Computer Support Forum

Malware infected, malware removal tools useless

Question: Malware infected, malware removal tools useless

Hi, i got infected because i was triying to run malwarebytes and it skip the part of analising the files, it ended in arount 1 minute in a full scan, and i tried to download dr web cure it, and it dont allow me, the computer seems fine, but those things are very strange, and when i was running the scan i was in safe mode...
 
thanks for the help

Relevance 100%
Preferred Solution: Malware infected, malware removal tools useless

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Malware infected, malware removal tools useless

Greetings samidelcueva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.When you post your reply, use the button instead.In the upper right hand corner of the topic you will see the button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.I would like to remind you to make no further changes to your computer unless I direct you to do so.===================================================Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.Thank you for your patience thus far.Your computer is clean. Since you have taken a variety of steps to protect your computer and have run numerous scans there isn't much else I can offer.I see no reason why Dr. Web won't download except that it may be blocked by the protection software you have.Is there anything else I can assist you with?

0 more replies
Relevance 96.76%

I have scanned with AVG with the latest updates. On top of that insidious google redirect I get random pop ups even when I don't already have IE or Firefox running. Also getting sounds in the background like I'm clicking on a link, surfing the net when I'm not. And SYSTEM in task manager is hogging a ton of memory.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:52:42 PM, on 8/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeC:\... Read more

Answer:persistent malware undetected by virus scans and malware removal tools

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

2 more replies
Relevance 95.53%

Hi. I am trying to diagnose a problematic laptop for a friend. I don't know the details of what happened to cause the problems. The main problem I can detect is that the laptop is EXTREMELY slow. It seems like anything I try has a delayed response (even a simple mouse click). I followed the Malware Removal Guide, but was only able to run two of the five suggested tools as follows:

1) SUPERAntiSpyware - I ran this after manually updating the definition files on the version already installed and the scan found nothing.

2) Malwarebytes Anti-Malware - I was not able to update the definition files for the current version installed. After several attempts to uninstall this (via the Control Panel), I was able to do it via CCleaner. However, I was not able to re-install a more recent version due to problems with the Windows Installer service. After uninstalling an outdated version of Java (Update 14) via the Control Panel, I have not been able to install/uninstall any more programs.

2) combofix.exe - not compatible with 64-bit OS

3) RootRepeal - did not run on 64-bit OS

4) MGtools - did run; kept getting errors, but continued to completion

Attached are the SUPERAntiSpyware and MGTools logs:
 

Answer:Possible Malware preventing me from running malware removal tools

I am not seeing any malware in those logs. I do not know why MalwareBytes would not run, are you able to run it in safe mode? How does the PC behave when you use safe mode?

More than likely I think I will be sending you off to the software forum.

We can do this:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:



O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsM... Read more

5 more replies
Relevance 93.89%

Hi. Thanks for this. I need to first tell you that I don't even know how to generate the logs everyone posts here for troubleshooting. I'm sorry. Maybe someone could tell me how, then I will.

Because my laptop wouldn't even boot to the O/S last week, DELL's tech support helped me move files, reformat and reinstall the OS. I reinstalled McAfee. A security tool warning popped up. I knew it was rogue; I came here and got rid of using mbam and process explorer - very easy. Or I thought I did. On my daughter's desktop this morning, there were 3 porn shortcut links ON HER DESKTOP!!!! There was also a link to "Active Security" - trying to figure out wtf this was it turns out it was another rogue. Awesome. It at least had an uninstall on Add/Remove programs... but obviously it is not gone, if that is even the cause of all this... Thinking MBAM would be a logical quick fix, I figured I would try that. My Mbam won't load - I have reinstalled and it - it reinstalls and then when I try to quicksccan it says I don't have permissions and then I can't even open it again. I can reinstall, then it is hijacked when I try to scan. My McAfee won't scan either so both are being hijacked and I also am having the same browser redirects as others when clicking on sites from search results. McAfee can't even fix itself. In safemode, McAfee tells me the truth at least that it is not working (in regular mode it poses like everything is... Read more

Answer:Ugh - Malware Removal Tools Disbled by Malware

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Relevance 93.89%

Hi all, 
 
Recently on Chrome browsing on a site a received a web site popup saying "Your browser contains MALWARE. You have to install Chrome Malware Removal Tool". Confirming with OK opens an extension page:
 
https://chrome.google.com/webstore/detail/chrome-malware-removal-to/mbdoonnjlifcmakklcaembokjhjikank
 
I have a strong suspect this is a malware!!!
 
What I'm trying to understand if what kind of malware infected the web site I visited. Some technical specs could be useful . The web site is of a my friend and I'd like to help them to identify the malware infected their web site...
 
 

More replies
Relevance 89.38%

i'm having increasing problems with my computer and am now sure i have some form of malware or viruses. i've had a constant popup where MSWord tries to install itself repeatedly, and i have to manually cancel multiple times when i start the computer. i was worried this was a virus, but when i searched about it i found this was related to windows installer. if i disable windows installer, it goes away.

however, for the past week i've started getting repeated popups saying that google update has encountered a problem and needs to close. i read on some forums that this was related to a google chrome installation. i don't remember if i've even installed google chrome-- but i can't find it on my computer to uninstall it. in the past few days i've started to be redirected to various ad sites when i search for things on google in firefox. i have avira antivirus, windows defender, have used windows malicious software removal tool, lavasoft adaware, and windows defender. all were coming up with no malicious software when scanned, but the problem persists. windows malicious software removal tool just finished a full scan and removed one infection, for an ad program it said would cause random popups, which i haven't had a problem with. i have tried repeatedly to install MBAM and hijack this, along with other tools. even after renaming, i had a lot of problems. MBAM would not open at first, then would partially install, then finally said it completed its installation, started to update... Read more

Answer:google update problem, google search redirect, can't install malware removal tools, stopzilla(?) reported infected by UACd,...

i might've misunderstood the DDS instructions on the tutorial on how to post about these things. i looked at a couple of other posts where people have posted their hijackthis logs. here's mine:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:57:42 PM, on 4/1/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SiteAdvisor\6261\SiteAdv.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.... Read more

5 more replies
Relevance 88.56%

Two new malware removal tools by PC Tools just appeared on Softpedia today.
PC Tools Threat Removal Tool 2012

Fight back against malware.
PC Tools Threat Removal Tool is a handy and reliable utility designed to scan your computer for threats and remove them.

This Threat Removal Tool is designed to fight malicious code that has been known to prevent PC Tools' antivirus software from being installed. It performs a quick system scan in order to identify and neutralize the most common malware families that block, prevent, or terminate PC Tools' security software installers.

To ensure that the malware is completely eliminated, PC Tools Threat Removal Tool deletes the infected files and the registry values added by malware.

Requirements:

Administrative rights
If you are running Windows Me/XP, turn off System Restore.

Download
PC Tools ISO Burner 2012 1.0

Get the ability to access and delete persistent malware.
Safely remove malware from your computer with PC Tools ISO Burner. This is an advanced bootable antivirus tool that provides users with the ability to access and delete persistent malware.

When malware infects a computer, it gains control of many components that are key to the system's operations, making it very difficult to remove. Malware can use some of these system components to hide itself and prevent other software from detecting and removing it.

If you can't install or run a security application in the first place, then how a... Read more

Answer:PC Tools Releases New Malware Removal Tools

Ok what files are in the zip when you download it?
All I get is pcttFixTool.dll, no exe???
 

7 more replies
Relevance 85.69%

Hello all,

This is my second go-round through your instructions. The first in 04/2009 was successful. Presently, I cannot get any recommended tools to run --even if I rename an exe. I cannot locate the exe for Malwarebytes; I get an "exception unknown software exception (0xc0000409) occurred in application at location 0x77f7c60b" error message when attempting to open SuperAntiSpyWare. I attempted both in system mode and normal mode. (I have run them successfully in the past.) I see the Security Tool shortcut on my desktop and I bet its the culprit.

I am attaching two logs below. Your help is very appreciated.
Dawna G.
 

Answer:Malware removal tools won't run

Welcome to Major Geeks!

You MGlogs.zip file is not as useful as we need for two main reasons:

You don't have the current version. You are 7 months out of date.
You ran it in safe boot mode and normal boot mode is the preferred method.
Is all of the software you have that far out of date?

I will give you something to try below but the malware may have additional things hiding that we cannot see with this outdated version of MGtools.



Uninstall the below old versions of Java:
Java(TM) 6 Update 13

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Shared\_lib.dll
O4 - HKLM\..\Run: [tijidekel] Rundll32.exe "c:\windows\system32\jetebemi.dll",a
O4 - HKUS\S-1-5-19\..\Run: [wadahetuju] Rundll32.exe "C:\WINDOWS\system32\yikujode.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [wadahetuju] Rundll32.exe "C:\WINDOWS\system32\yikujode.dll",s (User 'NETWORK SERVICE')
O20 - AppInit_DLLs: c:\windows\system32\jisasiti.dll C:\WINDOWS\system32\gitoribo.dll c:\windows\system32\juduwuho.dll c:\windows\system32\jetebemi.dll,mapopabe.dll
O21 ... Read more

7 more replies
Relevance 85.69%

Hello All,
I have tried all possible tools
SpySweeper,Kaspersky,Spypot,Spyware Doctor,Adaware
SuperAntiSpyware,MalwareBytes,CCleaner,RogueRemover

I think its the virtumonde...The thing is I have a couple of registry entries pointing to Dlls that do not exist but even if i remove them they keep coming back.I have tried booting into safe mode and deleting them but it does not help.I am posting my HijackThis log.I have disabled system restore as well

I keep getting random Ad-Websites and messages that my computer has been affected.

I have highlighted the susicious registry entries.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:56:00 PM, on 03-Dec-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system3... Read more

More replies
Relevance 85.69%

Hi Guys,

Thanks for a great website, and many good tools you have put together.

I have a problem getting rid of what I think is Spyware on my wife's laptop.

She is currently unable to do Google searches properly, and all results seem to end in being re-directed to a 'Coupon Mountain' website, we can browse to some websites manually, but all those of the major malware removal companies (including yours) just result in the standard IE website unavailable error message.

I have tried downloading all the tools in your READ AND RUN ME FIRST section to a CD, and then copying them to the laptop to run, unfortunately none of them install (even if I change the names.)

I'm getting to the point where I'm considering a repair install, but would like to know if there's anything else I can do to get things fixed without such drastic action.

TIA

Neil
 

Answer:Can't Run Malware Removal Tools.

Welcome to Major Geeks!


Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.
If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.

TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide


Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
To avoid addtional delay in gettin... Read more

1 more replies
Relevance 85.69%

I have aToshiba M105 laptop. I have CCleaner and Avast Home installed. I ran Avast - no issues, ran CC and Registry cleaner. I have something on this that when I do a google search will look like legitimate results but when I click on a link will send me somewhere else, usually redirect me to an ad or the info.com.I also can not access certain websites -MajorGeeks being one of them or any of the sites that contain the malware removal tools listed in the MJ procedures. Si I tried to access MJ from another computer and save the tools to a usb stick then transfer to the infected computer. Worked OK until I tried to run the various apps. SAS I get "encountered error needs to close" Spybot - "connection w/sever could not be established" Malwarebytes just wouldn't install. Don't know what to do now ---HELP!!!!!
 

Answer:Can not run MALware removal tools

For MBAM, just run it without updating.

Have you tried running the other scans in safe mode?

The Read and Run First instructions have links to manual updates for both SAS and MBAM.

Did you run the MGTools.exe? Were there any issues with that? Can you attach the C:\MGLogs.zip?
 

