareblaster and still these nasties appear! Am I going to have do this as long as I use the internet? Thanks.
 

Answer:Spyware and malware keeps coming back...

http://www.mvps.org/winhelp2002/hosts.htm

What kind of things are you finding in Spybot and AdAware? If they're just "Tracking cookies", don't worry about it.
 

3 more replies
Relevance 65.6%

Basically what the topic says, they keep coming back even when the scan has happend.

Did a scan with MBAM and this is my recent log,

cheers

-----------------------------------------------------

Malwarebytes' Anti-Malware 1.35
Database version: 1945
Windows 5.1.2600 Service Pack 2

25/04/2009 6:02:00 PM
mbam-log-2009-04-25 (18-02-00).txt

Scan type: Quick Scan
Objects scanned: 69195
Time elapsed: 2 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 5
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\twext.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: system32\twext.exe -> Quarantined and d... Read more

Answer:Trojan/Malware/Backdoor bot keeps coming back

Hello, first I want to post a bit of advce about a Backdoo,bot IRC bot.. Mbam needs to be updated if we continue.One or more of the identified infections is a backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.Rerun MBAMOpen MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan.After scan click Remove Selected, Post n... Read more

6 more replies
Relevance 65.6%

Hi bleeping computer. I'm having problems with my laptop. Whenever I turn on the internet, many trojans and links to sites download to my computer.I tried to fix the problem in am I infected, but we only got so far. A virus (Which I believe is causing this) Is responsible for redownloading stuff to my computer.This is the original topic I posted: http://www.bleepingcomputer.com/forums/t/244004/new-win32-virus-in-svchostexe-moved/Here's a HijackThis log, since DDS nor Rtis would work.DDS couldn't find a file called Cscript.exeRtis would just crash since it tried to write a value to a variable that did not exist.I had to use v1.99 of HijackThis since the newest one would be deleted every time I tried to install it.Here is the log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:00:07 AM, on 7/27/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exec:\Program Files... Read more

Answer:Malware keeps coming back when I turn on internet

Hello and welcome to Bleeping Computer.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I wouldbe grateful if you would note the following: Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
Copy and paste all logs requested in you reply, Do not attach them unless asked too.
If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
If I do not hear back from you within 5 days of my last post, then this topic will be closed.We need to scan for Rootkits with GMERPlease download GMER from one of the following locations, and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zip Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and c... Read more

5 more replies
Relevance 65.6%

Hi.
I have read and done the suggestions in the Readme sticky, and while it removes the Spyware, each time I restart my pc and connect to the internet it reappears again.

Ad-aware detects two types. 'DyFuCA' and 'istbar'

When it removes them a message saying
'CrogramFiles\istsvc\istsvc.exe is in use and cannot be removed' and to run ad-aware on start up to remove it.

Microsoft AntiSpyware detects two types called 'IST.ISTbar (browserModifier),
and 'Trojan.Downloader.TargetSavers'

Can someone please help!
 

Answer:Malware/Spyware keep coming back after restart.

If you are using an OS that has System Restore then turn it off > reboot > then follow removal instructions.

If after reboot you are clear of any spyware then turn back on System Restore.
 

13 more replies
Relevance 65.6%

Although my anti-virus program is catching the trojan, it keeps coming back. I also get spyware that comes back after I have just removed it. So far I have used the following programs in my quest to remove all malware on my Windows XP computer: Ad-aware, Spybot, MS AntiSpyware, CWShredder, and True Sword. The following is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:59:46 AM, on 1/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Notes\ntmulti.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\WINDOWS\System32\wm.exe
C:\WINDOWS\system32\rundll32.exe
C:\NOVELL\ZENRC\WUOLService.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
c:\windows\clntrust.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SY... Read more

Answer:Trojan.Dropper keeps coming back along with malware

You have multiple infections on this system....we'll address VX2/Look2Me first:

You have the latest version of VX2. Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Click "Install" to extract the contents to a newly created folder.

Close any programs you have open since this step requires a reboot.From the l2mfix folder, double click l2mfix.bat
Select option #2 for Run Fix by typing 2 and then pressing enter.
Your desktop and icons will disappear as L2mfix scans/disinfects your computer.
When finished, you will be required to press any key to automatically reboot.
On the reboot notepad will open with a log. Copy/paste the contents of that log back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

If after the reboot the log does not open double click on it in the l2mfix folder to locate log.txt.

If you receive an error - \system32\Autoexec.nt is not suitable for running MS-Dos applications, you will need to visit this website to download additional files.

