Computer Support Forum

PSW.Dumarin.C (possible typo)

Question: PSW.Dumarin.C (possible typo)

Okay helping a friend via long distance phone calls and the random email. This is the only info I have, if someone could shed some light on this and help, we both would appreciate it. Here is the email she was able to send:

"Still messing with that damn trojan. AVG sees it and asks the usual, delete, heal, or move to vault. No matter how many times I choose delete, or heal or even move, it comes back again and again. This is what was causing my IE to try and dial out (at least, that's what I get from looking online for info on this damned thing) and share my info with the hacker. Avast does not seem to see...this file. It is saving itself (and apparently restoring itself) in my Windows folder as a dll file. prntsvr.dll to be exact.

The name AVG gives is PSW.Dumarin.C. The last thing I tried was to turn my
system restore off, delete the file and re-start... but guess what? lol, Yep, it is still there. *sigh* Why do people have to make these things???"

------------end of message--------------
Looking around for info I found only ONE place (so far) that had any info about it, and that is assuming she misspelled the name of the thing...

Name: [email protected]
Aliases: W32.Dumaru.B/C | [email protected] | W32/Dumaru-B

I think she mis-spelled the name, because Google found nothing about her original file name..

I found info here: http://www.bitdefender.com/bd/site/virusinfo.php?menu_id=1&v_id=160

And a free removal tool here, which I've downloaded: http://www.bitdefender.com/html/free_tools.php?menu_id=20&letter=&page=2

Should I try to get this to her or do you guys have a better idea. We are clueless at this point.

Thanks for your help...

Relevance 100%
Preferred Solution: PSW.Dumarin.C (possible typo)

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: PSW.Dumarin.C (possible typo)

16 more replies
Relevance 49.2%
Question: PSW.Dumarin.G

I have the same Trojan Horse and AVG says it is found in C:\windows\printsvr.dll.

Here is my log from Hijack

Logfile of HijackThis v1.97.7
Scan saved at 00:39:56, on 04/06/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\minilog.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\netdc.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\inteldev\DevStat.exe
C:\WINDOWS\System32\hphmon03.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program F... Read more

Answer:PSW.Dumarin.G

Hi andrewbent

Welcome to TSG!

I have split your post off into your own thread. In the future if you have a Question/Problem please start a "New Thread". It get's too confusing trying to address two different people's problem in the same thread and you may get overlooked.

Please continue in this thread.
 

2 more replies
Relevance 49.2%
Question: psw.dumarin.g

AVG keeps popping up a window saying it found Trojan Horse PSW.Dumarin.G but it can't seem to get rid of it. Another one of the subscribers had the same problem, so I followed the initial solutions steps. I have downloaded Hijackthis and the log reads as follows. Please advise!

Logfile of HijackThis v1.97.7
Scan saved at 8:46:08 PM, on 5/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\netdc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\PANICW~1\POP-UP~... Read more

Answer:psw.dumarin.g

Hi aears

Welcome to TSG!

Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

F0 - system.ini: Shell=explorer.exe C:\WINDOWS\System32\netdc.exe

F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\netdc.exe

O4 - HKLM\..\Run: [load32] C:\WINDOWS\System32\netda.exe

O4 - Startup: netdb.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2494360deddd1b...ip/RdxIE601.cab

Restart to safe mode.

How to start your computer in safe mode

Because XP will not always show you hidden files and folders by default, Go to Start > Search and under "More advanced search options".
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

Now find and delete:

The C:\WINDOWS\System32\netdc.exe[/b] file
The C:\WINDOWS\System32\netda.exe file
The C:\Documents and Settings\Owner\Start Menu\Programs\Startup\netdb.exe file
Empty the Recycle Bin
Turn off System Restore:

On the Desktop, right-click My Computer.
Click... Read more

1 more replies
Relevance 49.2%
Question: Psw.dumarin.z

I am running AVG Network Edition but cannot delete or stop a Trojan PSW.DUMARIN.Z from re-appearing following a re-boot. The client infected is running XP SP1 and probably not up to date with security updates . AVG identifies the Trojan, Heals the file but after re-booting the Trojan returns? I also run SpyDoctor but to no avail. Anyone have any ideas (greatly appreciated!)
 

Answer:Psw.dumarin.z

12 more replies
Relevance 49.2%

This is what the virus is called when AVG finds it. AVG then says it's been removed successfully. When the computer restarts it's back again. No other virus scanners can seem to be able to pick it up. I've turn of system restore and all that and nothing seems to work.

The file name is prntsvr.dll also it has next to it prntk.log and prntc.log

The log files log everything I do on the internet. E-mails pass's ect. I don't think it can do anything because AVG stops it every so often. No of my e-mails have been opened access ect.

Any help with how to remove this would be great.

Thanks, Ben
 

Answer:PSW.Dumarin.G? Help please?

Hi and welcome to TSG,

Please do this. Click here: http://www.sherrylynn.us/HijackThis.exe to download Hijack This. It’s very important that you save it to its own folder on your hard drive, such as program files (not temporary files or the desktop), so that it can create proper back-ups and be able to restore them if necessary.

Close all open windows and open Hijack This. Click “Scan”. When the scan is finished (it only takes a second), the scan button will change to “Save Log”. Click on “Save Log” and then save it to NotePad. Click on “Edit” – “Select all” – “copy” and then “paste” into the thread.