3 more replies
Relevance 85.69%

Hi Geeks,
I'm pretty sure I have a malware issue on my PC. I can't access any security websites, like malwarebytes.org and more. In fact, I am surprised I can access the Geeks website! I can download removal tools, but they won't run and I've tried quite a few.. I can't boot into safe mode -The dreaded Windows blue screen error message comes up-"Windows has detected a problem and needs to shut down". I followed your "Read me first" and did everything I could, including remove the old Java versions. When I tried to install Java again, it said the program is not digitally signed and shut down. This has happened a few times with other installs as well. My browsers shut down frequently on their own as well. Ihave a recent hijack this log, but not sure whether to attach it or not, as it was mentioned it may be filtered as spam. Anyway, hope you can suggest something. Thanks!
Bobby
 

Answer:malware won't let me run any removal tools and more

If you can't boot into safe mode and normal mode will not allow you to run any of the scans, there isn't much we can do to help you. Have you tried running all the requested scans? Have you tried renaming them as per the Read and Run First instructions? Will MGTools.exe not run?

You can try using a different computer to create this disc and then boot to it with the infected machine. ( You will need to first go into the bios and change the boot up order to make the cd drive the first boot device.)

Kaspersky Rescue Disk.
 

11 more replies
Relevance 85.69%

I am trying to follow clean up procedures, http://forums.majorgeeks.com/showthread.php?t=35407 and have 2 questions;
1. when I run Microsoft Windows Malicious Software removal tool, does it clean/fix automatically or do I have to click on something? I tried to go to the help section and I get "page cannot be displayed".
2. when I run Spybot Search & Destroy, I click immunize but i don't see S&D helper.

ty
 

Answer:Using malware removal tools

1. Just run teh tool there is nothig else you have to do.

2. When you Immunize; Spybot is making changes to the Registry.
 

3 more replies
Relevance 85.69%

I ran through as much of the readme as I could, but only MGtools worked. Please look at the attached logs and advise me on what to do next. Thanks.
 

Answer:Can't run malware removal tools

Welcome to Major Geeks!

Your log shows that you were in safe boot mode. You should be in normal boot mode unless that is not possible and you did not say you could not boot in normal mode.

A few of your Windows system files (ndis.sys and beep.sys) are infected and will need to be replaced by clean copies. It will be much easier to do this once we can get ComboFix to work. So let's start with the below fix and see if we can get other tools to run afterwards.


Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F2 - REG:system.ini: UserInit=userinit.exe
O4 - Startup: zqosys32.exe
O23 - Service: Dhcp server (DhcpSrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe (file missing)

After clicking Fix, exit HJT.

Now copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.




REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"Click to expand...

Make sure that you tell me if you receive a success message abou... Read more

1 more replies
Relevance 84.87%

Since the ComboFix will not run on Vista or Windows 7 64-bit, I have to look for new malware/virus removal apps... It was good while it lasted. So what tools do people use for Vista these days when the computer says: "WARNING! YOURS COMPUTER IS AN INFECTED BY HARMFUL VIRUS!!!!"

Answer:64-Bit Virus Removal & Malware Removal Tools?

64-bit Anti-Virus:List of 64-bit Anti-Virus For VistaAnti-virus protection in 64-bit environmentsFree Anti-virus:avast! Free Antivirus Avira AntiVir Personal - Free AntivirusAVG Anti-Virus Free Edition 8.5Microsoft Security EssentialsPanda Cloud AntivirusKingsoft Free Antivirus (Cloud Scan)Paid for Anti-virus:NOD32 Anti-Virus PersonalMcAfee AntiVirus PlusTrend Micro AntiVirus plus AntiSpywareNorman Antivirus & AntispywareCA Anti-Virus Plus Anti-Spyware64-bit Anti-Malware tools:Malwarebytes Anti-MalwareSUPERAntiSpywareKaspersky Virus Removal Tool - How to install and use documentationSpyware TerminatorWindows Defender (64-bit)PrevxSpybot S&DAd-AwareNorman Malware CleanerSunbelt Counterspy (free Trial)Comodo BOClean Anti-MalwareSophos Anti-rootkitSanityCheck Advanced Rootkit and Malware DetectorESET Online Antiivirus ScannerESET SysInspectorAnVir Task Manager FreeWinPatrolStart with these:How to use Malwarebytes' Anti-Malware to scan and remove malware from your computerHow to use SUPERAntiSpyware to scan and remove malware from your computer

3 more replies
Relevance 84.87%

When I go to download ie:  RKILL or malwarebytes they do not download.  I am running firefox.  I have tried explorer.  I have an HP windows XP. 

Answer:cannot download any malware removal tools

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/518053 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 84.87%

I can't download anything at all and I suspect it is a malware issue. And yes, I've tried removing firewalls, anti-virus, pop-up blocker, etc...
If i try to download something on firefox i get this message: "C:\Documents and Settings\HP_Administrator\Desktop\XXXXXXX could not be saved, because you cannot change the contents of that folder.
Change the folder properties and try again, or try saving in a different location."

If I try to download something on IE i get this: "The requested site is either unavailable or can not be found.Please try again later "

Some symptoms that might be unrelated, I tried running a disk check, but it stops at step 2/3, and an old malware that i deleted left autorun, but i got rid of that as well.

I would download malwarebytes or something to try and get rid of the problem, but i can't :\
 

Answer:Can't even download malware removal tools

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions.
**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using a differe... Read more

3 more replies
Relevance 84.87%

I am getting an error "unable to connect to the proxy server" while opening chrome, firefox or IE.
 
I have unchecked the proxy setting and it still reverts back when I try to open a browser.
 
I am pasting the results from the mini tool box. below -
 
I also ran  ADW Cleaner , TDSSkiller and malwarebytes.
 
 
 
 
 
MiniToolBox by Farbar  Version: 30-11-2014
Ran by jints1234 (administrator) on 02-02-2015 at 23:43:08
Running from "D:\adware"
Microsoft Windows 8  (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Qualcomm Atheros AR9485 Wireless Network Adapter = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
 
 
# -----... Read more

Answer:tried several malware removal tools and still cant connect

Sorry, not at home, report's too long to read -- what firewall, anti-virus, anti-malware are you using?  One thing I can recommend is you "sneaker-net" [via usb stsick or CD/DVD] Tweaking.com's Windows Repair (All in One), install & run it.  Accept defaults checkmarks, add #26 & 27 [if memory serves me], ones that indicate normalizing Windows operations.

2 more replies
Relevance 84.87%

My Windows 7 x64 machine is presenting Antivirus 360 malware. I am looking for tools that will work with Windows 7. I tried combofix and some others but I am finding out they are not made for Windows 7. Please help. I am not even sure what to use to collect logs to submit here.

--M


Submitted DDS log in log submit forum but I would still like suggestions on Windows 7 compatible removal tools.

More replies
Relevance 84.87%

Hello Geek Saviors

Am trying to run the Malware Removal Tools for my Acer 2012 Laptop, Windows 7, IE 11, AVG antivirus, Comodo Firewall. Have downloaded the Tools to desktop and followed the Win 7 malware removal directions. Have following problems despite lowering Internet security settings, trying with Comodo Firewall disabled (also Comodo in safe mode) with all tools software entered as safe applications, running in Windows Normal Ops:
1 - Defogger, after clicking DISABLE and YES get immediate red X message "Unable to Create Log"
2 - RogueKiller, right click "run as admin", depending on Comodo settings noted above variably got Alert Triangle "Software is Not Available" or once setup opened and started abruptly disappeared with message "Download Manager has stopped working. A problem caused the program to stop working correctly. Windows will Close and notify you if a solution is available". Tried renaming to "RK.exe" with same result.
3 - Malwarebytes - tried after RogueKiller failure, right click "run as admin", and got exact same response as for RogueKiller.

Did not try other tools. Any idea what I can do to get tools to run? Have not tried computer Safe Mode - would this help?
Thanks for any suggestions and guidance.
 

Answer:Malware Removal Tools not Opening

Yes, you can try safe mode, but be sure to first disable your AV software.
 

6 more replies
Relevance 84.87%

Help! My daughters laptop seems to be infected with browser hijacker I can't get rid of it. I can't download windows updates and all different browsers aren't working right, sending me to wrong sites and preventing download of AV and malware removal tools. Super anti spyware was installed and wouldnt work, have tried to install windows malicious software removal tool via USB but it won't install or run, have also tried to install spybot via USB but it wont install, error message when it try's to connect to download some of installation files I think. Any advice you guys can offer would be very gratefully recieved, many thanks
 

Answer:Can't install malware removal tools

Welcome to Major Geeks!





TomPo said:





and all different browsers aren't working right, sending me to wrong sites and preventing download of AV and malware removal tools.Click to expand...

Has a proxy server been inserted in the browser? See the below:

Proxy Server - Changing Settings



TomPo said:





Super anti spyware was installed and wouldnt work,Click to expand...

You need to be more specific. Exactly what happens.





TomPo said:





have tried to install windows malicious software removal tool via USB but it won't install or run,Click to expand...

Exactly what happens? Any error messages.

Have you tried to install and run tools in safe boot mode as suggested in our cleaning procedures?





TomPo said:





have also tried to install spybot via USBClick to expand...

Waste of time anyway as it is ineffective against most of todays malware.


Also try the below to see if you can get anywhere.


Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Administrator


You only need to get one of them to run, not all of them. You may get warnings from y... Read more

12 more replies
Relevance 84.87%

can anyone tell me if there ar any bootable malware removal programs other than avg

thanks in advance

ray

Answer:bootable malware removal tools

Here are a couple:http://www.free-av.com/en/products/12/avir...cue_system.htmlhttp://www.freedrweb.com/livecd/

2 more replies
Relevance 84.87%

Running windows xp media edition on e machine. Will not run any spyware programs. Will not run HJT. Found BRAVIAX.EXE in sys 32. Ran killbox to delete. Could not delete braviax sys32.exe. Had killbox replace file with dummy file then marked read only to stop the red x
trying to sell me its programs. Tried to down load several other spyware removal programs. Get message Access Denied no matter what.
Browser has been taken over by redirect program. HELP! WARNING I am NOT computer literate.

Answer:Nasty Malware. Can't run any removal tools.

Hello fxstc1340 and to BleepingComputer.WARNING I am NOT computer literate.Not a problem. If you don't understand something, feel free to ask questions and I'll explain it better. The same holds true for any helper you work with here.Now. . . let's see what we're looking at here.Please install RootRepealNote: Vista users ,, right click on desktop icon and select "Run as Administrator."Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorDisconnect from the Internet or physically unplug your Internet cable connection.Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver. Temporarily disable your anti-virus and real-time anti-spyware protection.After starting the scan, do not use the computer until the scan has completed.When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.Extract RootRepeal.exe from the zip archive.Open on your desktop.Click the "Drivers" tab, and then click the button.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the... Read more

6 more replies
Relevance 84.05%

Hi,
I have a problem where I cannot run any virus or malware removal tools. I have tried them in safe mode and I have tried renaming them. I am able to load them and update them and I can start them momentarily. Then they stop and I can not restart them. I get an error that they are not available or that I do not have permission. I have tried to run online scans and they also fail to load. I also have a problem with iexplorer and firefox being hijacked and loading various web sites I am not intending on going to. Not bad sites just not the ones I am trying to get to. Let me know what you want me to try. I work on computers daily and have not run into anything like this. Thanks in advance for you help.
 

Answer:Cannot load any virus or malware removal tools

I am able to run MGtools.exe and I have attached the log.
 

29 more replies
Relevance 84.05%

Hello

I've followed all instructions in "Read & Run Me First". I have the following results downloading and attempting to run the suggested tools for Windows XP operating system:

SUPERAntiSpyware: downloaded but unable to run. No log created. While attempting to run, received the following message: Windows cannot access the specified device, path or files. You many not have appropriate permission to access item. (note - I am setup as administrator).

Malwarebytes Anti-Malware: downloaded bu unable to run. No log created. While attempting to run, received the following message: Windows cannot access the specified device, path or files. You many not have appropriate permission to access item. (note - I am setup as administrator).

combofix.exe: downloaded and ran, but did not complete. No log created. When attempting to run, I got a far as the blue screen C:\ ComboFix is preparing to run. I sat in that condition for 2.5 hours. I finally closed out.

