Computer Support Forum

Help Me Please:Windows Update.com Trojan

Question: Help Me Please:Windows Update.com Trojan

Today, I did a clean install on my computer and finally got it working right. Then, I installed the update for my Office 2000 program. After installing the Office 2000 update from Mircrosoft, I started seeing windows update.com on my computer. I have did scans with my virus scans, spybot, and adaware and have found nothing. I suspect that this is a trojan. How can I get rid of this damn thing. Help Me!

Relevance 100%
Preferred Solution: Help Me Please:Windows Update.com Trojan

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Help Me Please:Windows Update.com Trojan

8 more replies
Relevance 47.56%

I am at my wits end with this thing. For the past week I have been researching and applying possible fixes to get rid of the problem and make it go away but it proves to be a persistence one. Every time I try to access Windows Update it will redirect me to www.msn.com. In addition, a lot of the anti-spyware/adware I tried to install would not update so I have to do them manually. This included ad-aware, which I asked a friend over messenger to download the most current definition so I can update it manually (I could access the lavasoft website alright, but when I try to download the latest definitions, it redirect me to a different page). I did try to restore my computer to the original manufactured version but it did not solve the problem. I ran Ad-aware and spybot on my computer until they runs clean (both in safe mode and normal mode with restore disabled). I also use Malwarebytes' Anti-Malware, which I must have done over 20 runs >.< Anways, sometimes it comes up clean and sometimes it comes back with the following again:Registry Data Items Infected:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.35 85.255.112.79 1.2.3.4 -> No action taken.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7399b5d5-4309-474a-8d48-ce0fb03498e5}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.2... Read more

Answer:Trojan.DNSChanger, windows update goes to msn, anti-spyware/ad-ware won't update

This thread can be closed. I resolved the issue. It wasn't my computer at fault but the router. I became suspicious when every single computers in the house exhibit the same behavior. So to test it out, I use one computer to hard-wire to the internet without the router and I was able to access the windows update page without any problems. Whatever someone did to my router, I have to revert it back to the original manufactured version and afterward, everything ran smooth again. All of my virus software, anti-spyware/adware software are able to update without any problems now. Thanks everyone.

1 more replies
Relevance 43.46%

..I've been hit by trojans three times in the last month.

I just realized today that each trojan atack was immediately after installing some windows updates.
what do you make of this??
 

Answer:Windows update? a trojan???

Thats kinda wierd

maybe do your windows updates sooner

make sure u have updated antivirus and firewall software
 

3 more replies
Relevance 43.05%

For some reason my Windows Update refuses to active. I have the red icon in the taskbar and none of the options it gives me works so I went into the Services tab. Windows Update was set to disabled, so I changed that, but right when I hit ok or apply, it resorts back to Disabled.

I have reason to believe it may be the work of a malware of some sort as I found two variations of Trojan.Win32.Monder, and Trojan.Win32.Inject in various parts of my computer with Kaspersky. The program disinfected it, but this problem remains so I believe it could still possibly be a virus problem before I go asking someone's help with any registry changes to fix this.

Could anyone help me with this annoyance? I have to get some of my updates and don't want my personal info to be compromised. Attached I have my current HiJack This! log.

EDIT: I just scanned with Malwarebyte's AntiMalware and found currently 25 infected objects, mostly Vundo. This may be the reason why I couldn't access Facebook with Firefox, but could with IE. What I mainly am concerned about is why Kaspersky failed to pick these up while Malwarebyte had no problem.
 

More replies
Relevance 43.05%

Greetings all:

according to my norton antivirus scan, i have a trojan virus in my WindowsUpdate80739[1].exe file, which can not be deleted or quarantined. Among other things, i think it prevents me from getting automatic updates.

here is my hijackthis log file:

Logfile of HijackThis v1.97.7
Scan saved at 4:32:37 PM, on 10/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\Brian O'Reilly\Start Menu\Programs\Startup\WindowsUpdate80739[1].exe
C:\Documents and Settings\Brian O'Reilly\Local Settings\Temp\JobMonitor\JobMonitor.exe
C:\PROGRA~1\NORTON~1\navw32.exe
C:\P... Read more

Answer:trojan virus in windows update

7 more replies
Relevance 43.05%

I'm sorry, I did not get the specifics but during an update Windows said it had removed two Trojans. Thereafter, I began having trouble opening a login for a company website, etc. I have attached the logs. Can you help me out?

Thank you.
 

More replies
Relevance 43.05%

Hey guys, cant get to windows update and cant access anti virus sites. Also getting some redirects in firefox to gugle-analytics so I think I may have a trojan or other virus that I cant get rid of. Let me know what logs you would like. Thanks in advance!

Answer:Cant access windows update (trojan?)

Hi,

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.Disable any script blocking protection
Double click dds.pif to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT



Download GMER Rootkit Scanner from here or here. Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

19 more replies
Relevance 43.05%

Hi! This computer was infected with tons of viruses and spyware including hijacker.vb.fc, downloader.small.buy, dropperagent.ml, dropperagent mu, backdoor sdbot add, trojan killproc.a etc.

I wasn't able to get on the net so ran a number of programs and could finally get on. Then I downladed ewido and ran that a number of times, ran housecall three times, online panda a number of times. Used hijack this to fix problems. Also used lsp.fix a number of times when I kept having problems here.

I tried reinstalling or revalidating the Windows Genuine software. Didn't work.

Still have a few antiviruses and spyware that I am working on, but I thruout this whole process I am now unable to update windows. So I turned off wauaserv and then deleted from the windows/software distribution folder - selfupdate, websetup, wuredirect, authcabs, datastore, download. Turned wauaserv back on. Didn't work.

I tried going to control panel, administrative tools, service and stopping and then enabling windows installer and windows xp-sp2 fw. I enabled background intelling transfer service. I was unable to start the windows firewall internet connection. However, after working on deleting more viruses I went back to the services and then it was enabled.

I tried turning off automatic updates. That didn't work so I enabled it again.

I tried both custom and express updates. I tried the new update where you can download everything in one location. At scheduled automatic update tim... Read more

Answer:Trojan virus - now can't update windows

download HJT from here:
http://rds.yahoo.com/_ylt=A0Je5mA8f...**http://www.majorgeeks.com/download3155.html,
save it 2 your Desktop, when the downloads finished,
double-click it on your Desktop, go throught the setup,
when the setups done, click the 1st option,
Run HiJackThis and Save a Logfile i think it is,
copy/paste the log it makes in here.

BTW: the log is made in Notepad
it will pop-up at the end of the scanning.
 

2 more replies
Relevance 43.05%

click here.Thought this might be of interest, although it is not likely to be opened by the more savvy computer user.It is mainly aimed at the new users to be aware.

Answer:New Trojan posing as Windows XP update

Already posted by FE sorry. Didn't notice.

1 more replies
Relevance 42.64%

hi there, recently got message that windows defender out of date although set up for automatic updates. didi it manually and all ok but keeps coming up so having to download definitions manually as it never completes its own updates when i click 'check for updates now'. now getting message, ' windows cant check for updates' when it has updated. again clicking 'check updates now' never finishes checking. been no problems previously and i've not changed anything recently. using avira antivir personal which is up to date but found nothing and malwarebytes anti malware which found trackers and deleted them. read that might have a trojan bho.dll but not found anything. any help much appreciated.2.1ghz core2duo, 2gig ram,vista 32bit home premium, all spacks and up to date.