DO NOT FIX ANYTHING YET, most items that appear in the log are harmless or even needed. Wait for someone to analyze the log and advise.
 

3 more replies
Relevance 48.79%

Hi everyone. I have a trojan horse on my computer that i keep on removing with AVG free version and it keeps on coming back up. It is called PSW.Dumarin.G i think. Here is what i got when i ran Hijackthis.

Logfile of HijackThis v1.97.7
Scan saved at 6:02:50 PM, on 5/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atievxx.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\qttask.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nate\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xanga.com/home.aspx?user=Skye425&nextdate=3/1/2004+18:22:20.727&direction=p
F0 - system.ini: Shell=explorer.exe C:\WINDOWS\System32\netdc.exe
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\netdc.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs... Read more

Answer:Cant remove PSW.Dumarin.G

First, please make a new folder to put your HijackThis.exe into. Anywhere on your hard drive is fine other than your Desktop or the Temp folder. We suggest you use C:\Program Files\HijackThis but feel free to use any name or folder you like. Unzip HijackThis again and save the contents (Hijackthis.exe) to the new folder you made. Then navigate to it and run HijackThis from there. This is to ensure it makes the necessary backups for recovery if needed.
Run Hijack This again and put a check by these. Close all windows except HijackThis and click "Fix checked"

F0 - system.ini: Shell=explorer.exe C:\WINDOWS\System32\netdc.exe

F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\netdc.exe

O4 - HKLM\..\Run: [load32] C:\WINDOWS\System32\netda.exe

O4 - Startup: netdb.exe

Restart to safe mode.

How to start your computer in Safe mode

First in safe mode click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders" Click "Apply" then "OK"

Find and delete:

The C:\WINDOWS\System32\netdc.exe file
The C:\WINDOWS\System32\netda.exe file

Do a file search for the netdb.exe file, If found delete it.

Empty the Recycle Bin

Go here or here and do an online virus scan.

Be sure and put a check in the ... Read more

1 more replies
Relevance 48.79%

Help!

I have the PSW.Dumarin.G virus, and even though AVG antivirus gets rid of it (or so it seems), it reappears each time I boot. I also used spybot software and that did not do the trick, either. If I need to edit the registry, I can probably do it but I have no idea what to do at this point.

Thanks!
 

More replies
Relevance 47.97%

I have had this trojan horse PSW.Dumarin.G on my computer for a month or two now and i have been trying to remove it with AVG. It gets removed but everytime it comes back. I have tried turning off system restore and booting into safe mode to run AVG but found AVG wont work in safe mode for some reason. Does anyone know how I can get rid of this Trojan horse? Thank you.
 

Answer:Trojan horse PSW.Dumarin.G

Hi and welcome to TSG,

Please download and run the following programs and then post another log after rebooting:

AD-AWARE

Go here: http://www.lavasoftusa.com/support/download/
and download Ad-Aware 6 Build 181

Install the program and launch it.

First in the main window look in the bottom right-hand corner and click on Check for updates now and download the latest reference files.

Make sure the following settings are made and on -------ON=GREEN

From main window: Click Start then Activate in-depth scan (recommended)

Click Use custom scanning options then click Customize and have these options selected: Under Drives and Folders put a check by Scan within archives and below that under Memory and Registry put a check by all the options there.

Now click on the Tweak button in that same window. Under Scanning engine select Unload recognized processes during scanning and under Cleaning Engine select Let windows remove files in use at next reboot

Click proceed to save your settings.

Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it. (Right click the window and choose select all from the drop down menu and click Next)

Restart your computer

SPYBOT SEARCH & DESTROY

http://majorgeeks.com/download2471.html

Open Spybot Search & Destroy (Click Start, Programs, Spybot S&D (Advanced Mode). Click online, Search for updates, Download all available updates. Close all Browser windows, Click ''Check ... Read more

1 more replies
Relevance 47.97%

I can't shake this trojan horse..
I've tried everything and need help.. (
please could someone help me as this is killing my machine.

==

Logfile of HijackThis v1.97.7
Scan saved at 00:20:46, on 03/06/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\svohost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\My Downloads\HijackThis.exe

R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=explorer.exe C:\WINDOWS\System32\svohost.exe
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\svohost.exe
O2 - BHO: (no name) - {00A0A40C-F432-4C59-BA1... Read more

Answer:HELP! Trojan horse PSW.Dumarin.G

Hi KennyRocks

Welcome to TSG!

Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

R3 - Default URLSearchHook is missing

F0 - system.ini: Shell=explorer.exe C:\WINDOWS\System32\svohost.exe

F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\svohost.exe

O2 - BHO: (no name) - {00A0A40C-F432-4C59-BA11-B25D142C7AB7} - C:\WINDOWS\System32\mskceo.dll (file missing)

O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\System32\mskhhe.dll

O2 - BHO: (no name) - {0BA1C6EB-D062-4E37-9DB5-B07743276324} - C:\WINDOWS\System32\msglji.gif

O2 - BHO: (no name) - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} - C:\WINDOWS\System32\msibkd.dll

O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\System32\msjfbl.dll

O2 - BHO: (no name) - {CC916B4B-BE44-4026-A19D-8C74BBD23361} - C:\WINDOWS\System32\msedah.dll

O4 - HKLM\..\Run: [O2yH] C:\docume~1\user\locals~1\temp\O2yH.exe

O4 - HKLM\..\Run: [zqnmp] C:\WINDOWS\zqnmp.exe

O4 - HKLM\..\Run: [load32] C:\WINDOWS\System32\swchost.exe

O4 - HKCU\..\Run: [DealHelperDown] "C:\Documents and Settings\User\Local Settings\Temp\ms8.tmp"

O4 - Startup: svchost.exe

O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shoote...00/SYSsfitb.cab

O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab

Restart to safe mode.