RootRepeal: downloaded and ran. It was basically a flash on the screen. Log generated but empty. See attached.

MGTools: downloaded and ran. Log attached.

My problem started 1 week ago when my Antivirus Program (F-Secure) stopped auto-updating the Antivirus and Malware components. I uninstalled and attempted to re-install (per F-secure's support) and was unable to install completely. I suspect the virus is preventing the install. I am currently do NOT have any Antiv... Read more

Answer:Virus Unable to Run Malware Removal Tools

Java(TM) 6 Update 26 <--- uninstall outdated Java.



Download and run Win32kDiag per the below instructions:

Download this Win32kDiag and save to C:\Win32kDiag.exe. You must save it here!!!!
Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please attach this log
C:\win32kdiag.exe -f -r




Now we need to scan the system with this special tool.

Please download Junction.zip and save it to your root folder (C:\Junction.zip)
Unzip it and put junction.exe in the root folder (C:\junction.exe)
Now click Start => Run... => Copy and paste the following command in the run box and click OK:
cmd /c junction -s c:\ >C:\log.txt

A command prompt window opens and also a license agreement from SysInternals will appear.
Accept the license agreement and the scan will begin.
Wait until a log file opens. Attach this C:\log.txt when it finishes (the command prompt window will close when it finishes). (How to attach items to your post)
NOTE: It scans your whole hard disk so if can take a long time. Be patient and don't do anything else while it is scanning.



Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.


Right-click OTM.exe And select " Run as administrator " to run it.
Paste the following code under the area. Do not include the word Code.

... Read more

8 more replies
Relevance 82.82%

i cant even get Hijack this to work as soon as i run it it disappears so i cant even post that here to show whats going on with my computer.. im using windows XP... i keep getting redirected when i try to search on yahoo or google... using mozilla firefox. ive also tried to run in safe mode but i keep getting a blue error screen and cant move past that.

Answer:advanced virus removal / security tools malware?

Let's see if we can get a scan to workIf this works, go ahead and repost in the HJT forum. If not, post back hereRun this application and then immediately run your scanPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer or you will have to run it again

8 more replies
Relevance 82.82%

I have attempted to run the following programs:MalwarebytesNorton Power EraserMcAfee StingerI am able to install them and get them up and running. They run for 30 seconds or so then the programs get killed. When I try to restart the programs, I get the following message: Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.This problem occurs whether I run Windows XP Home SP3 as a regular user, or as an administrator in Safe Mode.

Answer:Malware Removal and AV Tools get killed when attempting to scan

Hello,This infection changes settings on your computer so that when you launch an executable, a file ending with .exe, it will instead launch the infection rather than the desired program. To fix this we must first download a Registry file that will fix these changes. From a clean computer, please download the following file and save it to a removable media such as a CD/DVD, external Drive, or USB flash drive.FixNCR.reginsert the removable device into the infected computer and open the folder the drive letter associated with it. You should now see the FixNCR.reg file that you had downloaded onto it. Double-click on the FixNCR.reg file to fix the Registry on your infected computer.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes'... Read more

1 more replies
Relevance 82.82%

I've followed the Prep Guide but have been unable to get DDS to run despite repeated attempts. I've also tried to run Root Repeal several times without success. I then downloaded RSIT. Here's the log file:
"Logfile of random's system information tool 1.06 (written by random/random)
Run by GREG GOODFELLOW at 2010-01-04 15:32:45
Microsoft Windows XP Professional Service Pack 3
System drive C: has 52 GB (34%) free of 153 GB
Total RAM: 1015 MB (28% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\OGADaily.job
C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\... Read more

Answer:Infection Preventing Malware Removal Tools from Running

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

15 more replies
Relevance 82.82%

My computer experienced Police Pro and/or Antivirus 2010 which disabled AVG 8.5 along with Malwarebytes, Norman Malware remover, spy doctor and Hijack This ... I have manually removed all registry items and files that I could locate and the computer does not show any sign of the virus while in safe mode, however it still will not run AVG scans or any other malware removal tools, so my assumption is that there is something still running that I am not seeing.

I tried to run RootRepeal, but it crashes if I request Files to be scanned. I then ran Win32kDiag and it appears to have run below is the log. Any help in getting AVG and a Malware removal tool running would be greatly appreciated!!!!!
Running from: C:\Documents and Settings\Owner\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Owner\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINNT'...

Found mount point : C:\WINNT\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\$hf_mig$\KB944533\KB944533

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\$hf_mig$\KB956390\KB956390

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\&... Read more

Answer:Anti-virus and malware removal tools disabled

Hello vjc,Please refrain from making any changes to your system (updating, installing, removing, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) "%userprofile%\desktop\win32kdiag.exe" -f -r into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

55 more replies
Relevance 82.82%

all info stated above I think. Appreciate your help.
 

Answer:Removing Edeals (multiple malware removal tools used)

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 82.82%

So I had a virus that I thought I had gotten rid of a month ago, but it seems to have returned last night while I was asleep. It now freezes or shuts down anytime I start the computer normally, so I have to start it in Safe Mode to get anything running. It won't let me install Malwarebytes or SUPERspyware removal or anything like that. Ad-aware removed a few things but when I rebooted I couldnt start my computer normally. I have McAfree, but I can no longer start it. Most removal programs I try to install don't work. And when I start a firefox browser, even in safe mode, it tells me "The procedure entry point [email protected]@Z could not be located in the dynamic link library msvcrt.dll." So here is my HijackThis log from Safe Mode:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:21:53 PM, on 5/4/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wbem\unsecapp.exeC:\WINDOWS... Read more

Answer:Virus that prevents malware removal tools (malwarebytes, etc.)

Sorry, here is my dds file

3 more replies
Relevance 82.82%

Hey I am just really interested in PC security and repair and I was just wondering if you guys had any good resources for my own personal research. If you could tell what you would want to look for when examining these files created by the programs listed below and even what the purpose is for these programs that would be very helpful in helping me understand the process better. I got this from your malware removal procedure forum. Very insightful by the way

? BitDefender
? PandaActiveScan.
? GetRunKey
? ShowNew

Thanks
 

Answer:Examing logs created by malware removal tools

Your best resource is the thousands of posts in this forum.

BitDefender and Panda are rather self explanatory in most case however you still need to know the difference between valid detections and false detections and that comes with significant experience over a period of time.

We don't have time to really explain GetRunKey and ShowNew to you. In short GetRunKey shows lots of registry keys (not necessarily bad) and potentially bad files associated with certain infections. ShowNew dumps out important areas of the file system that may be used by malware. ShowNew also prints and uninstall program list so you can see if any malware is installed. You need to have a good understanding of ALL Windows OS's, the file systems, and the registry to understand what they are being used for. Also you need to again be able to distinguish between what is valid and what is not valid and that also comes with significant experience.

Reading the threads and reading the logs and seeing what is fixed and not fixed will teach you a lot.
 

1 more replies
Relevance 82.82%

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Hi and welcome to the Bleeping Computer malware removal forum. If you are reading this article, then you are most likely looking for a solution to a possible malware infection on your computer. Please follow these steps in order to provide information that we can use to analyze your computer's configuration. Please note that these steps may appear to be long and daunting. In reality, though, they are very simple and are only so many steps as we wanted to be as detailed as possible in the instructions.
Before you perform these steps, it is suggested that you first check to see if there is a self-help guide for infection here:
Virus, Spyware, and Malware Removal Self-Help Guides
If there is one, then you can attempt to use the self-help guide first and then continue with these steps if you feel that you are still infected.
- Backup your data!
Regardless of whether or not you have a malware infection, routinely backing up your data should be an important part of every computer users life. Whether it be a hard drive that has failed or malware that has caused your computer to become inoperable, not having your files, pictures, email, and music can be a disaster. We therefore suggest that before we move forward with this cleaning process, you first backup your data to a secure location. That secure location could be a burnable DVD, an external backup drive, or another... Read more

Answer:Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Bump to reset order.

1 more replies
Relevance 82.82%

Malicious Code has become increasingly complex and infections involve more system elements than ever before. Sometimes, when your antivirus software is not able to remove virus from your computer, you may need to download and use these free specialized tools which are released by well-known security companies like Symantec, Eset, Kaspersky, etc. Malware & Virus Removal Tools
Here is a list of some Malware & Virus Removal Tools: Security Response Removal Tools - Symantec Corp. Stand-alone malware removal tools - ESET Knowledgebase Virus-fighting utilities Free Virus Removal Tools - Bitdefender How To - Remove threats - Removal Tools | F-Secure Avira AntiVir Removal Tool - Download How to Use Stinger | McAfee Free Tools
If you know of any other links, please do share here.

Answer:Free Standalone Malware & Virus Removal Tools

Hi Andy ! Emsisoft Emergency Kit: http://www.emsisoft.com/en/software/eek/

1 more replies
Relevance 82.82%

Hey Guys,
 
I Follow the 

CryptoLocker Ransomware Information Guide and FAQ
http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#decrypt
and set the security policies to avoid CryptoLocker attack my computer which are these 
 
Block CryptoLocker executable in %AppData%

Path: %AppData%\*.exe Security Level: DisallowedDescription: Don't allow executables to run from %AppData%.

Block CryptoLocker executable in %LocalAppData%

Path if using Windows XP: %UserProfile%\Local Settings\*.exePath if using Windows Vista/7/8: %LocalAppData%\*.exeSecurity Level: DisallowedDescription: Don't allow executables to run from %AppData%.

Block Zbot executable in %AppData%

Path: %AppData%\*\*.exe Security Level: DisallowedDescription: Don't allow executables to run from immediate subfolders of %AppData%.

Block Zbot executable in %LocalAppData%

Path if using Windows XP: %UserProfile%\Local Settings\*\*.exePath if using Windows Vista/7/8: %LocalAppData%\*\*.exeSecurity Level: DisallowedDescription: Don't allow executables to run from immediate subfolders of %AppData%.

Block executables run from archive attachments opened with WinRAR:

Path if using Windows XP: %UserProfile%\Local Settings\Temp\Rar*\*.exePath if using Windows Vista/7/8: %LocalAppData%\Temp\Rar*\*.exe
Security Level: DisallowedDescription: Block executables run from archive atta... Read more

Answer:Security Policies doubts after Malware Removal Tools

Instead of playing with the Local Group Policy Editor manually to set these GPOs, you should just download and use the free version of CryptoPrevent that will do everything for you and also offers you various options when it comes to the "thightness" of the settings.https://www.foolishit.com/vb6-projects/cryptoprevent/This tool was created following Lawrence Abram's instructions you just followed, plus some custom made rules, so you'll be good if you use it.

1 more replies
Relevance 82.82%

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Hi and welcome to the Bleeping Computer malware removal forum. If you are reading this article, then you are most likely looking for a solution to a possible malware infection on your computer. Please follow these steps in order to provide information that we can use to analyze your computer's configuration. Please note that these steps may appear to be long and daunting. In reality, though, they are very simple and are only so many steps as we wanted to be as detailed as possible in the instructions.
Before you perform these steps, it is suggested that you first check to see if there is a self-help guide for infection here:
Virus, Spyware, and Malware Removal Self-Help Guides
If there is one, then you can attempt to use the self-help guide first and then continue with these steps if you feel that you are still infected.
- Backup your data!
Regardless of whether or not you have a malware infection, routinely backing up your data should be an important part of every computer users life. Whether it be a hard drive that has failed or malware that has caused your computer to become inoperable, not having your files, pictures, email, and music can be a disaster. We therefore suggest that before we move forward with this cleaning process, you first backup your data to a secure location. That secure location could be a burnable DVD, an external backup drive, or another... Read more

Answer:Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Bump to reset order.

1 more replies
Relevance 82.82%

Hi..