Answer:defender and windows update not updating- trojan?

You could try switching off automatic update. then reboot and then try downloading them manually and see if that works.if not switch automatic update back on and try again.Or go into services and make sure Windows update is set to automatic.

4 more replies
Relevance 42.64%

hello to all the peeps out there:

when trying to install windows updates recieved these to failure errors:

windows update error code 80070005
windows update error code fffffffe
microsoft trouble shooting error code 80072ee2

ran the usual virus/malware software and found this trojan:
smitfraud-c.generic

but after removing it & rebooting the system, it keeps coming back.

Ive now run these programs, but still have the trojan & i'm still unable to update windows
AVG virus & rootkit software
Malwarebytes
Spybot S&D
Hitman Pro_36x64

Any suggestions on what I can do now, or am I totally bleeped?

Answer:smitfraud-c.generic trojan/windows update

Hello, I moved this from WIN7 to Am I Infected..Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click on Change Parameters Put a check in the box of Detect TDLFS file system Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click ContinueLet reboot if needed and tell me if the tool needed a reboot.Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.
For instructions with screenshots, please refer to the How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any ... Read more

12 more replies
Relevance 42.64%

Thanks for your graciousness.
 

Answer:Windows Update Fail, Virus/Trojan too?

Hello,

You're missing Addition.txt report.
 

3 more replies
Relevance 42.64%

My system is infected. When I go to Windows Update to download the web page says "web page cannot be displayed". It does this for several other sites as well when trying to perform a download. Need to figure out what to do so I can get the windows update so I can install various software to scan the system and remove the viruses. The infection is keeping me from receiving the windows update.

It's a never ending cycle, please help

Answer:virus/trojan blocking windows update

Hello,can you run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may tak... Read more

3 more replies
Relevance 42.64%

Hi,

My laptop has been infected with several Trojans - I had tried Malwarebytes, SuperAntiSpyware, Ccleaner, McAfee Stinger and the installed AVG Antivirus before stumbling upon the post by Chaslang posted 10-04-07
http://forums.majorgeeks.com/showthread.php?t=35407

I ran the 4 scans - situation is better but not 100% solved.
My AVG has stopped popping warnings but Stinger and ESET onlinescanner still detects trojan.
Also, Windows update does not work, stating that "Windows Update is not able to search for Updates as the service is not running - it might be necesary to restart the computer". Which I've done to no help.

I'm running Vista Home basic, SP2 in Brazilian-Portuguse.

Thanks a lot in advance

Stig
 

Answer:Re: Trojan Patched c.lyt + Windows Update not working

For 32-bit (x86) systems download Farbar Recovery Scan Tool and save it to a flash drive.
For 64-bit (x64) systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:


Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.
On the System Recovery Options menu you will get the following options:





Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
Click to expand...


Select Command Prompt
In the command window type in notepad and press Enter.
The notepa... Read more

20 more replies
Relevance 42.64%

I think I have trojans on my laptop (3 yr old Acer Aspire 5602). Possibly using windows update although there could be others.

Firstly I would like to apologise for uploading and attaching a trend micro log sheet instead of a dds.scr one. I have AutoCAD 2005 on my system and it will only see it as a CAD script (hence showing an error when loaded).

1. Clicking on a link which opens in a new window or middle clicking a link, browser crashes (only in IE8)
2. Slightly reduced internet speed - but enough to be noticed by me
3. no access to control panel or windows update via start menu or run/cmd
4. desktop often won't show (files are minimised but still show)
5. Windows will appear to 'freeze' removing all functionality completely for 30 seconds, then give 10 seconds as normal, then revert to freezing. (At this point I try to save my work and turn it off as quickly as possible)
6. A blue screen suddenly appears referring to a memory problem then the laptop turns off immediately.

1. 2. and 3. occur near 100% of time (although 1. has only started happening in the last 2/3 days).

4. happens 50% of times when I start windows. The harmful process which seems to cause this might be audiclit.exe (can't remember the exact name - fortunately it hasn't started up at this very moment!)?

5. happens 10% of loadups but will often start if the computer if the laptop is left idle for an hour even if (almost) all was fine when it was first turned on.

6. has occurred 3 times in the las... Read more

Answer:Trojan problem - Windows Update related?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

17 more replies
Relevance 42.64%

After reading on multiple forums, I have problems it looks like with the DNSchanger or similar. When going to Windows Update, I get what looks to be a Google page. I cannot run any Kaspersky updates, Anti-Spyware, etc. I have downloaded and run ComboFix and have a log file when needed.

Thanks in advance for the help!

Answer:Trojan problems? Windows Update goes to Google

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Post in this thread when ... Read more

1 more replies
Relevance 42.64%

Attached is the Win32diag file I was told to post.

Answer:virus/trojan blocking windows update

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 42.64%

My machine recently started showing popups wuth internet explorer even though I use firefox. I ran spybot which reported an occurrence of the Outbreak trojan which it fixed but was unable to fix a problem with windows security center. I believe the trojan came from an infected m4v file.I have run:spybot: removed Outbreak - popups stopped but unable to change windows automatic update settingsadaware: nothing foundcombofix: rebooted and subsequently uninstalled firefoxwindows restore: none of the checkpoints work as it reports 'no chnages have been made'hijack this: with the following reportLogfile of Trend Micro HijackThis v2.0.2Scan saved at 10:01, on 2008-05-30Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files�... Read more

Answer:Outbreak Trojan - Windows Update Inactive

Anybody know how I can make windows automatic updates active again?

3 more replies
Relevance 42.64%

Hello everybody,I can not update to Windows XP Professional. And I think it's a virus or trojan horse who causes this problem. The name of the Trojan is Videx32.sys Rootkit Virus. Win32. Alureon!IK. I'm not able to remove it with my anti-virusscanner, because the virus is hidden in my network. I just can not update net-framework. All of the versions of 2.0 till 4.0 failed.The biggest problem now is that my computer is restarting itself after 15 minutes. This problem arose when I removed a few trojans and viruses from my computer via Karspersky and Iobit malware fighter. One Trojan remained and couldn't be removed via Hitman pro, because you have to buy Hitman pro first but there's no guarrantee that it will work. I think the trojan is the cause of it that I can not update framework. Another name of that same virus is Virus:Win32/Bamital.(C is the detection for the files "explorer.exe" and "winlogon.exe" when they are infected)What can I do to solve this problem?For in that the computer still boots after 15 minutes it's hard to download stuff and some things he was not even arrested. Presumably this is because the virus.]I am also getting an error message when I download framework 25007.fout error while initializing fusion. LibraryShim merger with load () can not be loaded. Error: 0x80131700.I hope this is enough information for you and thanks for the help in advance.NavavistaDue to the current startup problems with my computer I cou... Read more

Answer:Can not update Windows xp pro and I can not remove Trojan Horse

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/413975 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

19 more replies
Relevance 42.64%

I have run Hijackthis, Malwarebytes'anti-malware, avast, mcafee, microsoft security essentials (wouldn't update definitions), spyware doctor and others. I still cannot access microsoft for updates; likewise, redirecting of web pages continues.Malwarebytes and Avast have at some point in the many tries (probably over 10 hours) removed some trojans.I "fixed" some items in Hijackthis, primarily the R1 and R2 sections and O2 and O16[/size][/size]

Answer:Redirect TRojan blocks windows update

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 42.64%

Preparation guide followed before preparing the following HJT log but not able to carry out 'windows update' as this is the reason for me contacting you for help. Problem originally raised in forum 'Security. Am I infected'Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:10:27, on 03/11/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Virgin Broadband\PCguard\fws.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exeC:\Program Files\Virgin Broadband\PCguard\Rps.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exeC:\Program Files\Lexmark 4300 Series\lxcemon.exeC:\Program Files\Lexmark 4300 Series\ezprint.exeC:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exeC:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exeC:\WINDOW... Read more

Answer:Windows update not working - DSNchanger trojan ?