How to start your computer in safe mode

Because XP... Read more

1 more replies
Relevance 47.97%

My AVG Security Warning window keeps popping up telling me that my computer is infected with the Trojan horse PSW.Dumarin.G virus. I am running Windows ME. I have downloaded HiJack This and scanned and saved the log as indicated below. I would be grateful for any help you can provide to assist me in removing this virus.

Logfile of HijackThis v1.97.7
Scan saved at 3:56:50 PM, on 05/26/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\NETDC.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\RSRCMTR.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Sof... Read more

Answer:Trojan horse PSW.Dumarin.G

13 more replies
Relevance 47.97%

I was wondering if you could also help me out with this, flrman1 or anyone.
I keep getting an alert from AVG saying that C:WINNT/prntsvr.dll is infected by PSW.Dumarin.G

AVG has no problem detecting it and healing it. But it doesn't keep it away. Even if outright removed, prntsvr.dll restores itself and is still infected.

Here's my HJT log (about as pure as I could get it)
Logfile of HijackThis v1.97.7
Scan saved at 10:55:27 AM, on 5/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\explorer.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINNT\System32\netdc.exe
C:\Program Files\Microangelo\muamgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINNT\System32\hphmon05.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Install Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explore... Read more

Answer:Trojan Horse PSW.Dumarin.G

6 more replies
Relevance 47.97%

Hi guys. I'm having a problem with the Dumarin.G Trojan and I'm hoping someone can point me in the right direction to get rid of this little pest. Norton AV doesn't even find it. AVG 6 (free version) seems to be able to heal it, but on restarting the machine it's back again.

I're read a previous thread (here) about this trojan, and am attaching the HijackThis scan for my system.

If someone could let me know what to tell Hijack to deal with, I can follow the instructions in the previous thread for the Safe mode stuff.
Many thanks.
Hijack Log :-


Logfile of HijackThis v1.97.7
Scan saved at 11:57:05, on 26/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
c:\windows\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\netdc.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Omnipage\Opware12.exe
D:\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
D:\Diskeeper 7\DKService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\f23hser.exe
C:\WINDOWS\System32\devldr32.exe
D:\Norton AV\AdvTools\NPROTECT.EXE
D:\Proximitron\Proxomitron.exe
D:\Zon... Read more

Answer:Problem with Dumarin.G Trojan

***NOTE*** Disable any active resident Anti-virus program before running the scans

Run these two on-line anti-virus programs.

http://housecall.trendmicro.com/housecall/start_corp.asp

http://www.pandasoftware.com/activescan/com/activescan_principal.htm

As appropriate, make sure the "heuristics" and "Auto Clean" boxes are checked.

If anything's found, allow it to clean the file. If it's "uncleanable" DELETE everything the virus scan finds.

Restart the computer between each scan and post another HJT log.
 

3 more replies
Relevance 47.97%

I'm hoping one of you can help me out here. AVG keeps popping up a window saying it found Trojan Horse PSW.Dumarin.G but it can't seem to get rid of it. I have ran Ad-Aware and Spybot and also used the Trendmicro online virus scan. Nothing gets rid of it and it's starting to annoy me. AVG just constantly pops up a window, I can close it but it will come right back. Do any of you have any suggestions? Thanks alot.
 

Answer:Trojan Horse PSW.Dumarin.G

11 more replies
Relevance 47.97%

Hello,

I think I removed this virus?? by following someone elses post, but I think I may have deleted somethings I wasn't supposed to becuase now when I restart my computer I get a message saying window cannot find :C:\Windows\System\netdc.exe

My computer is now also very temperamental, by freezing up and I'm having some trouble with the computer communicating with the cable internet. I'm not sure if this is due to the virus, or all of the anti spyware I downloaded after removing the virus, or just my old computer??

Any help would be much, much appreciated,

Here is my highjack log:
Logfile of HijackThis v1.97.7
Scan saved at 5:25:16 PM, on 6/9/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\PROGRAM FILES... Read more

More replies
Relevance 47.97%

My AVG anti-virus keeps popping up this message:

Virus
Trojan horse PSW.Dumarin.O

is found in file
C:\System Volume Information\_restore{046F465C-B897-4E66-AE63-526940B5BD49}\RP15\A0001299.exe

To remove this virus, please run AVG for Windows

But AVG finds nothing when I run it. Here's my HijackThis logfile:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelpe... Read more

Answer:Trojan horse PSW.Dumarin.O?

bump*
 

1 more replies
Relevance 47.56%

Hi there I have been having a heck of a lot of trouble with my PC (duh)
recently I have been recieving reports from AVG of this PSW.Dumarin.G worm
embedded in a file C:/WINDOWS/prntsvr.dll I have run AVG to eradicate it and manually deleted it myself but it keeps reappearing it appears to be running the IEXPLORE.EXE process in the Task manager tray often several of them.