9 more replies
Relevance 65.6%

Hey new to the site hope you can help. I have run malwarebytes countless times but to no success. Here is my log.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4673

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/24/2010 9:13:52 AM
mbam-log-2010-09-24 (09-13-52).txt

Scan type: Quick scan
Objects scanned: 119158
Time elapsed: 5 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{bce37e3b-1b23-65f1-40f9-b9049421c894} (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\program files\microsoft\desktoplayer.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe) Good: (userinit.ex... Read more

Answer:Malware and Trojan found and keeps coming back

Hello lets run a couple safe mode tools and see. You did reboot normally after that scan?Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser click that browser at... Read more

13 more replies
Relevance 65.6%

Hi - my daughter handed over her 'blue-screen-of-death' computer to me and I got it back to the present state. She has some spyware/malware that keeps re-appearing after I run McAfee virus scans and Adaware. Can you help?

Tks a bunch!

Here's my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:03:06 PM, on 8/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\bdaecsc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\explore.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctf... Read more

Answer:Solved: Spyware, Malware keeps coming back

16 more replies
Relevance 65.6%

Hi,

Sorry to post again, but this time with my scan results. I also posted here a month ago, but had to be closed due to pirated software. I've deleted them all since (I hope, at least all that I know of.)

Right now "Ads Alert" seems to be affecting my computer and I can't seem to get rid of it.

My scan results are as attached.
 

More replies
Relevance 65.6%

Hello,I have a malware problem that seems to get cleaned by malwarebytes but comes back I think after a restart. Here are a 2 logs from malwarebytes of stuff that was removed. ALSO dds report. I am unable to run malwarebytes or superantispyware without changing the programs .exe name. ThanksMalwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4707Windows 6.1.7600Internet Explorer 8.0.7600.163859/27/2010 7:32:39 PMmbam-log-2010-09-27 (19-32-39).txtScan type: Quick scanObjects scanned: 150425Time elapsed: 7 minute(s), 34 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\Windows\System32\spool\prtprocs\w32x86\xGM1g93a79.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully.C:\Windows\Temp\31g9iQ7w.sys (Rootkit.Agent) -> Quarantined and deleted successfully.C:\Windows\Temp\G931793.sys (Rootkit.Agent) -> Quarantined and deleted successfully.NEXT LOGMalwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4650Windows 6.1.7600Internet Explorer 8.0.7600.163859/27/2010 ... Read more

Answer:redirect malware keep coming back after restart

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

12 more replies
Relevance 65.6%

Hello,
My computer is running Vista and has been infected with the "Windows Recovery" malware. The computer seized up for about 30 seconds before displaying the message "The system has detected a problem with one or more installed IDE / SATA hard disks. It is recommended that you restart the system."

At first I thought I had real hard drive problems and so restarted the computer. Nothing came back up - no icons ran, the background was wrong, I couldn't run anything. IN the end I started in safe mode and ran Windows System Restore to a point yesterday (13/05/11). The problem came back after half an hour so I googled the problem and found your guide to removing the virus using Malware bytes. I went through all the steps, including running unhide.exe and SPSI, but in the end there were still a few icons missing, such as the "show desktop" icon on the task bar, and the shortcut to my broadband connection. I thought maybe there were some problems remaining so I did another system restore to the earliest point, which was 10/05/11 (4 days ago). I then ran the malware program again and it found nothing so I thought I was in the clear. However after about half an hour the file "null.00...exe" appeared on the desktop and had started running in task manager. The computer seized up again. There was also a dodgy program in c:\programdata (sorry can't remember the name). I stopped both of there in task manager and re-ran the malware pr... Read more

Answer:Windows recovery malware keeps coming back

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

2 more replies
Relevance 65.6%

I'm wondering if someone can help me. My computer is clearly doing things I don't want it. I clean it using Spybot and Ad Aware (& sometimes others) but the same things keep coming back. One malware that I recall is called Vundo. I have to believe it is in my registry - - can someone please help - - see attached HJT log (after Spybot and Ad Aware was run).
Thanks!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:00 AM, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\syste... Read more

Answer:Malware & other issues keep coming back - HJT log attached

Hi,

Download Deckard's System Scanner to your Desktop.

Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, a text file will open - main.txt.txt<<this one will be maximized and extra.txt <<this one will be minimized.
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt.txt in your next reply.
6. Please copy and paste the contents of main.txt and extra.txt to your post.

1 more replies
Relevance 65.6%

Hi, everyone -
 
I'm new here... and totally hoping someone can help me with this annoying problem!  
 