When i try to run the spyware removal tools, nothing comes .. I think my system is deeply affected by spywares. I renamed mbam.exe to mb.exe and ran. Still it didn't run. so please tell me to run these anti spywares. PLease help !!
I am attatching the Mlogs.zip which i got when i ran MGtools :cry


http://citycricketers.wordpress.com The IPL Team
 

Answer:Cannot run malware antibytes or super antispyware like removal tools

Welcome to MajorGeeks!

Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First. If TDSSserv is not found, just continue on with the READ & RUN ME.
TDSSserv Non-Plug & Play Driver Disable

READ & RUN ME FIRST. Malware Removal Guide

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip... Read more

1 more replies
Relevance 82.82%

Hi, apologies If I have not done this correctly.... First post.

I am unable to run Combofix in Safe Mode or Unsafe, Spybot and Malwarebytes, I can click the .exe shortcuts but nothing happens. I realised I had a problem when my google started redirecting to other sites then just crashing or going to blank screens. See my scan below, and attached unfortunatley unable to run any other screeners etc as I cant get them to startup.

Not sure how complex this problem is but it would allowme to login or register to your site on the problem pc, when I clicked agree to terms it came up you didn't agree etc. Then when I registered on the other comp I still could'nt and can't login on the problem pc....

Thanks in advance for any support
Kevin
DDS (Ver_09-02-01.01) - NTFSx86
Run by kev at 16:52:41.02 on 22/02/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.5.0_12
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.536 [GMT 0:00]
AV: AVG 7.5.552 *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EX... Read more

Answer:Unable to Run any Malware removal tools Combofix Spybot etc

My Combofix log after running, I got this running after changing the name.

ComboFix 09-02-21.01 - kev 2009-02-23 22:15:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.701 [GMT 0:00]
Running from: c:\documents and settings\kev\Desktop\ComboFix1.exe
AV: AVG 7.5.552 *On-access scanning enabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_006126_.tmp.dll
c:\windows\system32\_006127_.tmp.dll
c:\windows\system32\_006128_.tmp.dll
c:\windows\system32\_006129_.tmp.dll
c:\windows\system32\_006135_.tmp.dll
c:\windows\system32\_006136_.tmp.dll
c:\windows\system32\_006137_.tmp.dll
c:\windows\system32\_006138_.tmp.dll
c:\windows\system32\_006139_.tmp.dll
c:\windows\system32\_006141_.tmp.dll
c:\windows\system32\_006142_.tmp.dll
c:\windows\system32\_006145_.tmp.dll
c:\windows\system32\_006146_.tmp.dll
c:\windows\system32\_006148_.tmp.dll
c:\windows\system32\_006149_.tmp.dll
c:\windows\system32\_006150_.tmp.dll
c:\windows\system32\_006152_.tmp.dll
c:\windows\system32\_006155_.tmp.dll
c:\windows\system32\_006156_.tmp.dll
c:\windows\system32\_006160_.tmp.dll
c:\windows\system32\_006161_.tmp.dll
c:\windows\system32\_006163_.tmp.dll
c:\windows\system32\_006166_.tmp.dll
c:\windows\system32\_006168_.tmp.dll
c:\windows\system32\_006169_.tmp.dll
c:\windows\system32\_006170_.tmp.dll
c:\windows\system32... Read more

3 more replies
Relevance 82%

Problem:Security Tools Malware1. Unable to fix according to instructions posted by Grinler on September 25, 2009, despite several attempts2. Run Vista on half the computer & Ubuntu 9.1 on the other half so after reading I got the bright idea of going into my computer from the Ubuntu side & "move to trash" the file identified as the Security Tools file. 3. After moving the security tools file to the trash I reopened Vista and: -could see my desktop -could open some programs (didn't try them all) -no longer saw any "Warning" messages pop up -saw only one short cut on my desktop for Security tools which I moved to trash4. I opened Opera & tried to: -back up my data--failed got error message: "The filename, directory name, or volume label synax is incorrect. (0x8007007B)" -re-follow Grinler's instructions--failed when trying to save GMER log--no message the whole computer just froze--no ctrl+alt+del, no clicking on anything so I killed the power to re-access the internet & you on my Ubuntu side5. Got instructions to follow Preparation Guide do steps 6 - 9, did that by accessing the necessary files from the Ubuntu side & here they are DDS logs attached--GMER failed to runSorry I goofed sending the log the first time & thanks for your speedy replies. Hope I got it right this time :-)DDS (Ver_10-03-17.01) - NTFSx86 Run by admin at 11:22:45.62 on Thu 03/25/2010Internet Explorer: 8.0.6001.1888... Read more

Answer:Infected with Security Tools Malware

Hi there!Sorry for any confusion, I'm new to these forums, hope I didn't cause any problems. This is a new topic that I was instructed to open with a log by boopme. I just kind of assumed boopme would continue to help me, if I'm wrong then I am giving you an update on what occured while I was trying to get the DDS & GMER logs to you--my computer totally froze I couldn't ctrl+alt+del, I couldn't click on anyting--in order to get back in touch with you I powered down & restarted the computer in Ubuntu 9.1. From Ubuntu I accessed my DDS log & posted them to this new topic. I then posted to the original topic asking what I should do about getting back into the Vista part of my computer boopme gave me this reply:Ok let's try this Safe mode scan with SAS.. Do you also have normal mode?Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the c... Read more

more replies
Relevance 82%

Still having problems accessing files and folders on C drive; no access or access denied to open or view Docs and Settings folders, App Data, etc. Access is even denied to my user Documents\MyMusic, MyPictures, and MyVideo files.

Read and followed instructions in the Read & Run Me First removal guide. Downloaded SuperAntiSpyware, Malwarebytes, ComboFix, and MGTools.

Looked for log from SAS but couldn't find anything saved anywhere. If I right-click on the .exe saved to my desktop, properties show it as "SAS.exe.exe" Is that normal??

Also, I noticed after running Malwarebytes or Combofix (I don't remember which-sorry), a new folder was created - "C:\$RECYCLE.BIN" which, of course, is locked.

A little more history here: I knew I had this trojan a couple of months ago and, without reading up on anything, thought I could do a system recovery from a recovery disk I had. Unfortunately, that didn't work, and I ended up with a black screen that kept saying, "No operating system installed". A friend took my laptop and said he "wiped it down as deep as he could go", then installed Windows 7 (I previously ran Vista). Got the laptop back recently and found out the trojan is still here, living large in the background on my laptop.

So, I am assuming the logs will show a pretty bare bones system here, and that's why.

I've attachd the logs I can find.... HOWEVER, when I try to attach MGTools.zip fi... Read more

Answer:Ran all suggested malware removal tools and ZeroAccess trojan still installed.

ZeroAccess trojan still present after all removal tools used

I've had this trojan on my laptop for almost 4 months. Before doing any research, i tried to do a system recovery from a disc I had made last year, but ended up with a black screen telling me that "no operating system installed". Gave my laptop to a friend to "fix". He "wiped the hard drive down as deep as poosible", installed Windows 7 (I previously had Vista), and gave it back to me. I assumed he knew the extent of this trojan, but obviously he didn't. I have a 64-bit operating system, running Windows 7. Everything else was installed or re-installed by my friend after he "wiped the hard drive".

I read the Read & Run me guide, installed and ran all the tools, etc. Here's the issues:

I am denied access to common doc files, my start menu folder, my templates folder, etc. I have two program files, one of which has "(86x)" behind it; after running the removal tools, i found a new folder on my hard drive: "$RECYCLE.BIN" which of course, is locked. When I right-click on the SAS.exe file on my desktop, the properties show this: "SAS.exe.exe", same with "mb.exe.exe" (is this normal??).

There is nothing in the SAS folder on the C drive, but SAS didn't show anything anyway; I've attached the combofix log; inside the MGLogs.zip file is another folder called "Qoobox" along with the text ... Read more

4 more replies
Relevance 82%

My problem sounds similar to other threads,  mostly like this one:  http://www.computerhope.com/forum/index.php/topic,76406.0.html " But it seems as if nobody was sucessfull with removing this beast yet. My issue all started with WINLOGON asking my firewall for web access, which I let go through because Google adviced if the file is in the system32  folder it should be fine. Since then IE pops up sites by random;  forced reboots occured and  Windows keeps saying "Appl. cannot be executed, the file is infected, please activate your antivirus software". The virus pretends as if itself was a malware removal tool. It claimed that NetSky32 took over the system and wanted the user to donwload security tools (a fake regestry defender window poped open). SuperAntiSpy cannot see anything, Malwarebytes is far better, but still not succesfull . The virus kind of panics as I donwloaded MalWareBytes and after the first scan the virus deleted the Malwarebytes executable. At one point of time it seemed as if I would be fine (the regedit and taskmanager were usable again,  the Virus-warning desktop background was gone, but: I could never boot into a savemode to perform a full system scan and completely get rid of this. When trying to boot in save mode I still get a blue screen of death. Part of the virus is residing in C:\Windows\temp. The files seem to be rewritten at each boot time: gnserv.dat, spserv.dat, fla6.tmp,  Perflib_prefdata_44c.da... Read more

Answer:Malware in C-Windows-temp and maybe in the MBR. All common removal tools failed

Hello. Welcome to CH!  Are you able to boot to Windows?These two files: C:\WINDOWS\system32\serauth1.dll and C:\WINDOWS\system32\serauth2.dll -- will continually be restored while their backup is in place. These are not necessarily bad.If you are able to boot, please do the following:Please open Notepad and enter in the following:[email protected] offecho DMJ Find > findSUBawf.txtecho. >> findSUBawf.txtif exist "%SystemRoot%\System32\clauth1.dll" echo Found clauth1.dll >> findSUBawf.txtif exist "%SystemRoot%\System32\clauth2.dll" echo Found clauth2.dll >> findSUBawf.txtif exist "%SystemRoot%\System32\lsprst7.dll" echo Found lsprst7.dll >> findSUBawf.txtif exist "%SystemRoot%\System32\nsprs.dll" echo Found nsprs.dll >> findSUBawf.txtif exist "%SystemRoot%\System32\serauth1.dll" echo Found serauth1.dll >> findSUBawf.txtif exist "%SystemRoot%\System32\serauth2.dll" echo Found serauth2.dll >> findSUBawf.txtif exist "%SystemRoot%\System32\servdat.slm" echo Found servdat.slm >> findSUBawf.txtif exist "%SystemRoot%\System32\ssprs.dll" echo Found ssprs.dll >> findSUBawf.txtif exist "%SystemRoot%\System32\sysprs7.dll" echo Found sysprs7.dll >> findSUBawf.txtif exist "%system%\bak" echo AWF-POSSIBLE >> findSUBawf.txtecho. >> findSUBawf.txtecho EOF >> findSUBawf.txtStart findSUBawf.txtexitThen, click File > ... Read more

14 more replies
Relevance 82%

Hello. I was visiting a few websites and all of a sudden my computer blue screened and started doing a "file dump" it then reset itself.

I tried to go on and fix it, but it wouldn't let me access any antivirus/spyware/malware downloads. Norton, mcafee, spydoctor, malwarebytes anti malware.

I started getting popups stating "this site is unsafe download this.." it was a windows/microsoft grey box message. It seemed legit, but I did not actually download it. I cancelled. I got it every few websites I went to. Mostly from the antivirus sites.

I restored my computer to factory settings (didn't need anything on it).

I have since been able to run several virus scans and download several malware softwares. I have malwarebytes anti malware, norton, and spydoctor. They all have run and found nothing.

I just want to make sure I have gotten rid of everything.

I downloaded hijackthis and this is the log it just returned.

I don't know what to do with all this, but it has been suggested I find a help forum for some advice.. Anything anyone can tell me is much appreciated. Thanks in advance.

Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:26 PM, on 8/7/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.... Read more

More replies
Relevance 82%

Hi,

My son's Laptop has a nasty redirect virus that also prevents the execution of malware removal programs and also prevents the logging tool from working. The icons for both Malwarebytes and the dds tool have a colored "shield" that is imposed on top. Any help would be greatly appreciated. OS is Vista Home edition.
Appreciatively,

A

Answer:Malware with redirect prevents removal tools and logs from executing

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

2 more replies
Relevance 82%

Hello and Thanks in advance. I ran all tools to get a chance to ask someone how to repair the registry in my windows 7 64 bit system. It's new but has crashed multiple times. I was tired of restoring to factory settings.