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix from one of these locations:Link 1Link 2Link 3* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

16 more replies
Relevance 41.82%

Whenever I use windows update - i get a message saying error code 80244019. Also, it seems I cannot update my spybot definitions, adaware definitions, or anti-malware definitions, nor can I download microsoft's malicious software removal tool (the site is blocked somehow?). DDS (Ver_09-01-18.01) - NTFSx86 Run by Timothy at 13:35:30.16 on Tue 01/20/2009Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_07Microsoft? Windows Vista? Ultimate 6.0.6001.1.1252.1.1033.18.2037.843 [GMT -5:00]AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated)============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceN... Read more

Answer:Windows/Spybot/adaware update blocking trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

3 more replies
Relevance 41.82%

My PC was recently infested with numerous viruses, adware, etc. By running various malware removal software tools I have managed to clear all but two main problems (that I know of).

1) I have AVG Free 8.5 anti-virus (recently installed after giving up on Bit Defender) and the Resident Shield alerts me several times per day of the following infection:

Trojan Horse Rootkit-Agent.DI File: C:\Windows\System32\drivers\ndis.sys Process: C:\Windows\System32\drivers\svchost.exe
"Object is white-listed (critical/system file that should not be removed). "

I am not given any instructions on how to resolve this issue.

2) My Windows Automatic update has been disabled and I have not been able to re-enable, even in Safe Mode where it seems I can enable Automatic Updates only to find that they are disabled when I reboot. I have tried updating through MS Windows website but can only download individual patches, etc. due to Automatic Updates being disabled.

A couple other secondary issues:

3) I had installed SuperAntiSpyware based on recommendation of a friend. It crashed my PC when I tried to run it. Have not found so far how to uninstall.

4) Had also installed Avast anti-virus but had issues with it and ran the Uninstall. Looks like there are remnants of that s/w still in place.

Thanks in advance for any help.

The Attach.txt file is attached (that sounds funny). Here is my DDS log:
DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at... Read more

Answer:Trojan Horse Rootkit-Agent.DI / Windows Update

Hello and welcome to Bleeping Computer. Sorry for the delay the forums here at BC are alwaysvery busy and we do are best to keep up. If you no longer require any help could you let me no please, so this topic can be closed.My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I wouldbe grateful if you would note the following: Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
If I do not hear back from you within 5 days of my last post, then this topic will be closed.First I would like to see a new log since alot could have changed since your origional post.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Thanks

21 more replies
Relevance 41.82%

Hey guys,
About a month ago I posted here (http://www.bleepingcomputer.com/forums/topic352373.html). The system was fixed, and is now entirely stable and usable, but still isn't working quite right.

1. I replaced Avast with Panda, and its Firewall and Vulnerabilities functions seem to be working fine, but the Antivirus one still will not let me launch the scanner. Tried to manually start “Panda TPSrv” process in services.msc panel, got same "cannot start/do not have permission" error message "Avast Scanner" had been giving me before computer was cleaned.

2. Checked Windows Updates log to be on safe side and discovered that almost all Updates have failed to install since computer was originally infected, save only for XP security updates. In particular, Windows has tried to download and install Installer 3.1 every day since then. Tried to manually start “Windows Installer” in services.msc panel--no luck.

3. Am still getting VERY occasional Google redirects w/Firefox, though not in same way as before. Searching (through upper right corner box & on main page) now works fine, but sometimes get redirected when clicking on link on search results page, often when pages relate to software/computing.

4. Often when I left-click on a WMP affiliated file (avi, etc) when WMP is not already open, the system will fail to open WMP, and CPU usage in task manager will go over 50%, and I have to quit media player in TM. WMP does not seem t... Read more

Answer:Trojan Disabled Panda Scanner & Windows Update

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

33 more replies
Relevance 41.82%

Hi guys - here is a description of my problem.

Around 3 or 4 weeks ago I became infected with acouple of trojans (according to Norton) so I deleted them (Virtumonde or something like that?)

Then ever since then my windows security alerts balloon keeps flashing red. When I click on it I can't re-enable the feature and my laptop has been running really slow.

I have hijak this and spybot enabled - plus ad-aware (which always says that new data Rundll32.exe "C:WINDOWS\system32\silxpchs.dll",s is always trying to add itself. The value is BM5796bdc3)

Hopefully this means something to someone and you can help?

Thank you so much in advance.

dreday

Answer:Trojan (virtumonde ? ) Found And Windows Update Disabled - Please Help - Thank You

You can get rid of the virtumonde infection with relative ease. Download the virtumonde removal tool from F-Secure here:http://www.f-secure.com/download-purchase/tools.shtmlJust double click the downloaded file and press 'y' on your keyboard. It doesn't scan, it just removes, so it should be relatively quick.That should remove the infection, but if it doesn't, try the Windows Malicous Software Removal Tool here:http://www.microsoft.com/downloads/details...;displaylang=enI then recommend you get an online virus scan from Kaspersky here:http://www.kaspersky.com/virusscanner(you must go to this website in Internet Explorer, otherwise it won't work)And finally you should download MalwareBytes Antimalware here:http://www.malwarebytes.org/mbam.phpBefore you scan, make sure you update by click the 'Update' tab accross the top. Once stuff has been removed, if it asks you to restart you should do it straight away to prevent re-infection

9 more replies
Relevance 41.82%

Trojan leaps from bogus Windows Update site

Hackers set up a fake Microsoft security update website in order to dupe unsuspecting Windows users into visiting a site riddled with malicious code. The bogus site, hosted in Canada, is currently down but security experts warn it would be easy for virus writers to repeat the trick.

The site was promoted through spam messages claiming to come from "Windows Update" <[email protected]> and featuring subject lines such as "Update your windows machine", "Urgent Windows Update", and "Important Windows Update". Users who followed links in the email and tried to download updates from the site risked infection by the DSNX-05 Trojan horse, which allows hackers to take remote control of an infected PC.

"This criminal campaign exploits the public's rising paranoia about the security of their Windows computers. If users fall for it they may put themselves at risk of being spied upon or having their credit card and online banking details stolen," said Graham Cluley, senior technology consultant for Sophos.

Messages containing infected attachments that pose as Microsoft security updates are common but the use of a "pseudo-phishing" attack to trick potential victims gives the tactic a fresh spin, according to Cluley. "Hackers could change their spam campaign to point at a different site," he added.

Microsoft avoids including attachments in its security bu... Read more

More replies
Relevance 41.41%

Hi all,

I am new to this forum. I am having a problem in that I am sure I have a Trojan or the like as Windows Update has stopped working and I am getting redirects to various webpages in Firefox as well Google Chrome just hangs when I start it. When I try to go to the Windows Update or any Microsoft Help pages I get the "connection reset" message and can go no further.