A family member managed to catch the Conduit search hijacker about two weeks ago.  Being an experienced computer user, I was tasked with removing it.  I followed the steps listed here: http://malwaretips.com/blogs/remove-conduit-search-virus/  and everything came up fine.  Conduit was removed.  I finished the procedure by running full scan with Avast! (free version).  Every single one of the removal tools advised it was removed. It wasn't showing up in the browsers either.
 
The following day, the virus/malware/hijacker was back.  So... I went through all the steps to remove it again.  The next day... it was back.  After doing this four times, yesterday I advised them to not go online - ANYWHERE - on that laptop... since I figured maybe a site they were frequenting was re-infecting them every day.  However, even after not going online anywhere yesterday, Conduit search was back this morning right after the computer was turned on.
 
Does anyone know why this thing keeps coming back?  Is there something else I should be doing?  Is there a better removal program I should be using?
 
The computer is an Acer Aspire 7741 with 6GB of RAM and running Windows 7 64 bit OS.
 
Thanks, y'all!

Answer:Conduit Search Malware Keeps Coming Back

I had the same problem.  Used http://malwaretips.com/blogs/remove-conduit-apps-search-and-toolbar/
  and then had to use it on Google, Firefox and IE to get it all.  Took some time and effort but that was 3 weeks ago and so far it's stayed gone.  Instructions are quite clear.   I didn't notice an uninstall specifically for Win 7 but I do hope it works for you.

4 more replies
Relevance 65.6%

Hello all.I recently got rid of (most) of an Virtumondo infection off this system. Everything except for "Malware.Trace" (Ms Juan), I've run everything, but it reappears after its been "removed". The only other system still present is pop ups.My HijackThis Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:46:52, on 12/23/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\... Read more

Answer:Malware.Trace (MS Juan) Keeps coming back!

Hello FFg64,Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:O2 - BHO: (no name) - {1137f5fe-5815-41cf-a581-17a0948b9fbf} - (no file)O2 - BHO: (no name) - {20B3988A-7503-42F8-A5A2-022A309B83A4} - (no file)O2 - BHO: (no name) - {F352626F-9196-47B7-9424-A7EB6AE406C3} - (no file)O20 - Winlogon Notify: cbXRHbbX - C:\WINDOWS\Close all browsers and other windows except for HijackThis!, and click "Fix checked".Reboot your computer.Please download Malwarebytes' Anti-Malware from one of these places:http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlhttp://www.besttechie.net/mbam/mbam-setup.exeDouble Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy&Paste the en... Read more

4 more replies
Relevance 64.78%

I obviously have malware because Kaspersky keeps finding it and deleting it but it keeps coming back.  I'm not sure what else I might have.  This has been going on for a week or two.  In case this helps, here is the location of the files that Kaspersky keeps deleting:
 
c:\users\j\appdata\local\microsoft\windows\temporary internet files\content.ie5\hur2zkla\protectupdater20151102[1].exe
 
c:\users\j\appdata\local\microsoft\windows\temporary internet files\content.ie5\hur2zkla\protectupdater20151102[1].exe//data0001
 
c:\users\j\appdata\local\temp\file_to_run551193.exe
 
c:\users\j\appdata\local\temp\file_to_run551193.exe//data0001
 
c:\users\j\appdata\local\temp\file_to_run5579.exe
 
c:\users\j\appdata\local\temp\file_to_run5579.exe//data0001
 
In the past few weeks there are over 100 of these files that Kaspersky deleted.  They all start like the first four above but the numbers are different.
 
Also, two files just showed up in my downloads folder that I didn't put there and my computer won't let me delete them.
 
downloads\webscr
 
downloads\i
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-11-2015
Ran by J (administrator) on MOMHPLAPTOP (17-11-2015 15:20:44)
Running from C:\Users\J\Downloads
Loaded Profiles: J (Available Profiles: J & Kids)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mod... Read more

Answer:Kaspersky is telling me I have malware & trojan. It keeps coming back

Hi & to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.
Before we move on, please read the following points carefully:
My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
If I don't reply within 24 hours please PM me!
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1
Please download TDSSiller and save it to your Desktop.
Start tdsskiller.exe with ... Read more

21 more replies
Relevance 64.78%

I've been cleaning up my PC (Windows XP) for the last couple of days but no matter what I try the problem comes back.