Any tips

(by the way keep it simple for me I'm only 13 and the most computer literate in my house)

P.S Great site

Thanks
 

Answer:[solved]Trojan horse PSW .Dumarin .G

16 more replies
Relevance 47.15%

Please Help - BackDoor.Dumador.AH and PSW.Dumarin.G

Please help me. I was ironically helping out my Brother-in-law getting him to remove a virus, and it seems i have become infected with this BackDoor Dumador and PSW Dumarin Trojan Horses.

Don't understand how to get rid of them or how they got on my pc. I have AVG and Zone Alarm installed.

Ran a complete AVG test - and it says it heals the files - but they are still there. Then before it infected my svchost.exe - which cant be good.

I've run AVG again - and also HiJack - results below.

Can someone please tell me what is the best way of completely removing these files.

I have tried to use windows updater - but at the moment that doesn't want to work. So far these Trojans are just doing odd things.

I have also run AdAware - which seemed to quarantine a few nasties. Really confused how these got on my pc - as I should be fully covered.

I tried following the advice that was given to another person about PSW.Dumarin.G but it didnt seem to work for me at all... it just made it worse.

Please please help me.. i want my machine happy again..

Many thanks

Logfile of HijackThis v1.97.7
Scan saved at 18:06:03, on 12/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system3... Read more

Answer:Trojan Horses - BackDoor.Dumador.AH and PSW.Dumarin.G

Hi GeeMan1973

Welcome to TSG!

First you need to move Hijack This from the desktop. It should never be run from there, because it creates backups of everything you fix with it and it will make a mess of your desktop with all the backups. You need to create a "New Folder" somewhere like in My Documents and name it Hijack This. Put the hijackthis.exe in it and run it from there. That way it will store the backups in that folder and not scatter them all over your desktop.
Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

F0 - system.ini: Shell=explorer.exe C:\WINDOWS\System32\svohost.exe

F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\svohost.exe

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [load32] C:\WINDOWS\System32\swchost.exe

Restart to safe mode.

How to start your computer in safe mode

Because XP will not always show you hidden files and folders by default, Go to Start > Search and under "More advanced search options".
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

Next click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions ... Read more

3 more replies
Relevance 46.74%
Question: typo

For my typo read "explanatory". What am I up to?

Answer:typo

..

3 more replies
Relevance 46.74%
Question: Is this a typo?

the help infomation about bitlocker on windows 7 ultimate, i found this while reading through it, correct me if im wrong but its meant to be you right?

Answer:Is this a typo?

  
Quote: Originally Posted by F1FAN


the help infomation about bitlocker on windows 7 ultimate, i found this while reading through it, correct me if im wrong but its meant to be you right?


You have found one

1 more replies
Relevance 46.74%

I am very new to this so please bear with me (I'd never actually heard of hijack etc until a few hours ago)

after installing AVG AntiVirus, CWShredder, Ad-aware, spybot (and maybe some others eek!? - is it wrong to be this over-cautious?), i now realise my pc is infected with various trojans and god knows what else (being a proper newbie it may have been a bit dangerous to try and fix alone so now here i am)......
Logfile of HijackThis v1.97.7
Scan saved at 01:46:25, on 04/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
c:\WINDOWS\System32\wltrysvc.exe
c:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Sysinfo\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\... Read more

Answer:proper newbie here. pleeeaaase help! (PSW.Dumarin.G trojan - HJT log included).

Hi - Welcome to TSG!!

Run HJT again and put a check in the following:

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Disk Defragmenter] C:\WINDOWS\System32\vqrauscz.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

Close all applications and browser windows before you click "fix checked".
Click here to see how
Open Windows Explorer. Go to Tools, Folder Options and click on the View tab. Make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files".
Now click "Apply to all folders", Click "Apply" then "OK"

Now find and delete this:
Restart and delete this file --> C:\WINDOWS\System32\vqrauscz.exe
 

2 more replies
Relevance 46.33%
Question: Typo error

Sorry.... 22%

More replies
Relevance 46.33%
Question: Password Typo

I only have 1 password for all my docs but I have 4 of them which I can't open. Propably a typo when I saved these docs.

They are in OpenOffice writer format

Anyway for a back door?

Thanks
 

Answer:Password Typo

Please refer to the forum rules. We cannot assisst with password issues so I have to close this thread.

Passwords - Please do not ask for assistance with forgotten passwords and/or bypassing them. As there is no way to verify the actual situation and/or intentions, no assistance will be provided and any such threads will be closed.
 

1 more replies
Relevance 46.33%

A few people have commented on the typing / grammar used in the forum, just for a bit of fun I thought you might like to read this:Aoccdrnig to a rscheearch at an Elingsh uinervtisy, it deosn't mttaer in > > waht oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht > > frist and lsat ltteer is at the rghit pclae. The rset can be a toatl mses > > and you can sitll raed it wouthit porbelm. Tihs is bcuseae we do not raed > > ervey lteter by it slef but the wrod as a wlohe

Answer:On the subject of typo's

looks normal to me:-)

10 more replies
Relevance 46.33%
Question: Microsoft Typo

Microsoft made a typo in their WinSAT application, How can we let them know about it?