So far I have run a full AVG scan as well as Full MalwareBytes Scan and both have found nothing. I have checked my Java release level and it is the latest. Am at a loss as to what else I should be looking at, so any help or advice would be appreciated.

Many Thanks

DRW
Windows Vista Home Premium (32bit)

Answer:Can't find a Trojan - Windows Update not working and Getting redirects in Firefox

Hi, please run these so we can review the logs.Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser click that browser at the top and choose: Select AllClick the Empty Selected button.If you would like to keep your sa... Read more

7 more replies
Relevance 41%

I have a Windows XP machine (with a 2nd partition for Ubuntu Linux). On Friday, I began to notice strange things on my Windows machine. All of a sudden, my Security alert went off saying that my Norton AV has been disabled. After a while, I began to notice the taskbar change color, etc. I immediately ran malwarebytes anti-malware which found a Trojan.Hiloti trojan and cleaned it. However after I rebooted, My Norton online AV found a couple of malware and claim to have Quarantined one and cleaned the other. However, it couldn't tell me the location of the file because it claimed that they have been moved.Since this point in time, I no longer had access to the Windows Update website, and whenever I search for it on Google (and click its link), it sends me to some bogus website. I have tried to clean the Windows partition from my Ubuntu partition by using ClamAV 0.95. That found a Trojan.Rootkit-2660 virus amongst a few others I can't remember. I deleted those files and rebooted Windows, but the Windows Update and Google redirect problems where still there.I will surely appreciate anyone's help here. Attached below are logs from DDS and GMER

Answer:Infected with Trojan-rootkit. Google redirects and can't go to Windows Update website

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

28 more replies
Relevance 41%

I have a new laptop (hp pavillion dv6 running windows 7 home premium) and 2 days after initialising it, the NIS 2010 that came with it is refusing to load. Each time i attempt to load it i get a windows message asking if i trust the symatec application to load. If i click yes, nothing happens. The only things i had downloaded prior to it refusing to load were a lot of windows updates, hp updates and adobe, firefox and java.

The only instance of any non-downloading sessions was when my gf used it and played some games that came with the laptop, she now thinks she may have joined some online parts and possibly clicked on something. She also hadn't recognised that i had loaded the mobile broadband connection that we also use on our home pc and had attempted to connect to some wi-fi networks, she wasn't 100% whether she did or not, just that she had got online!

Initially i thought it was related to action centre switching NIS2010 off and I did visit the norton website and view thier forums and found 2 suggested solutions regarding action centre flagging that nis is switched off, but they didn't work. At the first few times at try to resolve this the nis2010 application would connect to norton's one-click support but now i don't even get that.

Some windows updates have not been downloading, even when trying to manually download them. In the main, they are eventually downloading, but it seems that if there was ever a list of 10, only 5 ir 6 would download first time.

A min... Read more

Answer:Potential virus/trojan/spyware affecting NIS2010 and windows update

Bump, please

1 more replies
Relevance 41%

On attempting to update my Bios via windows, on unpacking the zipped file my anti virus (f-secure) flashed a warning.

The warning claimed that the file contained a trojan and that it had been deleted to protect my computer.
A microsoft warning also stated that access to these files had been blocked to protect your system.

Is it possible that this update, downloaded from Toshiba really did contain malware or could there be some other reason for this occurrence?

Any help advice would be appreciated

Message was edited by: james7dean i have a satellite pro a100 O/S windows xp pro

Answer:Satellite Pro A100: Trojan warning message during BIOS windows update

Hi james

Don't get panicky! You BIOS is not affected by any Trojans, Malware or Virus.
Mostly such BIOS files are not known to the AntiVirus applications and therefore the anti virus software reports and notifies a virus.

Before you will start the BIOS update you should disable the virus auto protection!

2 more replies
Relevance 41%

Hello,My computer appears to be infected w/ some sort of malware; I think it's a Trojan.DNSChanger. Symptoms include: 1. http://windowsupdate.microsoft.com and http://update.microsoft.com redirect to Google. My AV software, Windows LiveOneCare, isn't able to update from Microsoft either. 2. Attempts to download Windows Defender or Windows Malicious Software Removal tool from Microsoft.com would always time out. It appears I can't download anything from Microsoft.com. (I can, however, download from other sites, e.g., http://download.cnet.com.) 3. When I try going to http://www.malwarebytes.org, Firefox says, "Firefox can't find the server at www.malwarebytes.org."I ran Malwarebytes Anti-Malware a couple of times. First time MBAM found (and cleaned) 7 infected registry keys, 1 infected registry value, 6 infected registry data items, & 3 infected folders. Restarted my computer per MBAM's cleanup instructions, and problems #1-3 were still present. Ran MBAM again; this time it found & cleaned 4 infected registry data items. However, problems #1-3 are still present. I've attached the MBAM logs in case they might be helpful. Any assistance would be greatly appreciated. DDS.txt Report: DDS (Ver_09-05-14.01) - NTFSx86 Run by Matthew Ing at 20:56:35.70 on Wed 05/20/2009Internet Explorer: 7.0.5730.11Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.642 [GMT -4:00]AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427AD... Read more

Answer:Windows update redirects to google; can't download from Microsoft; possible Trojan.DNSChanger

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

12 more replies
Relevance 41%

Hi every1. Im new to this forum site & stumbled upon it after a lot of futile online research. Anyway, here goes-I have a Dell Inspiron 1520 laptop, Windows Vista home premium-SP1, 32-bit. A week ago my problems began. My Windows Update (as well as Windows Defender) failed to update-giving error Code-80244019. Also I was unable to access any of Microsoft or Anti-Virus web-sites to look for a solution.The problem persisted despite a number of adjustments & scans (Norton 360 v2.0, PC Tools Spyware Doctor, Windows defender, Windows Malicious software Removal Tool- None were able to detect anything) & a alot of online research. At about the same time these horrible Vimax ads started appearing on every page I visited & my Laptop became considerably slower & Firefox became prone to crashing a lot. So after more online research I installed Malwarebytes-Anti Malware. I ran a Full-Scan & it showed me a number of Infections by Trojan DNS Changer & I 'Fixed' the infections using Malwarebytes- It said the prob is fixed, but they kept coming back (I also ran the scan in SAFE MODE but I didnt disable System Restore in any instance) & the problem remained. I also scanned my portable flash drives, but there was no infection there. I havent yet scanned my external HDD, so I dont know whether thats infected.Finally, frustrated , I came upon this site & I am posting my grievances. I am extremely distressed by this, as this is the first time I have failed to... Read more

Answer:Infected with Trojan DNS Changer/Vimax Ads/ERROR 80244019 on Windows Update

Hello drmnys,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.The current formatting of your log makes it difficult to read. Please open Notepad:On top, click Format >uncheck Word Wrap.Please also leave out the chatspeak. It is neither welcome nor tolerated here.Thanks,tea

4 more replies
Relevance 40.59%

Hello,

Malwarebytes indicates that Trojan.dropper.bcminer has infected my machine. And it keeps coming back after removal and reboot.

I am running Windows 7 Home Premium 64-bit on a desktop. I have noticed pop up windows opening and redirects with windows IE9 and firefox.