Here's the history and what i've tried so far:

The PC was infected with Spyware Guard 2008 (tell you you have a virus and need their virus remover yada yada yada) and I was able to remove it and restore some normality using Malwarebytes Anti-Malware 1.31

However when I was cleaning up the system there is a file that MAM finds but it cannot remove:

c:\windows\system2\dxmhqx.dll

It says that it will clean up during reboot but whe I reboot the file is still there.

If I tried to delete the file manually I get a cannot delete access denied message so I downloaded Unlocker 1.8.7 so I could unlock the file (it was associated to svchost.exe and also other times to winlogon.exe). I was able to unlock the file and then delete

Now I had to go to the registry to remove the entry in there but low and behold everytime I remove the entry it comes up again so this time I got Process Explorer so I could suspend all the instances of svchost.exe. Suspending the processes allows me to remove the entry from the registry and it doesn't come back.

Then I ran MAM and Spybot and everything comes back clean but after I reboot dxmhqx dll and its registry entry come back.
I have done this several times and i always end up on the same spot, one thing worth noting is that if I disconnect my internet connection cable and do the above steps I can clean the syst... Read more

Answer:Please Help: Malware dll and registry entries keep coming back after deletion

Hey guys,

Just bumping to see if anyone has any ideas.

Thanks
 

2 more replies
Relevance 64.78%

Somehow 'free ride games' was downloaded onto my laptop and ever since my browser has been extremely slow and I keep getting pop ups. I tried using revo uninstaller, it said it deleted all the components of it but when i restarted my computer free ride games was still on and my browser still slow with pop ups. I then downloaded malware bytes free and it said that it took care of the problem, i restarted my computer and free ride games in still on it. What do I do? Also tried to restore my laptop to the earliest date it would let me (30 days ago) but I guess free ride games has been on my laptop longer than 30 days.

Answer:Free ride games malware keeps coming back

Hello and Welcome on board stephtrudeau ,my Name is Machiavelli and I will assist you with your problem.If you booted into safe mode on your computer then print my instructions!I'm in the 'Malware Staff Team' and will provide you with advice:To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.Below are a few tips:Removing Malware is usually very difficult.We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!Please follow these instructionsIf you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!Please stay in contact with me until your problem is resolvedAs Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.Please don't run any other tools without consulting with me as this can complicate finding and removing all MalwareDon't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!Read my post completelyIf you don't do so, you may make mistakes that could result in your System crashin... Read more

14 more replies
Relevance 64.78%

It first happened randomly when I went on my PC that day. Is very annoying because all types of adds pop up on the sides of my screen, and whenever i try to bare those, it opens new tabs of adds whenever i click on the screen. I performed many scans with different software but it keeps coming back after a day or so. I attached scan logs for AdwCleaner (my first ever scan log and my last one - which I performed just before doing this post) and for FRST.
 

Answer:Google Chrome - Addware/Malware Keeps Coming Back

This topic will be closed due to presence of pirated content.

Piracy policy
 

1 more replies
Relevance 64.78%

Hi - having serious trouble removing the below. No scans on anything I've tried yet have worked. They issue stops if I delete the extension in Chrome, however returns once I restart the browser

NextCoup 1.0
NexxtCOup 1.0
Vaauduixx 1.3
VdxCouponApp 3.18
 

Answer:Malware Extensions on Google Chrome - Keep coming back

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

9 more replies
Relevance 64.78%

been at this a few days i could'nt find any thing that works
Spybot keeps coming up the Win32.agent.pz
MalwareBytes comes up with Malware.trace,
Both come back the second i do anything internety.
I have ulso use used ad-aware and SDfix And have Combofix logs. All are fully updated.
I had Virtumonde but cleared
dss log:
DDS (Ver_09-05-14.01) - NTFSx86
Run by mike at 10:32:34.68 on 01/06/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.995 [GMT 1:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwd... Read more

Answer:Win32.agent.pz/Malware.trace keep coming back

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 64.78%

Seems like I am infected with some sort of malware, I've gone as far as I can alone, and I'm no expert with computers. Reformated my system after initial crash now still infected (or more likely reinfected), keeps making my system attempt to connect to 206.161.121.2,3,4,5 etc. , my research so far yields this is not a new problem in the virusphere, though no one seems to be saying anything more about it other than that they have the infection. Start ups and restarts often very buggy and crash a significant number of times, though when running mbam it just restarts to remove it and it comes right back after restart. mbam has gotten it down to one trojan and its memory process each time, though they come right back. Anyway I can be helped would be wonderful, thanks. Windows 7 OS. If I see any more crash logs, I'll try to catch the errors and add them in.

Answer:malware problem, rootkit? Trojan keeps coming back.

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here

9 more replies