It seems that someone with physical access during the 3 months I've owned it has changed settings so they can receive reports from this computer. Help!
 

Answer:Registry repair after running all suggested malware removal tools.

eMachines EL1352G-41w, AMD Anthon IIx2 220 Processor 2.8 GHz, 2.00 GB (1.75 usable), 64-bit operating system, Windows 7 Home Premium Service Pack 1, ZyXEL EQ-660R-F1 ADSL Router on single phone line 1.5 max (out in the sticks), No wireless connections, HP OfficeJet 5610v All-in-One (won't print), NVIDIA nForce 10/100/1000 Ethernet, worked fine till I left town. Have restored to factory 5 times. Some registry files are missing, and I don't have permission to change them. Files from Malware scans attached.

Hope this is all correct. Poke me in the eye if not! ~G
 

4 more replies
Relevance 82%

I have 2 problems, the malware(Guard Online) and the google redirect problem so I look at the steps in "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help". I followed the steps until I got to step 8. I have a problem with thePart of Step 8 that says "Please double-click on the gmer.exe program. Once you double-click the icon a Windows security warning may appear asking if you are sure you would like to run the program. If this warning appears, please click on the Run button to allow GMER to start. If no warning appeared then you should just continue with the guide". When I click gmer.exe, an error pops up and says "Windows cannot access the specified device,path,or file. You may not have the appropiate permissions to access the item.". This error pops up when I try to use malwarebytes and SuperAntiSpyware as well. What do I do?

Answer:Problem with---> Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Hello,Forget about GMER for now and please post the DDS logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

6 more replies
Relevance 81.18%

Hi,

I have a Dell Diminsion E510 with Windows XP Media Center Edition 2006 installed. It recently started to generate tons of pop-ups and internet redirects. Most searches on Google are redirected to go.google.com with something completely different than the item selected from the search list was for. All requests for any malware sites (e.g. grisoft.com, majorgeeks.com, spybot.com, and many more) are redirected to 127.0.0.1.

Task Manager had been disabled, but I enabled it through the Registry.

No USB thumb drives or external harddrives are recognized by Windows, so I am limited on the ability to get data off of the system.

I downloaded the guides and tools listed in the Windows XP Malware Removal Guide from this site to a CD. I copied them to the C: drive and installed them, but they just hang there without displaying anything. I can tell I started them using Task Manager.

Is somewhat operational, because I can use the IP address to reach a site, but as soon as the site replaces the IP address with a name, DNS resolves it to 127.0.0.1.

I was successful at running MGTOOL and I have a HTJ log, but I don't know how to get it off that machine to somewhere you can see it.

Suggestions?

Thanks,
Dan
 

Answer:Infected machine and cannot run anti-malware tools

Welcome! to MajorGeeks.com!

Please follow the instructions in the READ & RUN ME FIRST link given further down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide


Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in Safe Mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
To avoid additional delay i... Read more

11 more replies
Relevance 81.18%

I want to run Combofix with expert help, but do not know how to Disable ESET Smart Security, malwarebytes,ccleaner,spybot S&D and Windows Installer Clean-up before running Combofix. I would rather not uninstall them all if possible, just disable. I didn't know Windows Install clean-up was on there until saw it listed in programs.

Thanks so much for any help.

Answer:How disable(not uninstall) antivirus/malware removal tools before running ComboFix?

I found out how to disable ESET, but not the others....Thanks in advance for help....

2 more replies
Relevance 80.36%

google search is often hijacked when clicking on links. Happens on firefox or msie. The page is redirected through several other domains before taking me to a final destination remotely related to the original search term. Some of the sites seen in the middle are cs10275.com and ffinddirect.com, but there is no viable info on those online.

Neither spybot, avg or malwarebytes have removed the problem, and i see nothing odd in my hosts file or running processes.

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:19:38 PM, on 1/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WIN... Read more

Answer:google search hijack, can't find the prob in hosts or with malware removal tools

16 more replies
Relevance 79.95%

Staff Advisory: This post needs to remain here until one of the malware team advise that it can be moved. This member cannot access our malware forums due to their infection. ~ Animal----------------------------------------------------------------------------------------------------------------------Hello, I got some help from some nice people in the live chat. I have made a log with your hijackprogram and am posting it at the bottom. It created two .txt files so there are two reports. I am unable to open ANY link that has the words anti-spyware anywhere on the page or in the address bar so unfortunately I cannot post this in the malware removal forum because the internet window closes every time. I am in dire need of some help! I have a subscription to spy sweeper and it is keeping things out but I was infected with Antivirus xp 2008 and possibly some viruses because the computer was un-protected for about a month while I was in the hospital..I run with Windows XP and a wireless connection. If someone could take the time to look at this for me I would be so incredibly thankful! I offer my services as a photographer/graphic artist/professional gift shopper/myspace designer/beginner web designer. You can see what I do at www.perfectionpictures.com and contact me if you need anything at all!Current Symptoms (in the order of appearance)Random Total system crash then restart then blue screen then back to windows. msvcp71.exe is missing so a program is being prevented ... Read more

Answer:Antivirus Xp 2008 Removal Help/am I Infected? Can't Open Malware Removal Forum

Hi & welcome,I would like to try a couple things before we go much further so I have a bit better picture of what is happening and can take the needed cautions.1.) click start> run> type msconfig and hit enter.click "boot.ini" tabCheckmark /bootlogClick "apply" and "close"Reboot when askedLocate and delete this file:C:\windows\ntbtlog.txt (in case your extensions don't show it looks like a notepad)RebootLocate & post:C:\windows\ntbtlog.txt2.) Click start> run> type: cmd.exe and hit enter.type the following commands exactly as you see em & hit enter after each one:cd c:\windows\system32dir userinit.exeNote the file size please & report that back to me. Leave cmd open a sec.Back at the cmd window...Type:cd dllcachedir userinit.exedir spoolsv.exeNote file sizes & report that back to me.Type exit in the CMD window & hit enter. (this closes it)3.) Can you see also if you can get this program installed please:http://download.bleepingcomputer.com/hijac.../HJTInstall.exeSave file> run it> follow prompts to install excepting defaults.Allow it to "launch" hijackthis.Click the "Do a System Scan and Save a Log File" optionSave the log file and then it should open with NotepadGo to Edit, Select All and then Edit, Paste to paste the contents of the log hereLet me know if you had any problems with the above please.I advise keeping the system offline as much as possib... Read more

3 more replies
Relevance 78.31%

I have a default Yoog Search in my Search Engines, i try to remove it and set it as google but it would again default to Yoog. Next thing is I just cannot run 'sybot search & destroy' and doesnt let me open any anti-malware related sites. I cant download any anti malware apps. I am just stuck. I saw a post " Win 2K hijack issue - unable to run malware apps!". I have exactly the same case on my system.

 

More replies
Relevance 78.31%

I have a default Yoog Search in my Search Engines, i try to remove it and set it as google but it would again default to Yoog. Next thing is I just cannot run 'sybot search & destroy' and doesnt let me open any anti-malware related sites. I cant download any anti malware apps. I am just stuck.
 

Answer:unable to run any anti-malware tools and also cant open any anit-malware related site

Re: unable to run any anti-malware tools and also cant open any anit-malware related

Welcome to Major Geeks!

Please try doing this first:
Yoog Removal

Then please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.
If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.

TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide


Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes ... Read more

6 more replies
Relevance 78.31%

Yesterday, I had troubles with Windows live messenger where it (still) says:

"Windows Live Communications Platform has encountered a problem and needs to close. We are sorry for the inconvenience. "

although, the problem isnt about MSN. I found out that this problem was caused by having Malware on your computer. Hence, i decided to run a scan using Malwarebytes Anti-Malware (MBAM).

I noticed that my Avast was disabled and if i try enable it, it comes up with a window saying: the operation could not be completed.

My google searches also SOMETIMES get redirected to links that is clearly out of topic.
like if i google search the terms "malware wikipedia" and i click on the wikipedia link but i get redirected to some Myspace/Anz credit card crap.

Then this happened.
MBAM CRASHED after 2 mins of scanning -> tried to re-run MBAM but a window came up saying:
"Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item."
I ran several other programs such as:
HJT -> scanned for 2 mins, then crashed (no logs were made)
SUPERAntiSpyware (SAS) -> scanned for 2 mins, then crashed
and same goes for any other programs that searched for any malware.
The only program that worked was TROJANHUNTER and came up with a couple of false positives
I also tried using Avira's Rescue CD (the one where you boot up with it and it does a scan)
A scan using Avira was also successful but failed to... Read more

Answer:Malware/Anti-virus tools wont run due to a rootkit/trojan/malware

i am having the exact same problem!
i have no clue what to do, any help would be amazing!

2 more replies
Relevance 77.08%

I'm having trouble removing bip.exe
HijackThis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:11:52 AM, on 4/28/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\A4Tech\Keyboard\Ikeymain.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\vVX6000.exe
C:\Program Files\Mouse Driver\MouseDrv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\DllHost.exe
C:\ProgramData\{3140EA8C-7399-4EC4-819C-16996F38FCFC}\WRInstall.exe
C:\Users\Jesse\AppData\Local\bip.exe
C:\Program Files\Trend Micro\HiJackThis\HiJack... Read more

Answer:I'm infected with bip.exe & malware removal help

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 77.08%

OS: Windows XP Pro SP2

My CPU has been running odd for the past 5 days. Programs would stop on their own, I received a black screen, and programs were laboring to load. I had not run Spybot search and destroy for about a month, so I thought that would perhaps find some problem. iI have always had success in locating problems with spybot in the past. I also have used Lavasoft Adaware in conjunction. I tried to run Spybot, but the system was incredibly slow. In one instance Spybot crashed, another instance it ran for about 9 hours and was only 1/10 its way through the scan list, and another time it ran faster (though still very slow compared to how it used to run) but did not find any problems. I then ran a fresh install of Adaware, which took many hours to run, and that came up with no problems also. While the programs were taking a painfully long time to run, the hard drive would have a constant "marching" sound coming from it.

At this point I found your forum on Malware removal, and began to systematically work through the step by step process. I had used MSConfig in the past to stop programs from startup, so when I set to normal mode (Step 4) and rebooted, the CPU ground to a complete halt taking eons to load and not allowing any programs to run (unless I waited 30 mins. for my explorer to open) at normal operating speed. I must have unleashed prior malware hidden in the cpu, though I am not sure. The "marching" described earlier occurred... Read more

Answer:CPU infected - Asking for malware removal help

I am not seeing any malware on your system. Did you disable your AV software before you tried to run ComboFix?

When you say your hard drive is making a "marching" sound, could you be a little more specific? Is it clicking? That would be an indication that your hard drive is dying.
 

5 more replies
Relevance 76.26%

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Jim at 20:55:39 on 2011-06-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.999.442 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\W... Read more

Answer:Infected with ms removal tool malware

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

11 more replies
Relevance 76.26%

Hi folks,
Malwarebytes is blocking the malware removal website for me.Is the malware removal website infected itself?

Answer:Malware Removal site infected?

What website is that? Can't check it out if we don't know the url.

5 more replies
Relevance 76.26%

Hi
I have tried the softwares I mentioned all in full version(trial) except zenama which is free
It started with a lot f ads,inability to download anything and pop up installer for random aps whenever I opened any app or new webpage.
Most is fixe and laptop is kinda normal now..but these three errors(scan log uploaded) reappear on zenama scans,without any trace on anti virus or any other tool from those mentioned.
 