Also, Microsoft Security Essentials and Windows Update are broken. (Security Essentials isn't monitoring your PC because the program's service stopped. You should restart it now. --> The service specified does not exist as an installed service.) (Ouch!)

Other things Malwarebytes found were:

BetterInstaller.exe (PUP.BundleInstaller.Somoto)
Rootkit.0Access

Both were removed and have not returned.

I was able to run DDS and the output is attached as per the instructions.

I'm a little concerned about following the advice in the other forums as many indicate that the recommendations are specific to the infected machine.

Hopefully someone can suggest a way to remove this. Many Thanks.

=========

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Eman8 at 14:19:42 on 2012-07-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8157.5271 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B... Read more

Answer:Trojan.Dropper.BCMiner infection and Windows Update and Security Essentials Don't Work

please do the following;download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

2 more replies
Relevance 40.18%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:06:06 AM, on 9/15/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Common Files\ISPCOMP\InstallService.exeC:\Program Files\iTunes\iTunesHelper.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDO... Read more

Answer:Vundu.br, Trojan: Win32/vundugen!h. |desktop Reseting Repeatedly Fixed By Windows Update|.

Hello Nerdful Things,Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish, so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly. If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll

3 more replies
Relevance 39.77%

Hello. I am hopeful that someone can help me. My laptop appears to have been infected. Looks like the culprit might be a rogue malware or virus posing as an antivirus program. Not sure how it got on the laptop.

I run Avast Anti-Virus and use IObit Security 360 faithfully.

The intial attack came through with something called "AntiVirus 8". I recognized that something was not right and immediately tried to stop it, but it was somehow already on board and causing trouble. I quarrantined and removed most of it with the IObit 360 but there appears to be something residual as the Windows automatic updates are not working now and I get an error 80070020 code with the update.

I am now also get a frequently occurring Avast intrusion alert from the network trying to open a bad website.

Below are reports and logs. One note, the when I attempted to use the HijackThis app from TrendSecurity, a pop up a alert appeared that read something like "System denied access to Host Files" and instructed me to do a Start, Run on C:\Windows\System32\drivers\etc\hosts or if using VIsta, just right click HiJackThis icon and run as system admin. Neither of these worked, so I ran a HijackScan using IObit 360. Please let me know if you need it specifically from HijackThis that you direct to use and I can try again to get around that issue I described.

Thanks for any help you can provide.

Logfile of IObit HijackScan v0.2.0.0
Scan saved at 7:56:14, on 2010-11-13
Running processes:
C... Read more

Answer:Back Door Trojan Horse? Windows Update Error - 80070020 & AntiVirus 8 Malware Problem

10 more replies
Relevance 38.95%

Hello all,

My laptop was hit with a multiple virus infection while using Firefox.
Symantec seemed to have taken care of things at the time but I was still having some problems, and it didn't seem to be able to get rid of TDSS. I disabled system restore and tried to clean the registry manually, but wasn't able to find all the entries listed on the Symantec site. I disabled the TDSS driver via the control panel.
MBAM wouldn't install, so I tried Spybot which found a few other issues. Finally I was able to install MBAM and HJT from a disc, and connected back to the internet again briefly to update both.
I ran CCCleaner then MBAM in safe mode and MBAM seems to have cleaned everything (both MBAM and HJT scans looked ok afterwards, though there are still a few entries in the HJT log that look suspicious to me).
Everything seems to be fine now, and I proceeded to uninstall the old Java updates, got all the latest Windows updates, and then turned system restore on again.
I'm basically looking for some advice on what to do to make sure everything is in fact gone as there are those few HJT entries that look suspicious to me.
Thanks in advance!
DDS (Version 1.1.0) - NTFSx86
Run by mo at 16:50:17.96 on Tue 01/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2532 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ====... Read more

Answer:Multiple Virus Infection: Trojan.Vundo, Trojan.VundoH, Trojan.BHO, Trojan.TDSS, Trojan.Agent, Trojan.Downloader, Malware.Trace...

My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again. This seems like a tech issue and not a malware problem, but lets take a look and see what we find.Sorry for the delay, please do the following...ComboFix Please ownload ComboFix from Here or Here* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License A... Read more

12 more replies
Relevance 38.13%

I seem to have contracted a lot three trojans and possibly more. I used spy sweeper to detect it but it won't get rid of it unless I subscribe. It seems that my antivirus mcafee is not detecting anything. And spybot can't do anything but delete a.bat everytime my computer starts. I ran hijack this and this is what I got:

Logfile of HijackThis v1.99.1
Scan saved at 8:58:19 AM, on 5/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4mon.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX... Read more

Answer:Solved: Windows xp with mybot trojan, a.bat zapchast trojan, and autospy trojan

16 more replies
Relevance 37.31%

the main thing is each and every install  windows update just searches forever and nothing happens after diagnostic tool it says Datastore.edb is corrupted and cant be repaired and each time it download the corrupted Datastore.edb
can they at leats give a proper service pack 2 for windows 7  64 bit ultimate that is then uptodate with working windows update that works after a direct standalone install of sp1 i use windows 7 ultimate 64 bit and i reinstalled the system allready
 5 times each and every time the same problame that Datastore.edb is corrupted and windows update just gets stuck!
i how you can either releasse a service pack 2 so that windows update works again after a direct install of service pack 1
or a windows update that doesnt use data store cause its yepp Not working,
i use a amd 6 core with a amd hd 6700 readon and 8 gb ram
both asus motherboard and grafic
as it is now windows update is with windows 7 service pack 1= not useable !!!!
sincierly Christian Madjari

More replies
Relevance 37.31%

When you use Windows Update, Microsoft Update, or Windows Server Update Services (WSUS) to install updates, you may experience one or more of the following issues: You are offered an update for a product, but the update is not downloaded or installed on your computer.You are repeatedly offered an update, even if you have already installed this update multiple times.A particular update failed to install. KB906602 discusses how to troubleshoot these issues.
Also check out this post: Windows Update Troubleshooter from Microsoft.

More replies
Relevance 37.31%

I purchased a new notebook with Windows 7 in October. During the first weeks I uninstalled McAfee and replaced the harddrive. Since November Windows Update fails with error messages and defender does not start anymore. I made several virus scans (complete) with multiple antivirus programs but nothing showed up.Since it took my days to install various software, I do not want to re-install W7. I also have no good backup that I could restore. I am really surprised that there is not even a single entry regarding the error code in the Microsoft Knowledge base or elsewhere.I really would appreciate help. 

Answer:Windows Update does not work, Windows Standalone Update Installer stops with error 0xc8000247 (Windows 7 Home Premium on Acer Aspire 1810TZ notebook)

 
Got it !!!!
If You are using notebooks with with hard drive larger than 700 GB you probably should update Intel Rapid Storage Technology Driver.
Here is solution :
http://h10025.www1.hp.com/ewfrf/wc/document?docname=c02219204&cc=nl&lc=en&dlc=en&product
Download and install it.

97 more replies
Relevance 36.49%

Hi BleepingComputer community,

My name is Kim. Nice to meet you all. If you don't mind, can you please help me with a trojan or malware problem? After the malware or trojan came in to my Windows XP SP2 system, I can no longer update Malwarebytes and Symantec Antivirus. When I go to websites that discuss about computer security from malware IE8 and google/yahoo directs me to strange links. I also tried to download Firefox to see if this happens, but this malware caused all internet applications like firefox to cannot go online. Can you please help me with this sitation? Thank you very much for your help!