Answer:Microsoft Typo

Hi Steven,

You can try contacting them by following the link below. Whether or not you will get a response I cannot say. I have managed to locate the error in the 'WinSAT.exe' file (notice the space between the letters), and you can edit it to replace the erroneous 'o' with an 'i', however by doing so you will probably cause it to fail an SFC scan. In my opinion, it is such a minor error that it is probably best left ignored.
Dwarf




https://support.microsoft.com/contac...&WS=aufeedback

6 more replies
Relevance 46.33%

I mistyped a url earlier (I believe i typed 'radiosahck' instead of radioshack) and was redirected to a strange website (something about internet surveys I believe) I closed it right away and did a quick scan with malwarebytes to make sure nothing was wrong, and it came up empty. I'm probably being a bit paranoid here, but is this anything to really worry about?

Answer:Odd URL typo redirect...

Redirects can be something to worry about, as you have no idea what content is being hosted on the re-direct. Most popular anti virus programs, have real-time scanning, where it's constantly scanning your computer, and as soon as you're redirected to a bad website, it will block any content that's harmful to your computer. I use Eset and it does this.

1 more replies
Relevance 45.92%

Is there any way I can report this?

This is just my first post and I'm tryna help out a bit

Answer:I just found a typo in Windows 10 TP

skippr said:

Is there any way I can report this?

This is just my first post and I'm tryna help out a bit



Hey skippr, welcome to TenForums!
Try the Feedback App.
What'd ya find?

11 more replies
Relevance 45.92%

Hello everyone,

I am experiencing the red typo lines when there are no typos. This happens on occasion when I'm typing emails and posting or responding to forums. It seems to occur when there is an actually typo and I correct the error. After that the entire post/email from that point on will have the red typo lines.

For example it is happening now... I'll try to post a pic for a better understanding.

Has anyone experience this as well and most importantly does anyone know of a solutions to this?

My unit is new and I have yet to DL Office 365 so I don't have Word. Not sure if that will matter.

Any input is greatly appreciated. Thanks

Answer:Red typo lines when no typos

Language settings?

8 more replies
Relevance 45.92%

OneDrive has over 7x that amount buy giving everyone that uses it 15GB.

More replies
Relevance 45.92%

So I was browsing around in Windows Defender (Windows Settings > Update & Security > Windows Defender > Open Windows Defender Security Center > Virus & threat protection > Virus & threat protection settings, then scroll down to Controlled folder access.)

The sentence "Protect your files and folders from unauthorized changed by unfriendly applications" has a typo in it.
(Refer to the attached picture)

Either:
? The word "changed" has a typo in it and should be the word "changes" (with an 's' instead of a 'd'), or
? There is at least one missing word in between the words "unauthorized" & "changed"
Somebody should inform Microsoft about this typo.

But Also: I noticed that this is a new option, since the last time I was browsing around in there. What does this option exactly do? It was originally off, but I turned it On. Yet I must say that I have seen a few messages pop up in the right corner of the screen, stating that Windows Defender blocked some programs from making changes. One of them showed explorer.exe from modifying the Favorites folder without me doing anything with Favorites. Exactly what does this option do? Is it kind of like some sort of strict "Firewall"? Because if so, then I like that.

Answer:HAH, I Found A Typo In Windows!

Originally Posted by pepanee


The sentence "Protect your files and folders from unauthorized changed by unfriendly applications" has a typo in it. ...



Mine says 'unauthorised' (but then it should in the UK) - still has the typo though






But Also: I noticed that this is a new option, since the last time I was browsing around in there. What does this option exactly do?



Blocks access to your files and documents by unknown apps (malware/ransomware). It's off by default because not all 'good' apps are in it's 'trusted' list. It takes a bit of fiddling to get all your apps to work after you turn it on.

Change Windows Defender Controlled Folder Access Settings - Windows 10

4 more replies
Relevance 45.92%

I was trying out a freeware security suite and i encountered this typo that might make you laugh or not
 

Answer:security suite typo

Looks like an application I would have been involved with judging by the typo! dependant on where the app was developed it depends on the native language and who translated it possibily as I noticed many strange word in manuals translated to engwish over the years.

BTW what is the app you trying "swift"???
 

5 more replies
Relevance 45.92%
Question: typo on home page

The current Maxthon is 3.1.4.1000
You have 3.1.3.xxxx
just ab fyi. the download is right 314. just not the home page listing.:wave
 

More replies
Relevance 45.92%
Question: Typo in Event 8003

Apparently, this bug (typo) was not fixed for several years!!! Still it read "bowser" instead of "browser". I see this in 64-bit Windows 7/Computer Management/Event Viewer/Windows Logs/SystemLevel "Error", Source "bowser", General "Log Name:      SystemSource:        bowserDate:          3/11/2010 2:07:25 PMEvent ID:      8003Task Category: NoneLevel:         ErrorKeywords:      ClassicUser:          N/AComputer:      NORMAN-CPDescription:The master browser has received a server announcement from the computer MEDIACENTER that believes that it is the master browser for the domain on transport NetBT_Tcpip_{7D3A7E95-23A7-42BA-B071-81703C4348F5}. The master browser is stopping or an election is being forced.Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">  <System>    <Provider Name="bowser" />    <EventID Qualifiers="49152">8003</EventID>    <Level>2</Level>    <Task>0</Task>    <Keywords>0x80000000000000</Keywords>    <TimeCreated SystemTime="2010-... Read more

Answer:Typo in Event 8003

Hi,I think the following website explains the story:http://blogs.msdn.com/larryosterman/archive/2006/03/14/551368.aspx

3 more replies
Relevance 45.92%

Hi can someone please help clear up my concerns because I accidentally interned the wrong DNS address on my new router.
After entering this typo I almost immediately that my connection was unstable especially on Linux and yesterday evening when I logged back into my router the DNS settings were set to there defaults. But I was able to surf the web kinda in Windows though it timed out often and certain webpages wouldn't even open, and now when ever I enter the correct DNS settings it disconnects from the internet.  
 