More replies
Relevance 76.26%

Hello. I have windows 7 and I noticed norton picked up on a few things. I didn't see the first one but a message just popped up now saying there was an attempt blocked called HTTP Nukesploit request. I did a little research online and found that it's malware. I know nothing about viruses and how to get rid of them besides downloading antispyware or programs such as that and running them and seeing what is found. Norton found that nukesploit and read about other people who have this problem have malware. While I was looking at that message, I decided to check my norton history and see what other things are detected as I leave my computer on sometimes while watching tv and don't notice the messages. There was one attempt blocked a few days ago saying HTTP Fake av redirect. I researched that a little bit and people have said that there's a fake av program installed on their computers but I only have norton on mine.

Also, my internet explorer has been crashing a bit more often. With the error message saying "internet explorer has stopped working" and you click ok and it restarts the browser with the tab you have it on. I haven't been doing anything weird I'll just be trying to watch a streaming video or something and it gives me that error message. It usually happens with streaming video sites or on sites I always frequent like a few video game websites and streaming sites and such but it's never off a new page i'm going to. It happens m... Read more

Answer:Infected with malware and something else possibly - help on removal

bump. any help?

1 more replies
Relevance 76.26%

Hi - I am having a problem with my Dell laptop, which runs MS Windows XP SP3. A few days ago I started getting an error message shortly after startup saying that the "DCOM server process launcher terminated unexpectedly and Windows must shutdown" with a 60 second timer. I can stop the shutdown using Start/Run/shutdown -a. The computer will then work, but I continue to get pop ups saying the computer is infected. When using IE to search the internet, I constantly get redirected and get pop ups urging me to install "Antivirus Pro 2009." I have Malwarebytes, Superantispyware, and Combofix installed on the computer, but I can't run them - I just get the egg timer for a few seconds, then nothing. I tried in safe mode and also from a memory stick and still can't run the programs. I also can't download new versions of the programs or any other Malware-related programs, such as HijackThis - I just get redirected or I get a message that IE cannot display the download page. I also cannot get to your site, so I am using another computer to contact you. I went through your cleaning procedure and was able to get through Steps 1 and 2; however, I can't do Step 3 since none of the programs will run. Any help would be appreciated.

Thanks,
Bobny
 

Answer:Infected and Can't Run Any Malware Removal Programs

Welcome to Major Geeks!

I know you indicated you have started to run the READ & RUN ME, but follow along with the tips/notes below and try ALL steps. Make sure you also follow the instructions about renaming files.

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.
READ & RUN ME FIRST. Malware Removal Guide

If something does not run, write down the info to explain to us later but keep on going.

Do not assume that because one step does not work that they all will not.
Notes:
If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

 

16 more replies
Relevance 75.85%

I noticed yesterday that my Norton Internet Security 2009 had stopped working. I tried a reinstall, which was unsuccessful. I then tried spybot and ad-aware. They didn't load either.So it seems that I have an infection. When I type in "hijackthis" into google, or try an online virus check, the browser closes. When I try to open the logs and removal subboard on this site the browser closes. I noticed I had a copy of hijackthis; when I try to open this folder windows explorer closes.I tried to restart in safe mode with networking and got blue screen: "A problem has been detected and windows has been shut down to prevent damage to your computer. If this is the first time etc..... Check for viruses etc.... Technical information ***STOP: 0x0000007B (0xF789E524, 0xC0000034, 0x00000000, 0x00000000)I have backed up data and disconnected my computer from the internet, and am writing this from another computer.I ran dds as suggested. Below is the dds.txt wording. I have attached the attach.zip file.Rootrepeal froze in the middle of the scan, while scanning c:picstemp, which is my default place to save files downloaded from the internet. So I cannot give you a rootrepeal report at this time.DDS (Ver_09-11-29.01) - NTFSx86 Run by S?ren Hjorth at 15:48:34,53 on 29-11-2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Professional 5.1.2600.3.1252.45.1033.18.1022.688 [GMT 1:00]============== Running Processes ===============... Read more

Answer:Malware has disabled my anti-malware tools

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

4 more replies
Relevance 75.44%

Hello, I am having trouble detecting what malware is causing my computer to have pop-ups and redirections in my web browser. I used a tutorial that used rkill and malwarebytes anti-malware to remove MalwareDefense. Upon reboot, Malware.Trace popped up. I thought I had removed it, but am still getting the pop-ups and redirections. Nothing is showing up on my MBAM scans now, and Avast doesn't seem to be removing or quarantining any of the infections either.DDS (Ver_10-03-17.01) - NTFSx86 Run by USER at 13:23:30.82 on Wed 04/07/2010Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1314 [GMT -4:00]AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}AV: avast! antivirus 4.8.1368 [VPS 100407-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files&... Read more

Answer:Still infected with pop-ups, even after removal of MalwareDefense and Malware.Trace

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

7 more replies
Relevance 75.44%

My computer has been infected with Smart HDD. I'm in the process of removing it, but even in safe mode with networking it still wont let me access Malwarebytes Anti-Malware pogram to scan and remove the virus. DDS (Ver_2012-10-19.01) - NTFS_x86 NETWORKInternet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_16Run by Melissa at 17:46:28 on 2012-11-04Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1013.378 [GMT -7:00].AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\explorer.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\s... Read more

Answer:Infected with Smart HDD and still cant run Malware Removal Programs

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

17 more replies
Relevance 75.44%

Hi My Windows 7 PC 64bit is infected with Virus / Malware. Whenever I try to use Internet Explorer it guides me to different websites each time. Is there a good Antivirus / Malware which can help clean up the infection. I do not want to reinstall Windows. I will appreciate if you can share some of your experience with me. Thanks!!!EDIT: Moved from Win 7 to Am I Infected forum ~ Hamluis.

Answer:Virus / Malware Removal for infected Windows 7 PC

Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to comp... Read more

1 more replies
Relevance 75.44%

I was infected with Spyware Removal 2009 Malware. so I had the Spyware Removal 2009 malware somehow got installed on my computer. As some forums said I installed malwarebytes to remove it. I think I got most of it out but I thought I had it all removed before and it came back. So here is my hijackthis file to see if everything is off.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:53:33 PM, on 3/8/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\agrsmsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exec:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS... Read more

Answer:Infected with Spyware Removal 2009 Malware.

Hello pdeals917,This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Thanks,tea

4 more replies
Relevance 74.62%

Hello and and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since resolved your issues I would appreciate if you would let me no so I can close this topic.Please download Malwarebytes' Anti-Malware from HereNote: If you already have Malwarebytes' Anti-Malware, just update then run it.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy and Paste the entire report in your next reply .Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.Download random's system information tool (RSIT) by random/random from here... Read more

Answer:Infected virus, trojan , spyware , and malware removal

Thank you for your response.... here are the following logsLog:Logfile of random's system information tool 1.06 (written by random/random)Run by User at 2010-03-09 10:36:20Microsoft Windows XP Home Edition Service Pack 3System drive C: has 142 GB (93%) free of 153 GBTotal RAM: 510 MB (8% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:36:45 AM, on 3/9/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16981)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exeC:\Program Files\Apoint\Apoin... Read more

33 more replies
Relevance 74.62%

Hello all, thanks for the wonderful forum and the help! One quick thing to get out of the way - when I ran DDS, it created the DDS.txt but I did not get an Attach.txt log. I will post what I have. My Mother In Law's computer is hosed. Pretty badly. You can open up IE, and it just sits, there, never even really opens. I was able to put Firefox on here, which I'm using right now, and it's usable. But anytime you do a Google search, when you try to click on any of the results, you're redirected to any number of obviously virus loaded sites. I'm sure there are other problems that I haven't encountered yet. I'm just now starting to dig into this machine. I'd like to have it back to her in the next few days. Thanks for your help!DDS (Ver_09-12-01.01) - NTFSx86 Run by Andrew at 17:27:46.70 on Sun 03/14/2010Internet Explorer: 7.0.6002.18005Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2940.1691 [GMT -5:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\Win... Read more

Answer:Malware removal novice seeking help. MIL's computer infected.

Hello MrCarner Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.Please keep in mind that we have a large backlog of users just like yourself waiting to be helped so try to be as timely as possible in your replies. Since we do this on a part-time voluntary basis we are limited on how many logs we can respond to and keep open due to time restraints. If you have to be away or can't answer for some other reason just let me know. Thank you for your understanding.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.Is everything still the way you described it in your initial post? Have you been able to stop Symantec yet? Let me know of any other things which might be pertinent since you first started the thread.Thanks,thewall

4 more replies
Relevance 74.21%

Hi,I need some help with the guide titled, "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help".http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/I'm up to step 8.I already downloaded GMER and when I double click it. It would automatically do a scan without prompting me (lasting less than 10 seconds) and then I continue with the instructions in the guide: I unchecked 'Sections', 'IAT/EAT', Drives/Partition other than Systemdrive, which is typically C:\, and 'Show All'.When I clicked "scan" the program just froze on me. I waited for about 5 minutes to see if it was just a lag but then I noticed the clock on the bottom of my computer screen also froze. I had to force the computer to shutdown by holding the power button. I tried GMER again about 2 more times and it froze both times the moment I clicked "scan". Then on the 3rd and 4th try, it scanned but I walked away for about half an hour and when I returned, it appeared to have self terminated. Then my final attempt. The scan finished and I clicked the "save..." button and the program froze on me and again, the clock on my desktop has froze again and I was not able to save the scan report.Is there an alternative program I can use rather than GMER?Thanks

Answer:I need help in the guide titled, "Preparation Guide For... Malware Removal Tools..."

If you cannot get GMER to just just post the other logs asked for and explain the problem you had trying to run GMER.

3 more replies
Relevance 73.8%

Bleeping Computer used to have a tutorial named "How to easliy clean an infected computer (Malware Removal Guide)"
 
Is it still available? Has it been updated to include Windows 10?
 
If it is available, could you provide a link to the article.
 
Thank you
 
BTC

Answer:How to easily clean an infected computer(Malware Removal Guide)

Are you referring to this guide?http://www.bleepingcomputer.com/tutorials/how-to-remove-a-trojan-virus-worm-or-malware/If so, it's from 2005 and a lot changed since then. While a lot of information in it is still relevant today, I suggest you to ask for assistance here if you need help with malware removal.MalwareTips is the website having an article with the exact name you mentionned.

4 more replies
Relevance 73.8%

Gauss is a project developed in 2011-2012 along the same lines as the Flame project. The malware has been actively distributed in the Middle East for at least the past 10 months. The largest number of Gauss infections has been recorded in Lebanon, in contrast to Flame, which spread primarily in Iran.
Functionally, Gauss is designed to collect as much information about infected systems as possible, as well as to steal credentials for various banking systems and social network, email and IM accounts. The Gauss code includes commands to intercept data required to work with several Lebanese banks - for instance, Bank of Beirut, Byblos Bank, and Fransabank.

Check online if your computer is infected with Gauss malware in a few seconds by going here. Download the Gauss Removal Tool by Kaspersky here.
CrySyS have also introduced a web-based method to check your system for Palida Narrow. Their test webpage is currently available here: http://gauss.crysys.hu.

Answer:Gauss malware: Check if your PC is infected - Download Removal Tool

Thank you for this great tweaker.

1 more replies
Relevance 72.98%

Hi,

I am the IT manager in my company.

I have a co-worker, his computer has search redirect issue. That means most likely it has malware.
Then i installed some major malware removal: Spybot Search & Destroy, SUPERAntiSpyware, Malwarebytes

After i installed them, i cannot launch them(That definitely means it has some kind of malwares)
I needed to rename their .exe files, after i can run them and scan my computer.

SUPERAntiSpyware, Malwarebytes found something, but didn't solve the problem, search redirect and
blocking malware removal software are still there. Now i am running Spybot Search & Destroy will see what happened.

By the way, i run them in safe mode because when i logon window to normal mode, it is slow (like it takes a long time to explore hard drive, etc). I suspect the malware slow down my pc. hopefully not registry corrupted or something, but works smoothly in safe mode.

So you guys have any suggestions? or you need a log file from combofix?