Best,

Kim

Any help will be appreciated!

More replies
Relevance 35.67%

Hello all.
Running windows 10 pro 64 bit.
I've updated from Version 1511 to the anniversary update, 1607.
Or at least, I thought I did.
The update went well, no hiccups, no errors. Used windows update, let it downloaded and install and rebooted. Alas, system still shows OS Version 1511.
Used update again, same thing, rebooted, 1511.
Went to the windows site, downloaded the windows10upgrade9252.exe, ran it, same exact issue, rebooted, still showing version 1511.
Error logs show no issues. Disabled all external drives, turned off anti-virus, etc, repeated, rinsed, rebooted, still version 1511.
Only think I've not done is burned an ISO to DVD and updated from that.
Any clues as to what's going on?
Thanks!
Nelson Davis

Answer:windows 10 update from version 1511 to 1607 anniversary update - does not update

Can you check to see what OS version you have? Check in settings > system > OS build. It should show something like 14393.5 or 14393.10

5 more replies
Relevance 35.67%

First issue is that I need to use a specific older driver for my AMD graphics card and windows 10 continues to update the driver automatically and causes my system to crash. I've gone through {Control Panel-Devices & printers}, selected my machine, then right clicked to Device Installation Settings and selected "no, let me choose what to do". This has no effect as windows continues to update the driver daily or anytime I search for updates. Is there a specific port I can block or cmd line to run?

Second issue, on the windows update window, the feature is frozen on Service Pack 1 for MS Office 2013 (KB2850036) 64-bit edition @ 61%. It's been like this for a week. I've restarted the machine several times and seems to do nothing. Any suggestions would be very helpful.

Thanks.

More replies
Relevance 35.26%

After installing this updates, unable to filter recordset using array of bookmarks, there is an exception inside msado15.dll.
For example this vbscript:
DIM rs, v(2), ldx

Const adInteger = 3
set rs = createobject("ADODB.Recordset")
rs.fields.append "Id", adInteger
rs.open

For ldx = 0 to 9
rs.addnew
rs.fields("Id").value=ldx
next

rs.movefirst: rs.find "Id=3"
v(0) = rs.bookmark
rs.movefirst: rs.find "Id=8"
v(1) = rs.bookmark
rs.movefirst: rs.find "Id=2"
v(2) = rs.bookmark

rs.filter = v
produces an Access Violation (0xC0000005) exception inside msado15.dll
Similar code on C#:
var rs = new ADODB.Recordset();
rs.Fields.Append("Id",DataTypeEnum.adInteger);
rs.Open();

for (int i = 0; i < 9; i++)
{
rs.AddNew();
rs.Fields[0].Value = i;
}

var bookmarks = new object[2];
rs.MoveFirst(); rs.Find("Id=3");
bookmarks[0] = rs.Bookmark;

rs.MoveFirst(); rs.Find("Id=8");
bookmarks[1] = rs.Bookmark;

rs.Filter = bookmarks;
produces the same Access Violation exception in msado15.dll:
>   msado15.dll!ExtractArray()  + 0x5cd bytes    
     msado15.dll!ExtractBookmarkArray()  + 0xa1 bytes    
     msado15.dll!CRecordset::SetFilter()  + 0x6f0 bytes    
     msado15.dll!CRecordset::put_Filter()  &... Read more

More replies
Relevance 35.26%

When I try to install KB3182373, a "Security Update for Microsoft Silverlight", Windows Update reports failure with the message "Code 643 Windows Update encountered an unknown error".
I ran WindowsUpdateDiagnostic.diagcab. It reported that "Troubleshooting couldn't identify the problem".
What can I do to fix this? I'm running Windows 7 Professional.

More replies
Relevance 35.26%

I am using Windows 7 Professional with Service Pack 1.
Windows Update has lost my update history and hangs when I tell it to check for updates. Windows Update Troubleshooter reports "Windows Update error 0x80070057(2016-07-15-T-12_59_34P) Not Fixed". How can I get Windows Update working again?


Here is a detailed account of the problem:
Earlier today, I ran Windows Update and told it to install 15 important updates. It said it was downloading them, but stalled for 30 minutes at 0% done.
I rebooted my computer and re-ran Windows Update. It reported that there were no pending important updates. I clicked "View update history" and saw that the most recent 15 important updates had failed. I clicked "Check for Updates" and,
when it finished checking, Windows Update continued to report that there were no pending important updates.
At that point, I concluded that something was wrong with Windows Update. In an attempt to fix it, I downloaded and ran the Windows Update Troubleshooter (WindowsUpdateDiagnostic.diagcab). It reported one problem found: "Windows Update error 0x80070057(2016-07-15-T-12_59_34P)
Not Fixed".
After running Windows Update Troubleshooter, I re-ran Windows Update. It reported that my most recent check for updates was "Never", and that updates were installed "Never". When I clicked "View update history" I saw an empty
list. When I clicked "Check for updates", the applicat... Read more

More replies
Relevance 35.26%

I spent almost an hour updating my phone, it resets and the only thing it shows me is my internet symbols, battery, back arrow, home button, and search button. The rest of the screen is black, no apps no wallpaper. my lock screen wont even work. tried to factory reset and that didnt even work, and whats worse is windows mobile support is for some reason closed on weekends, any ideas, at, all?

Answer:The latest Windows Nokia Lumia update (I assume the windows 10 update) broke my phone, how can I fix it?

Which model? What instance of OS you were running before update? Do U have installed insider app? Are U on slow or fast ring?
However you should Install WPRT and rollback to 8.1?

2 more replies
Relevance 34.85%

hello friend..

I cannot update windows 10 to anniversary update. Every time I check for update, this came out

"We couldn't connect to the update service. We'll try again later, or you can check now. If it still doesn't work, make sure you're connected to the Internet."

I am connected to internet, Mozilla firefox is ok, utorrent is ok, everything is fine except windows update.
I have try disable the firewall, turn off windows defender, disable antivirus, none of it work.
I downloaded windows10 update assistant, did not work.
I don't know what is blocking windows update form connecting to internet.

Any suggestion? or perhaps solution.

Thank You.

Answer:Unable to update, windows update cannot connect to update service

Hi, try Settings, search for Troubleshooting, click Troubleshooting
In the Window that opens click

Fix problems with Windows Update

at the bottom.

Please post back the outcome.

Also make sure you're not set to use a metered connection,
and try checking this:
Choose how updates are delivered is Off in Settings, Updates, Advanced Options

There is a Windows Updates reset script here:
Windows Update - Reset in Windows 10 - Windows 10 Forums
and here:
Reset Windows updates - Microsoft Community

8 more replies
Relevance 34.85%

hello friend..

I cannot update windows 10 to anniversary update. Every time I check for update, this came out

"We couldn't connect to the update service. We'll try again later, or you can check now. If it still doesn't work, make sure you're connected to the Internet."

I am connected to internet, Mozilla firefox is ok, utorrent is ok, everything is fine except windows update.
I have try disable the firewall, turn off windows defender, disable antivirus, none of it work.
I downloaded windows10 update assistant, did not work.
I don't know what is blocking windows update form connecting to internet.

Any suggestion? or perhaps solution.

Thank You.