Here's what I entered
 
222.67.222.222
220.67.220.220
 
Instead of
 
208.67.222.222
208.67.220.220
 
I'm really feeling uneasy and stressed about this, any advice?
 
 
 
Why does stuff like this happen whenever your in poor health or any other of life's trials and complications?

Answer:Open DNS typo on router

Two things you might check:
 
1. In Windows, do your Network Properties have a DNS Server entry(s) that point(s) to your router (probably 192.168.1.1 or close) or do they point to the published OpenDNS IP addresses? Easy check: From an Elevated Command Prompt: ipconfig /all
 
2. After you corrected the DNS router entries, did you have the router do a cold reboot?
 
I believe you shouldn't overly stress yourself over this if you didn't make any financial transactions. But new passwords could be needed.

6 more replies
Relevance 45.1%

for your information:

Spyware authors and phishing fraudsters yanked an old scam out of the playbook Wednesday by directing malicious code at Internet users who may be prone to typing or spelling deficiencies, according to security researchers.

Finnish security firm F-Secure said they discovered an attack aimed at Web surfers attempting to land on Google's (Quote, Chart) homepage, but who may have mistyped the Web address.

Internet users who punch in "Googkle.com" are treated to a host malicious code, as the computer gets slammed with a heap of the unwanted software that is automatically downloaded and installed. The malware includes: Trojan droppers, Trojan downloaders, backdoors, a proxy Trojan and a spying Trojan. A few adware-related files are also installed, the firm said.

Google Typo Crashes Systems
 

More replies
Relevance 45.1%

I think this is a virus behavior. Recently whenever I type in microsoft waord or notepad or fill up webforms in IE, the cursor jumps anywhere in the previous sentences, or highlights the last some letters somewhere and the entire type goes haywaire. Now Also this is getting typed anywhere and I have to delete, retype. very painful. I have Norton antivirus 2005, zerospyware (after reading the latest article in your mag only), adware, spybot and zone alarm, all fully updated. and none have been able to pick up a virus/spyware after a thorough system scan. I am going crazy typing, especially when i am prescribing medicines to my patients. I don't want to reload windows and all my applications again.Pl HelpDr Alok Modi MD

Answer:Typo errors due to cursor jumping

Go into Device Manager and uninstall your Mouse then restart computer

10 more replies
Relevance 45.1%

I installed Adobe 8 and now all of my Desktop icons have the Adobe logo and will only open up Adobe, not my usual shortcuts, like word, excel, games etc...I tried uninstalling Adobe, which fixed the problem, but when I re-installed it came back again. I don't knw how to fix this...I'm new to all this! I'm running windows vista Help!
 

Answer:Adobe error {fixed typo}

I'm not sure why that is happening but you can try and fix the icons by right clicking on the programs that are displaying the incorrect icons, select properties>change Icon and find the correct one
 

3 more replies
Relevance 45.1%

I'm just setting up a new computer, and not used to the keyboard. When I was installing the operating system I was asked for a User name. Before I had a chance to do anything it had accepted the name GREU and moved on to the next step. No back button! Bloody i7's, so fast!

I've tried doing a search in regedit for GREU, changed it in one place, but its still showing up all over. Is there a complete fix to this or should I resign myself to being known as Greu for the next few years?
 

Answer:Typo when entering user name - I'm now Greu!

6 more replies
Relevance 45.1%

Hi,

I am having a problem when i misspell URLs.

When i type things like google.con instead of .com, i am redirected to a host of different search sites, including searchathand.com, and daplaces.com. I am pretty sure i must be infected with something, but i have ran several online and offline spyware and malware scanners and nothing seems to find a problem.

I am running Firefox version 1.5.0.6, but the problem also occurs in IE as well.

Advise please!

Cheers

Joel

Edit: I seem to have found what i think is the culprit for this...but this leads to another problem.

There is a HJT entry stating
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2EA3617-0DD4-4C7B-89EC-1F1FB24D96E1}: NameServer = 85.255.114.7 85.255.112.174

I have removed this on a couple of occasions and it only returns a few minutes later.

Help please!!!
 

Answer:Solved: Typo browser hijacks

16 more replies
Relevance 45.1%

Hi... I wasn't exactly sure where to post this, I'm posting it both here and in the linux forum

I accidentally made an ext2 filesystem (mke2fs) on top of my pre-existing Windows XP partition (accidentally typed /dev/sdb1 instead of /dev/sda1)... so now it won't boot, and I can't seem to mount it on any OS. Anyone have any ideas on how data on it could be recovered, or if there's any way to get it working again as-is?