Please advise,
Tommy

Answer:malware: google yahoo redirect and can't launch malware removal software

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

5 more replies
Relevance 72.57%

I did a hijackthis scan and here's what I got:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:18:17 PM, on 4/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\WINDOWS\System32\00THotkey.exeC:\WINDOWS\system32\TFNF5.exeC:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynT... Read more

Answer:Malware Blocking Acess to Spybot, Microsoft Malicious Removal Tool and other anti-malware programs

Hey guys I solved my own problem. I completely reinstalled windows. (It was about that time anyway)

2 more replies
Relevance 72.57%

Hi, I'm suddenly having a lot of trouble with malware. My computer seemed to be running okay but I ran Malwarebytes as I occasionally do, and it picked up a fair amount of malware on my system. I deleted it and rebooted, but that's when my problems really began. Upon restarting, my internet connection has become almost unusable. It's extremely slow and generally I can't even open a page that I want after trying to refresh several times. Oddly though, google is working perfectly and a few other sites seem to work too, including this one. I've tried running MBAM again and again, each time it picks up more malware and I remove it, then reboot and the cycle renews. I can't seem to get rid of all of it, every time I scan my system there's just more of it. I've tried ComboFix but it doesn't seem to have done anything. One persistent thing seems to be photo_id.exe, I've got a few messages from MBAM saying it can't be removed and I need to reboot. Also, I've noticed that if I'm trying to reach a webpage, although it won't load there seems to be some redirecting, for example I just tried to reach a wikipedia page and it says &quot;The server at topsearchfeed.com is taking too long to respond&quot; For some reason I can't bloody format this properly no matter how hard I try, so here's an attached HJT log:
 

Answer:Malware removal attempt led to unusable internet, still can't remove all malware

problem has become more serious, now my mother has told me that the internet on her laptop is also extremely slow and essentially unusable, I'm worried that something from my computer has got on to hers via the wireless network we're both connected to. Somebody please help me
 

2 more replies
Relevance 72.57%

Please help me,
I cannot access any internet (wifi & ethernet) after malware removal using GridinSoft Anti Malware. I already updated network drivers, but it's still not working.
 

More replies
Relevance 72.57%

I was surfing the web today and I believe I clicked on a pop up by mistake when I shouldn't have. Avira then blew up with Malware alerts and I knew I had a problem...

I did a virus scan and it removed the detections found but when I did a restart they were back again. Also, the virus seems to move itself around to other .exe files. I found it had infected moviemaker.exe so I manually deleted the file as I don't need it but as soon as I emptied my recycle bin the moviemaker.exe file returned back to its original folder.

I'm afraid something really nasty has infected me. Avira is detecting it as a W32/Infector.Gen2 and Maleware Bytes is detecting 2 Malware.Packer.Gen files.

I went through the Read Me First steps on this site and preformed everything it asked. However, I was unable to uninstall my previous JAVA (ver 19) and was not able to install the newest version of JAVA. Both gave me errors that the installation program wasn't working.

I'm attaching the logs here. Can anyone help me get rid of whatever is infecting my machine? I would really appreciate the help!
 

Answer:HELP-Requested Malware Removal (Infector.Gen2 / Malware Pacger Gen)

Here is the 5th log.
 

6 more replies
Relevance 72.57%

Gud day to everyone,

My computer having some malware activity, i have used adware 2008, spyware removal tool, norton anti-virus and other removal tool, but still those malware cannot be deleted.. My Computer icon could not display its properties, instead it appears like a file when you see its properties. It also disabled TCP/IP that why until now i cannot connect to the internet.. I don't have WindowsXP SP2 cd for repair..

Please help me as soon as possible, because it is a server..

Answer:Urgent! My XP SP2 have malware activity!.. cannot remove using malware removal tool

Hello frozenfire03, Welcome to TSF!

I recommend that you read this article… "Having problems with spyware and pop-ups? - First Steps"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.

When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Good Luck with it.

Kind Regards,

7 more replies
Relevance 72.16%

Hi everyone,Long time lurker first time poster (usually cos other people's malware logs help me diagnose problems on the PCs I fix), but I've really run into a dead end on this one!The machine in question had all sorts of malware on it, including the new "Security Suite" infection that seems to be doing the rounds, I managed to remove the bulk of it, however there's still something a bit fishy up there as avast keeps complaining that explorer.exe and winlogon.exe are infected with "Bamital-X".If I restart the PC, the avast on access scanner does something to explorer.exe and I have to delete the explorer to allow Windows to replace it with a working version, however then after a few more minutes avast pops up an infected warning again!For the moment by the way, I do not have physical access to the computer, I'm connecting to it remotely, however I could probably guide the user through anything that needs to be done in the recovery console if needs be.Hopefully I've done the rest of this right, here's the DDS log and attached are the Attach.txt and GMER logs.Regards,JamesDDS (Ver_10-03-17.01) - NTFSx86 Run by Administrator at 9:51:32.45 on 20/08/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3063.2348 [GMT 1:00]AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDO... Read more

Answer:PC still claiming explorer.exe is infected after removal of all sorts of malware (including Google redirect)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

2 more replies
Relevance 71.75%

Had a machine in riddle with viruses which we duly cleaned up and removed without incident. Uninstalled the applications one at a time, restarting each time it was required and all was good.

After removing the last app (dont ask me which one it was I cant rememebr) the machine no longer starts.

It's boot cycling but once we disable automatic restart on system failure it brings up a STOP 24 error.

Have booted to puppy linux and examined the hard drive (which is SATA btw) and the data seems intact so we can assume, physically at least, that the drive is good.

Booting to an XP CD and attempting to access the recovery console to run chkdsk /r and it appears the drive is either not detected or is empty (the latter we know not to be the case)

Boot to an X CD to attempt a repair install and it tells me there is no hard drive present.

Check the BIOS and the drive is detected properly. swap the hard drive for a SATA CD and it detects the CD without issue which makes me thing the SATA controller must be functioning too.

Now it seems that the this single disk system has some kind of RAID configured on it according to the boot screens. My next step would be to remove the RAID but I'm concerned it might format the drive. Is this likely? It has an ASUS A8R-MX/S motherboard but the info I get from their site is a little vague.

Am I on the right track with the RAID thing or way off base, help me folks its driving me nuts.
 

More replies
Relevance 71.75%

Please find attached the logs from the scans in the Windows XP Cleaning Procedures. I followed the Cleaning Procedures but still have a problem. The problems can be pinpointed to yesterday when I surfed to a web site without having an up-to-date Anti-Virus definition files. Before I knew it, I had an infected machine.
There seems to be 2 problems.

(1) After restarting the computer, Windows File Protection gives following message.

Windows File Protection
Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. Insert your Windows XP Profession CD2 now.

I have Dell OEM Windows XP Media Center 2005 installed on my Dell Dimension 5150/E510. Problem is, Dell has a Windows XP re-installation CD but Dell states there is no 'CD2'.

(2) I keep getting pop ups every time Internet Explorer is open. The pop ups occur on their own.

Hopeful you can help me to fix the problem. :confused
Thanks,
Ankur

p.s. Please note, the AVG Anti-spyware log is not attached because it was not generated by the tool. I scanned my computer using Trend Micro (after updating virus definition files) and I can provide the logs if you need.
 

Answer:Malware problem not fixed with Malware Removal instructions

Welcome to Major Geeks!

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
Java 2 Runtime Environment, SE v1.4.2_03

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F3 - REG:win.ini: load=C:\WINDOWS\system32\mlljg.exe
O2 - BHO: (no name) - {3F7BDD0B-0462-4F19-8B87-54D83601B87C} - C:\WINDOWS\system32\mlljg.dll
O2 - BHO: (no name) - {B8AFD866-6B8B-490E-DA2E-39E671810F96} - C:\WINDOWS\system32\mknamps.dll (file missing)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime

After clicking Fix, exit HJT.


Now download The Avenger by Swandog46, and save it to your Desktop.

Extract avenger.exe from the Zip file and save it to your desktop
Run avenger.exe by double-clicking on it.
Check the 'Input script manually' box.
Click on the magnifying glass icon.
Copy everything in the Quote box below, and paste it in the box that opens:




Files to delete:
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\mlljg.exe
C:\WINDOWS\system3... Read more

9 more replies
Relevance 71.75%

Dell m1330 Vista home premium. I have malware isses, frequent memory dumps, google redirection and something is preventing me from running or installing anti-malware programs. I had to install malwarebytes using the rename method, but the program will not run in safe mode or normal. I had spybot previously installed but I was also prevented from opening, so I tried reinstalling, but before it can complete the installation I get the blue screen of death memory dump! Before reading the procedure I ran coolweb, kill2me, windows defender and windows malicious software tool. None of the programs found anything. I also perfomed a couple system restores, but both failed.

Should I continue with the cleaning procedure (combofix), or does anyone know how I can get malwarebytes and spybot to run?
 

Answer:Trying to follow malware removal procedure, but malware is preventing me?

Here's my MGtools log, it was the only program that worked.
 

4 more replies
Relevance 71.75%

Four steps that will keep your PC happy, healthy, and crap-free

Malware sucks. In the best-case scenario, it craps up your system with unwanted files and occasionally makes itself known in the form of a persistent pop-up window or annoying browser-based toolbar. In the worst-case scenario, malware completely takes over your desktop or laptop and ruins your life.

Your system slows to a crawl. You can’t even boot into Windows in the time it takes you to walk to the kitchen and back. Your data gets sent off to a faraway Internet land or, worse, your actual keystrokes are recorded for some unsavory individual to see. Malware locks down your browser, making you unable to actually do any browsing without being carted off to some bogus domain. You can barely run a program in Windows without getting bombarded by fake advertisements, programs, and dancing people on your desktop.

We can’t make this stuff up.

So what’s a computer enthusiast to do? Step zero: Read this guide, because we’re going to walk you through all the key details you need to know to both rid your computer of this junk and keep it free of downloaded nasties forevermore.



Read more at:
Maximum PC | Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Answer:Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Most excellent reading, thanks for posting for all to see, I , myself, use most all of these myself, the only paid program i have is malwarebytes, the rest are free add ons or are free programs . Thanks.

5 more replies
Relevance 71.75%

Hello everyone

I have a problem at the moment, when I turn on my computer, it loads with the icons but no taskbar appears at the bottom.

I dont have a anti virus program at the moment as it expired on me a while ago.

So the internet does not work anymore on my pc, so I cant get a new anti virus program If I wanted to. I cant run 75% of my programs as well.

So what can I do o fix the problem? so I have the taskbar back. I cant copy and paste anything including pictures, videos, word documetns, and I cant uninstall anything (it wont let me) . I have tryed the safe mode (taskbar not there to)

so what can I try to get my pc back to normal?

My pc takes about 4 times as long to load the windows password window and about 5 mins to load the desktop, also have no sound as well. I Tryed to install the malware bytes porgram it installed but it wont run at all it says runtime error 373.

Thanks
 

Answer:Possible virus, malware? computer useless

Hi and welcome. I am not so sure this sounds like a malware problem from what you have described.



So the internet does not work anymore on my pc, so I cant get a new anti virus program If I wanted to. I cant run 75% of my programs as well.Click to expand...

Again, I wonder if you are not having networking problems, you didn't explain what happened before your PC became unstable.
You mentioned that you tried to install Malware Bytes but that you recieved an error.

How about if you try to continue on doing as much as you can, such as trying to also install SUPERantispyware and letting us know how that goes. Get everything on flashdrive or disk from another PC if this one wont let you connect to the internet, and try running them all, including Combofix and MGTools.

If we cannot make much in the way of progress here- you may be better off advised to post in the software or networking forums to troubleshoot down what's going on.