More replies
Relevance 34.85%

I want to update my L930 but when I check for new update it says no update, and it does not detect the new win10 update? I've installed and launched the Upgrade Advisor already. Am I the only one (I've got a Lumia 930 CV GBIE with denim)

Answer:I want to update my L930 but when I check for new update it says no windows 10 mobile update!!!!

What message does the 'Upgrade Advisor' give when you check?

more replies
Relevance 34.85%

I was doing a prep for installing Windows 10, now, I got message that I could not go any further because of

Windows 7 update failed on "Update for Windows 7 for x64-based Systems (KB3102429), the error code is 80200011.
Please help me resolve this problem, so I can upgrade to Windows 10



More replies
Relevance 34.85%

When the Windows 10 Fall update (threshold 2) was released several days ago I tried updating via Windows update; it failed to install the update several times. Yesterday it started saying that my computer was up to date and I know threshold 2 has not been installed. Today I decided to try the media creation tool to do an inplace upgrade. It failed as well with error: 0x8007002C - 0x4000D The installation failed in the Second_Boot phase with an error during the Migrate_data operation.

I got this same error in august when trying to do an in place upgrade to windows 10 from 8.1 for activation purposes. I got around it then by selecting to 'keep nothing' instead of 'keep data and apps', it did not matter then because I was already planning to do a full clean install afterwards and just needed to activate my PC, however, now I want to keep everything.

I have attached the error message I get from the Media Creation tool upgrade attempt.

Any help would be appreciated.

Answer:Windows 10 Fall Update Fails via Windows Update & Media Creation tool

As of yesterday Microsoft has pulled build 10586 so there is no update to build 10586 for you to get now.

4 more replies
Relevance 34.85%

I refurbished a Thinkpad T400 (2.2GHz dual core, 8GB memory, 320GB HDD) with Windows 7 x64, installing the OS, applying 150+ updates, then I installed ThinkVantage System Update 5.05 and allowed it to download and install updates for all the drivers in the system.  When I next went to Windows Update to download more updates, it did not allow me to do so, stating that the update service was not started.  Well, the update service and the RPC service on which it relies WERE started in the list of services.  Windows event files showed some errors, but I was unable to trace them back to Thinkvantage Update.  I tried the automated Windows Fixit and it did not solve the problem.  I also found I was unable to download anything with IE after running ThinkVantage update, so I had to download the Fixit on another computer, put it on a flash stick and then run it on the T400. Well, I could not leave the system as it was, so I reinstalled Windows 7 and immediately installed ThinkVantage System Update 5.05 again, then downloaded and installed all the drivers it found.  Same problem.  Windows Update would no longer update. Finally, I reinstalled Windows 7 again, updated the drivers with files I had downloaded previously from the Lenovo web site, and proceeded to finish off the complete Windows 7 install with all the Microsoft updates.  This time, I did not install and run ThinkVantage Update. I have previously used ThinkVantage System U... Read more

Answer:ThinkVantage System Update 5.05 causes Windows 7 Windows Update to fail and inhibits IE downloads

Hi,
 
This sounds familiar.  If you run TVSU again, don't allow it to install the Intel storage driver.  I've seen this several times.  For some reason a buggy (or maybe just inappropriate for the hardware) driver gets installed that breaks Windows Update.
 
If you're willing to give it a try, run TVSU and see if it's offering a storage driver.  Don't accept that one but let the others install and see if WU is still running correctly.  If thigs are OK, hide the storage driver.
 
Z.

4 more replies
Relevance 34.85%

i upgraded from win 7 to win 10 in early august. no problems. i've been installing all updates since then and installed updates always showed status of updates. after installing fall update i noticed my update history was erased and any updates since, like defender definition files, don't appear in the list. only one update is listed: Security Update for Internet Explorer Flash Player for Windows 10 Version 1511 for x64-based Systems (KB3103688) installed on 11/14/2015.

Answer:Windows 10 fall update erased the Windows Update history plus new installed updates don't appear. What do I do?

I have exactly the same problem; no update history except the flash one.

4 more replies
Relevance 34.85%

Tried the following:
1. Update works if I bypass the router, ie. connect the PC directly to modem.
2. It also works from different ISP, through router (at work).
3. Format disk & Reinstall windows 7

From windowsupdate.log:
2011-12-01 00:03:54:771
968 99c
Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.windowsupdate.com/v9/windowsupdate/redir/muv4wuredir.cab>. error 0x80072efd
2011-12-01 00:03:54:771
968 99c
Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072efd
2011-12-01 00:03:54:771
968 99c
Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072efd
2011-12-01 00:03:54:771
968 99c
Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072efd
2011-12-01 00:03:54:771
968 99c
Misc WARNING: DownloadFileInternal failed for http://download.windowsupdate.com/v9/windowsupdate/redir/muv4wuredir.cab: error 0x80072efd
2011-12-01 00:03:54:771
968 99c
Misc Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2011-12-01 00:03:54:771
968 99c
Misc Microsoft signed: Yes
2011-12-01 00:03:55:863
968 99c
Misc WARNING: SendRequest failed with hr = 80072efd. Proxy List used: <127.0.0.1:80> Bypass List used : <(null)> Auth Schemes used : <>
2011-12-01 00:03:55:863
968 99c
Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://download.microsoft.com/v9/windowsupda... Read more

Answer:Can't update Windows 7 - Windows Update Client failed to detect with error 0x80072efd

Hi,
 
Try to remove the proxy server entry from the WinHTTP proxy configuration for Windows 7:
 
1.   
Click Start, and then type cmd in the Start programs and files box.
2.   
Right-click cmd.exe in the Programs list, and then click Run as administrator.
Note If you are prompted for an administrator password or confirmation, type the password or click Continue.
3.   
Type the following command and then press Enter:
netsh winhttp show proxy
Note The proxy setting is listed next to Proxy Server. If there is no proxy server, Direct Access <no proxy server> is shown in the Command Prompt window.
4.   
To remove the listed proxy setting, type the following command and then press Enter:

netsh winhttp reset proxy
5.   
Click Start, click All Programs, click Windows Update, and then try to download and install updates again.Alex Zhaozx
TechNet Community Support

2 more replies
Relevance 34.44%

Hi.I was just browsing through SIW checking my system and got to update.As I had not updated for a while i gave it a try.New update was available so carried on and downloaded it when AVG resident shield jumped in with a Trojan warning.So pressed delete got a warning if i deleted computer might freeze which it did temporarily then the notice came back and I pressed heal. Closed SIW and checked the resident shield log and it came up with. Trojan Horse generic 13.BLFQ Now not sure if this may be a false positive or not but better take care if updating SIW.

Answer:SIW. Trojan Update.

Hi, I just tried the update out of curiosity - I too got the Trojan Alert, I cured it without any problem, then securely deleted it.

9 more replies
Relevance 34.44%
Question: update.exe trojan

Recently, my laptop was attacked by a trojan called update.exe. i think i got it from an open network in a hotel. I have tried many things to try to get rid of it, ive ran all the spyware programs i have and ive gone into my hard drive and tried to delete it manually as well..nothing works to get rid of it. does anybody know how i could get rid of update.exe?
 

Answer:update.exe trojan

update.exe comes in many flavors, some good, some not so good.

http://www.file.net/process/update.exe.html

http://www.liutilities.com/products/wintaskspro/processlibrary/update/

You need to determine if this is a Windows file or not. When you tried the fixes for update.exe, did you turn System Restore off?