Answer:ext2 + typo = dead WinXP

Pull the drive and put it into an External USB Enclosure/Adpater. Mount it on a working computer and copy the files you want.

2 more replies
Relevance 45.1%

Purchased a new laptop and skipped making the MS email but created a password for my account.When I booted up my pc later on I was greeted with an incorrect password message. I must have made a typo in the pw set up because it does not work.I also didnt create a recovery disk because I had literally only used it for 30 mins before turning it off and this problem was the last thing I ever expected to happen.There is only one account and it's the one that is locked. A to rendered a $600 purchase obsolete until I can fix it.All help is appreciated.

More replies
Relevance 45.1%

My correct email address is logged with my Microsoft account, but typo is showing on my windows phone Microsoft account under email+accounts, message says attention required.  Click on message tried to correct using 'fix it here' then get message
There's a temporary problem, getting this message for 2 days now.  Help

More replies
Relevance 45.1%

I have a Dell XS 15z Laptop
I am getting a windows 10 Recovery Message ( your PC couldn't start correctly )
I am attemting to create and use a recovery USB using the link below.
https://www.dell.com/support/article/us/en/19/sln298442/how-to-create-and-use-the-dell-recovery--restore-usb-drive?lang=en
Everything seems to work except I don't have the "Secure Boot" option in my Bios.
Anytime I try to boot the USB I get the message:
Operation System not found

Please advise.

Answer:Operation System Not Found ( not a typo )

Are you creating the recovery USB on a different PC?
I hope so.

1 more replies
Relevance 45.1%

Just got a news system built and am getting a CTL.dll error whenever I turn on my HDMI display ...not sure what is doing it.... I have attached the dump file as a zip..help is greatly appreciated.

Windows 7 64 bit Ultimate retail
All new hardware
OS build Service Pack 1 less than a month

I have attached my dump file and the system file checker results and any help is appreciatted... one thing to note is the system file checker results I get a
Could not reproject corrupted file [ml:60{30},l:58{29}]"\??\C:\Windows\SysWOW64\en-US"\[l:28{14}]"iassdo.dll.mui"; source file in store is also corrupted


Thank you for your help

Answer:TYPO I meant CTL.DLL ERROR BSOD

  
Quote: Originally Posted by etanas


Just got a news system built and am getting a CTL.dll error whenever I turn on my HDMI display ...not sure what is doing it.... I have attached the dump file as a zip..help is greatly appreciated.

Windows 7 64 bit Ultimate retail
All new hardware
OS build Service Pack 1 less than a month

I have attached my dump file and the system file checker results and any help is appreciatted... one thing to note is the system file checker results I get a
Could not reproject corrupted file [ml:60{30},l:58{29}]"\??\C:\Windows\SysWOW64\en-US"\[l:28{14}]"iassdo.dll.mui"; source file in store is also corrupted


Thank you for your help


Memory corruption caused by an unknown driver. Please run memtest and driver verifier.

Download a copy of Memtest86 and burn the ISO to a CD using Iso Recorder or another ISO burning program.

Boot from the CD, and leave it running for at least 5 or 6 passes.

Just remember, any time Memtest reports errors, it can be either bad RAM or a bad motherboard slot.

Test the sticks individually, and if you find a good one, test it in all slots.





Quote:
I'd suggest that you first backup your stuff and then make sure you've got access to another computer so you can contact us if problems arise. Then make a System Restore point (so you can restore the system using the Vista/Win7 Startup Repair feature).

In Windows 7 you can make a Startup ... Read more

8 more replies
Relevance 45.1%

NAME: Googkle
ALIAS: Googkle.com

Summary


F-Secure staff has found a malicious website that utilizes a spelling error when typing the name of the popular search engine - 'Google.com'. If a user opens a malicious website, his/her computer gets hijacked - a lot of different malware gets automatically downloaded and installed: trojan droppers, trojan downloaders, backdoors, a proxy trojan and a spying trojan. Also a few adware-related files are installed.

The name of the malicious website is 'Googkle.com'. PLEASE DO NOT GO TO THIS WEBSITE! Otherwise your computer will get infected! We have reported the case to the authorities.

Detailed Description


Our investigation revealed that the whole infection starts from the 'googkle.com' website. This website, as well as a few related websites are owned by people with Russian names. Also several malicious files that are downloaded from these websites have Russian texts.

When the 'googkle.com' is opened in a browser, it shows 2 popup windows that are linked to the following websites:


www ntsearch.com
toolbarpartner.com

The 'ntsearch.com' website downloads and runs the 'pop.chm' file and the 'toolbarpartner.com' website downloads and runs the 'ddfs.chm' file. Both files are downloaded using exploits and they contain exploits themselves to run embedded executable files. One of the webpages of the 'toolbarpartner.com... Read more

More replies
Relevance 44.69%

Heads up about a string of blogs using familiar names like FileHippo and Softpedia in their URL, when searching for software downloads. I cannot guarantee their legitimacy, or safety to visit or download from these rip-off blogs.

Searching "avast 2017" in Google Search Engine crops up with many blogs using SEO techniques to distract users from the real FileHippo and Softpedia sites.



oFileHippo



downFileHippo



theFileHippo



eSoftpedia



Happy Safe Browsing!
 