So in your next reply, if you were indeed able to run any of the tools, attach the following logs:
SUPERantispyware
ComboFix
Mglogs.zip

Thanks
Kes
 

1 more replies
Relevance 71.75%

I have several problems with my computer. It is infected with "AntiVirus System Pro" to start. I have tried to re-install McAfee antiVirus and it will not let it run, nor will it let me run MalWareBytes AntiMalware OR GMER.exe as directed in your first steps. The warning and pop-ups appear constantly, and Internet Explorer is constantly re-directed, or"Hi-Jacked". When I was able to run McAfee, the infected files that kept re-appearing after scans were DC7.exe and UAC????.tmp (several different endings after UAC. Below is DDS.txt, and attached is Attach.txt.
Any help is greatly appreciated.


DDS (Ver_09-05-14.01) - NTFSx86
Run by MEL at 21:07:32.89 on Mon 06/01/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.116 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\XGI\twatdog.exe
C:\WINDOWS\system32\Trirot.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files... Read more

Answer:Malware/Virus Useless Computer

Hello, and welcome to TSF.
I am currently reviewing your log. I will be back with a fix for your problem as soon as possible.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread.
Make sure it is set to Instant Notification, then click Subscribe.
Please be patient with me during this time.

10 more replies
Relevance 71.75%

So recently while browsing around online, I acquired a virus/bot/malware of some kind. It may have been a combination of different infections but it began with random pop-ups and a program called msa.exe that I managed to locate and delete. However, another infection has been disabling ALL of my antivirus. When I try to use Malwarebyte's Anti-Malware, AVG, Ad-Aware, Spybot Search & Destroy, or even online scanners such as Panda and F-Secure, it disables them and I often receive a message that includes something about not having the appropriate permission to access these files. Even if I try to delete the file such as Spybot S&D, it says the file is in use. Trend Micro's RUBOTTED tells me I have a bot but the online scanner won't work because it claims I do not have a Java runtime environment, even when I followed the instructions to download it.
Also, I have tried using HiJackThis but it also becomes disabled and shows me the same message.
Can anyone help please?
 

More replies
Relevance 71.75%

While online yesterday my avg antivirus (identity protection) suddenly prompted me to quarantine process ipqe.exe. This happened twice. Having done that I realized that both vectorworks and photoshop had stopped working. Both programs were running at the time of the idp alert. Their shortcuts and program file folders are still there but I can't seem to find any .exe files or the like to get them running again.

I scanned my computer with avg but it found nothing. I tried showing hidden files, restart and system restore, nothing worked (system restore won't work in safe mode either)! Today I have rescanned the comp with malewarebytes and avg and both programs found something. Mwb found two files that were sent to quarantine and avg found a trojan called SHeur4.ANLN (I deleted that one from the virus vault). I have tried restoring the computer several times today as well but to no avail. The computer was and is still running fine, and all (?) other programs seems to be working except for photoshop and vectorworks. But I'm still concerned about what may be lurking in my computer and I really need thos programs working! Help please!

DDs.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by ?garen at 16:44:23 on 2012-08-24
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2030.1211 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled*
.
============== ... Read more

More replies
Relevance 70.52%

Dear helper,

Am I infected ?? What should I do ?

Window XP, Internet Explorer 6, Sony VGN-SZ18GP laptop bought in 2006.

System crash last night, with rapid lost of hard-disc drive space (from 15 GB down to 100 Mb within 2 hours). Norton security (2006 version) & Internet explorer were busted afterward, was not able to run at all. The build-in system recovery programme was also affected.

Was forced to use back-up system recovery CD to restore the laptop back in its origin shipping state.

However afterward it is still not right. Installed McAfee (from my internet service provider) but the update function is not working - repeatly state that it can now update because I am not connect to the internet, when I'm actually conneted to your website typing this email right this moment. Also internet access to microsoft and all other common antivirus website (Norton, McAfee, AVG, Kaspersky, Avast, etc) are all block. Hence I can't even attempt to find out what happen to my laptop.

What virus have I been infected ? What programme should I use to remove the malware now that I cannot access to any of the antivirus website or microsoft website ?

Thank you

Jason

More replies
Relevance 70.52%

Please reopen the case:http://www.bleepingcomputer.com/forums/t/278792/infected-by-various-malware-help/ Original message, posted on December 14, 2009:My computer is infected by malwares. Earlier I got help from bleepingcomputer staff under topic malware and has tried to use these software to clean my infected computer but still to no avail. The volunteer who helped me earlier asked me to use hijackthis and paste the logs on this forum.Malwarebytes Anti-Malware (v1.41)TFC by Old TimerKaspersky Virus Removal ToolEset Online Antiivirus Scanner.Kaspersky Online Virus Scanner.Sophos Anti-rootkitNorman Malware CleanerThe problems are:- When I use Internet Explorer or Mozilla, sometimes another window open automatically that mentions google hiring, websurvey, etc- When I use search engine to find something, I could not click the link to bring me to the shown result that I want, instead it brings me to an unfamiliar site. I have to copy and paste the web address to open it. If I click the link, sometimes it brings me to an anti-virus ad that force me to download the software (it would not allow me to close the browser) so I have to end the whole internet session forcefully.----------------------------------------------------------------------------------------------------------------------------------------------LOGFILE IS ATTACHEDLogfile of random's system information tool 1.06 (written by random/random)Run by USER1 at 2010-01-07 19:27:45Microsoft Windows XP Professional Service Pa... Read more

Answer:Closed TopicStart new topic > Infected by various malware. Help !!, Malware pop ups and could not open link from se...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand cor... Read more

17 more replies
Relevance 70.52%

About a week ago, I noticed that when running Internet Explorer www.google.com that clicking on a website would take me to an add instead of the website. If I clicked back and clicked on the website again, it would correctly go to the website.

A day or two before noticing this issue I had upgraded to AVG 8.0 Free and had installed the latest Firefox version.

I am running a Windows XP Professional SP2, Intel Pentium 2.8 GHz.

I ran the instructions at forums.majorgeeks.com/showthread.php?t=35407 and am still experiencing the same issue as described above.

Any help would be greatly appreciated! This is the first forum I've ever posted to so be patient!

Thanks,
Deb
 

Answer:Malware - Exists after running MalWare Removal

This is the last of the Malware log files.

Thanks again!
Deb
 

2 more replies
Relevance 70.52%

Have got a strange one, where have attempted to remove XP antispyware 2009 using malware antimalwarebytes. Looks to have been partly successful - but have got something else interfering. Frequently have pages on IE as "not found".

Have posted HJThis log and Malware Antimalwarebytes log below. Thanks for any assistance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:58, on 08/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdjserv.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologi... Read more

Answer:Malware - blocking removal by malware antimalwarebytes

16 more replies
Relevance 70.52%

Hiya

Im running XP, avg detected trojans, the first one it got rid of, the second one Generic13.ATHP it could only remove it partially, apparently located in in c:\windows\system32\svchost.exe

Started the Malware Removal Process as recommended, SuperAntiSpyware wouldnt install, so I changed the filename, and it has installed but when I attempt to run it I get an error message -

SUPERAntiSpyware Free Edition has encountered a problem and needs to close. We are sorry for the inconvenience

The same happens with any other malware/spyware removal program, Spybot S&D, Malwarebytes etc...

Is there anything I can do to fix this?

Thankyou!
 

Answer:malware halps/malware removal not running

Hi again,

also tried doing this (as seen in another thread)

Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

* Scroll down to ?Non-plug and Play Drivers? and click the plus icon to open those drivers.
* Then search for TDSSserv.sys
* Let me know if you find this or not.
* If you do find it, right click on it, and select Disable. Do not try to uninstall it.
* Also if this is found and you disable it, then reboot and see if you can run the cleaning procedure and attach the requested logs.


but the device mentioned is not present (although there are a few that have error "!" things next to them, but 30 or so others.

:confused have no idea if any of this will help you lovely helper person, but i guess im just trying...
 

2 more replies
Relevance 70.11%

I have run into a terrible problem and can no longer use my computer. It started a few days ago when I believe I was infected by malware...I noticed a program running in my task manager...one of those short 3 letter exe programs, so I decided to run malware bytes. Malware bytes succesfully found that program and I think called it a rootkit or something else. I chose to remove the found problems and then it asked me to restart. Following restart, I get a blue screen of death shortly after the windows XP title comes on. When I choose any of the options (Safe Mode, Safe mode with networking, Safe mode with command prompt, or normal windows) I always get the blue screen and cannot log into windows.

The error message reads:
A problem has been detected and windows has been shut down to prevent damage to your computer. If this is the first time you've seen this stop error screen restart your computer. If this screen appears again follow these steps: Check for viruses on your computer. Remove any newly installed hard drives or hard drive controllers. Check your hard drive to make sure it is properly configured and terminated. Run CHKDSK /F to check for hard drive corruption, and then restart your computer.

Technical Information:
STOP: 0x0000007B (0xBA4C7524, 0XC0000034, 0x00000000, 0x00000000)

So at this point I ordered startup/recovery CDs from dell. I am using a dell computer with OEM installed windows XP home edition. I got the recovery CD today, and can now boot from CD.... Read more

Answer:Blue screen after running malware bytes - infected with malware

Hello, lets see if we can find the cause of this problem. I will move this topic to the malware removal forum.Try this please. You will need a USB drive.Download GETxPUD.exe to the desktop of your clean computerRun GETxPUD.exeA new folder will appear on the desktop.Open the GETxPUD folder and click on the get&burn.batThe program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.Click on Start and follow the prompts to burn the image to a CD.Remove the USB & CD and insert it in the sick computerBoot the Sick computer with the CD you just burnedThe computer must be set to boot from the CDGently tap F12 and choose to boot from the CDFollow the promptsA Welcome to xPUD screen will appearPress FileExpand mntsda1,2...usually corresponds to your HDDsdb1 is likely your USBClick on the folder that represents your USB drive (sdb1 ?)Press Tool at the topChoose Open TerminalType the following and press enter:

dd if=/dev/sda of=mbr.bin bs=512 count=1

Press EnterAfter it has finished a file will be located on your USB drive named mbr.binRemove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

4 more replies
Relevance 70.11%

It is so similar to MaxGen's problem that I have used some of his description of what is happening to me(us).I got infected by a nasty malware while surfing the internet. popups were created immediately so I knew right away something was happening. I wasted no time in running Norton AV and Ad-aware. Norton says it had found and removed the problem (Trojan.Vundo and Trojan.Metajuan)and I should restart. But everything got worse after first restart. No programs wanted to work. I even tried to backup personal files to Cd/Dvd and Nero did not recognize my burner. Now my situation is:1. Even in safe mode, I cannot run any anti-spyware software: Spybot and Spyeraser do not show up even though they are seen running in windows task manager. Then the .exe application file will no longer work. When I tried to run them again, it will say "Windows cannot access he specified device, path, or file. You may not have the appropriate permission to access the item."2. Cannot connect to any website, it always shows trying to connect. (The connection itself shows OK). - I downloaded AVG after the first restart and it found and fixed 8 of 12 problems found. I rebooted and was then unable to get on internet and AVG does not work anymore. 3. Worst of all, I can't even post the HijackThis logs. It does not start - telling me I do not have permissionsLike MaxGen there could be other symptoms I have yet to discover. I too have never seen this kind of nasty stuff. Please help!... Read more

Answer:ME TOO!! Infected by extremley nasty malware, can't even run HJT, please help, Unknown malware, windows XP

If you cannot get DDS to work, please try this instead.Please download RSIT by random/random and save it to your Desktop.Note: You will need to run this tool while connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding Rist attempting to contact the Internet, please allow the connection.Close all applications and windows so that you have nothing open and are at your Desktop.Double-click on RSIT.exe to start the program.If using Windows Vista, be sure to Run As Administrator.Click Continue after reading the disclaimer screen.Leave the drop down box set to default: "List/folders created or modified in the last 1 month (30 days).When the scan is complete, a text file named log.txt will automatically open in Notepad.Save the log file to your desktop and copy/paste the contents into a new topic in the HijackThis Logs and Malware Removal forum, NOT here.Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.If RSIT did not work, then reply back here.

6 more replies