Answer:Typo Squatting - Fake FileHippo, Softpedia and more!

Download links seem legit.. I love the tactic by the way.
I will take o-malwaretips.net lol
 

0 more replies
Relevance 44.28%

Is there a way to tell Microsoft Word to "guess" what I mean every time I make a typo? For example, I type "tsanding," and instead of changing it to "standing," it underlines it red. I know I can then right-click it, and select AutoCorrect > standing, so that, from now on, if the same exact typo arises in the future, in which I accidentally type "tsanding," it'll change it to "standing." I've thus far collected *hundreds* of specific typo corrections in this way. But that's very time-consuming, and is only a weak attempt at preventing typos I may be likely to make in the future (based on the fact that I made the exact typo at least once before). Is there any way to establish that I want Microsoft Word to go ahead and correct every single "underlined red" occurrence from now on, based on its best guess as to what I meant? (except in cases where the typo was so bad that it has no guess at all) That way, when it corrects something I *didn't* want corrected, I can then go back and add what I wanted to its dictionary, to tell it not to consider that word an accident from then on.

Answer:Is there a way to tell Microsoft Word to "guess" what I mean every time I make a typo?

Found this in the Word Help files. On the Tools menu, click AutoCorrect Options. In the Replace box, type a word or phrase that you often mistype or misspell ? for example, type usualy. In the With box, type the correct spelling of the word ? for example, type usually. Click Add. Is this what you're talking about?

2 more replies
Relevance 44.28%

Hello, is some one know where finding free Helvetica and Time family typo ?
thank Kidkodak 57

Answer:Finding free Helvetica and Time family typo

Helvetica Fonts - DownloadFontsFree.Net
Regarding "Time family", you need to be more specific.

2 more replies
Relevance 43.87%

So I decided to buy Windows 7 from eBay. I didn't trust the people selling product keys only, so I purchased a brand new retail package. When I shop on eBay, I always look for sellers that are really close to me so shipping is fast. So I found a seller, said to be located in Maryland (which is two states away from me), with a great price and great feedback for his W7 sells. I was pissed because when the guy sent me the tracking number, I found out that the item was coming from Beijing, China, not Maryland! But I figured, well at least he shipped it.

THEN, I get an email from eBay saying the listing for the item I just purchased because the copyright holder reported that the item may be a counterfeit. At first I was pissed at eBay because now I had to record of the transaction in my eBay account and could not contact the seller directly from within the item invoice, since eBay deleted. Plus, he had several other sells of this same item, all with positive feedback of the W7 package, and eBay did not remove the listings for them. So I was like, why me? Luckily, I had his email from paypal and contacted him. He assured me that he is the legal owner of the item and that he sent proof to eBay saying so. Still never got my records back.

Anyway, this prompted me to search counterfeit Windows 7 retail packages. I found some interesting info, but my package doesn't fit any of the counterfeit profiles Microsoft says to look out for. The top hologram is built onto the ... Read more

Answer:My Windows 7 copy looks fake. Typo on back cover. Came from China.

Have you tried contacting ebay?:

eBay Buyer Protection

James

9 more replies
Relevance 43.46%

When I first open Google, in the Search Box is a typo which I cannot delete.Any ideas? Many thanks. pianojoe
 

Answer:Solved: how to delete typo which remains in Google search box when I first open Googl

6 more replies
Relevance 43.05%

So I decided to buy Windows 7 from eBay. I didn't trust the people selling product keys only, so I purchased a brand new retail package. When I shop on eBay, I always look for sellers that are really close to me so shipping is fast. So I found a seller, said to be located in Maryland (which is two states away from me), with a great price and great feedback for his W7 sells. I was pissed because when the guy sent me the tracking number, I found out that the item was coming from Beijing, China, not Maryland! But I figured, well at least he shipped it.

THEN, I get an email from eBay saying the listing for the item I just purchased because the copyright holder reported that the item may be a counterfeit. At first I was pissed at eBay because now I had to record of the transaction in my eBay account and could not contact the seller directly from within the item invoice, since eBay deleted. Plus, he had several other sells of this same item, all with positive feedback of the W7 package, and eBay did not remove the listings for them. So I was like, why me? Luckily, I had his email from paypal and contacted him. He assured me that he is the legal owner of the item and that he sent proof to eBay saying so. Still never got my records back.

Anyway, this prompted me to search counterfeit Windows 7 retail packages. I found some interesting info, but my package doesn't fit any of the counterfeit profiles Microsoft says to look out for. The top hologram is built onto the cds, no... Read more

Answer:My Windows 7 copy looks counterfeit. Typo on back cover. Came from China (eBay). Pics

It's fake, that's pretty obvious. The hologram thing is most likely a sticker on top of the actual disc surface - you can use a fingernail or razor blade at the very edge and lift it up a bit, that's 100% proof. The part numbers don't seem to match up with the actual Windows 7 Ultimate part number, and it just has a fake quality all the way around.

If you contact Microsoft, show them the pics, explain where you bought it from and your situation, there is a small - small but it exists - chance they'll provide you with a key just for making the report and identifying the seller you got it from.

No guarantees, but at the moment you're better off reporting it to them and going from there. Sure can't hurt to let them know, either way.

I'd report it, personally, without even really thinking about it. It just SCREAMS fake.
 

38 more replies