It may be of help if you list what you have tried.
 

1 more replies
Relevance 34.44%

Hi... Before I go into more detail I wanted to let you know my issue was originally posted here asking for help with this problem and they after many attempts at removal recommended I come here. Here is the link: Trojan Horse Generic8.yaf (c:\windows\system32\compstu.dll), This will not go away no matter WHAT I do!!!Here's a summary of where I started and where I am now:I am utilizing AVG antivirus as my main AV. I also am currently running Spyware Terminator as well as occasionally running the AVG rootkit program. The problem is that AVG keeps locating a virus and lists the following: OBJECT: C:\Windows\System32\compstu.dll RESULT: Trojan horse Generic8.YAF STATUS: Infected. I downloaded MBAM and utilized it. This did clean out the "house" however, it did not see the compstu.dll and as a matter of fact I don't even recall having seen it scan the file as I observed the entire process. The file ALWAYS comes back. The AVG error that pops up is "Threat Detected! While opening file: C:\Windows\system32\compstu.dll Trojan horse Generic8.YAF.The file has also been identified as Trojan. Download-Gen/N_BHO by another of my programs. Since my original post, SAS, ATF, and SDFix have been downloaded and utilized according to the instructions I had received from Chewy and others. Many of the logs would come up clean one time and then dirty the next with various registy entries, and of course the ever prese... Read more

Answer:Trojan Horse Generic8.yaf/ Trojan Downlad-gen/n_bho (c:\windows\system32\compstu.dll)

Hello Spunky3174 and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)In the event you already have Combofix, delete your current version and download the la... Read more

13 more replies
Relevance 34.44%

A few days ago my sister was infected with a rogue antispyware, so i removed it and now im getting some reports back from my real anivirus that theres a rootkit in the :C:\WINDOWS\system32\gasfkygnybnltp.dll directory. I have no idea how to remove rootkits myself so i really need your help you guys. Thanks. Here is my HJT log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:07:52 PM, on 10/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\a-squared Free\a2service.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw... Read more

Answer:C:\WINDOWS\system32\gasfkygnybnltp.dll Trojan/Rootkit (Trojan.Win32/Alureon.gen.!U

Hello sinister65Welcome to Welcome to BleepingComputer Please request that this topic be closed please:http://www.malwarebytes.org/forums/index.p...mp;#entry146148Having 2 people help on the same issue is a waste of the helpers time.=====================Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.===========Download This file. Note its name and save it to your root folder, such as C:\.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.Click on this link to see a list of programs that should be disabled.Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")Allow the driver to load if asked.You may be prompted to scan immediately if it detects rootkit activi... Read more

1 more replies
Relevance 34.03%

Bonjour,
Depuis dbut octobre 2016, les mises a jour automatiques de Windows ne fonctionnent plus sur mon E130. Quand je lance Windows Update la recherche tourne sans fin et aucune mise jour ne s'affiche.
Avez vous dj rencontr le problme ??
Merci pour votre aide
Christian
 
Google translated.....
 
Good morning,
Since early October 2016, automatic updates of Windows no longer work on my E130. When I run Windows Update the search runs endlessly and no updates are displayed.
Have you ever encountered the problem ??
Thank you for your help
Christian
 
Mod's Edit: Google translated for benefit of English readers. Since this is an English forum, please post in English as it will ensure a better response. Thanks!

Answer:Problem with Windows Update E130 on Windows 7 (Problème avec Windows Update E130 sous Windows 7)

Hello and welcome,
 
Here's something you can try:
 
https://forums.lenovo.com/t5/ThinkPad-T400-T500-and-newer-T/T400-Windows-7-SP1-clean-install-Windows...
 
Z.

1 more replies
Relevance 34.03%

When I used the Windows Update Troubleshooter on my PC after a (reset-Windows, it "wiped" away (view update history). Is there a solution to stop this behavior?

Lee Payne

More replies
Relevance 34.03%

I cannot use windows update with vista. everytime I open the update window it says its downloading the updates and preparing install but it fails everytime. The updates are for IE7, security update for vista x64, and 5 updates for windows vista x64, plus some windows defender definition updates. I dont know exactly what the error is, It just says windows update must close and offers to send a report to microsoft, which I have done. I will include the windows update log, the Reporting events log, and the logs from the deckard system scanner. Please help me find a solution.. I also did an online scan from kaspersky because I could not do the panda scan - it said something was not compatable. The kaspersky scan detected many things if possible please help me find a fix for these as well. Thank you so much!!


Deckard's System Scanner v20070826.66
Run by Krizzle on 2007-08-31 16:21:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 1 Restore Point(s) --
1: 2007-08-29 10:01:20 UTC - RP127 - Windows Update


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 1023 MiB (1024 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-31 16:22:53
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)

Running processes:
C:\Program Files ... Read more

Answer:Cannot update Windows/Windows Update unexpectadly closes/Viruses Detected....

Someone Please help...

1 more replies
Relevance 34.03%

I've been trying to get my system to update for a while now... I have around 19 important updates I need to install but it won't let me.

I keep getting
Code 8007010B Windows Update encountered an

I keep trying to fix my registry with registry mechanic and tried defragging but I don't know what else I should do....


thanks in advance

Answer:Windows Update Problem x64 - Code 8007010B Windows Update encountered an

Disable firewall and antivirus,and reset WU in aggressive mode http://support.microsoft.com/kb/971058 -if it does not solve your problem run Readiness Tool Description of the System Update Readiness Tool for Windows Vista, for Windows Server 2008, for Windows 7, and for Windows Server 2008 R2

when it finish go to C:\Windows\Logs\CBS folder ,find CheckSur.log file and attache it to post

EDIT
This error would be also relate to incorrect path in environment variables. Download & run this tool http://www.sevenforums.com/tutorials...eshooting.html

and by using it prepare log from System Information and event log,pack all and attache to post too.

11 more replies
Relevance 34.03%

I have unintentionally put my laptop back to factory settings and am now back to windows 8.
The windows update isn't working and I can't seem to do anything. I keep searching for updates to download and install but it then says the standalone windows installer is not working either.
Does anyone know how to get around this as I am stuck on windows 8 and I cannot download any games or anything.

More replies
Relevance 34.03%

I recently came across a problem where this troubleshooter says my windows update is missing or corrupt. Is there anything wrong with my computer?

Answer:Failed resetting windows update with windows update automated troubleshooter

Your firewall settings may be blocking Windows Updates, or because the proxy override settings are incorrect:
http://support.microsoft.com/kb/900936
http://support.microsoft.com/kb/883821 (scroll down for the Fixit for the 0x8024402C error code you received, or instructions on how to fix it yourself)

 

9 more replies
Relevance 34.03%

So I updated to the Creators Update 2 weeks ago. And now 3 days ago it removed my public update version of Windows 10 how can I reroll back without the public update?

Answer:How come when I updated to the Windows 10 Creators Update it deleted the Windows 10 Public Update?

Originally Posted by Windows Central Question public update version of Windows 10 What is " public update version of Windows 10 " ?
I suppose you meant the Anniversary Update which began on August 2nd, 2016 ?
Anyway, each time you upgraded from one version to a new one, Microsoft allows you only 10 days to decide if you want to keep the new version or not.
Within the 10 days you can revert back to the previous build as long as you have not deleted the windows.old.
In your case, you are over your 10 days limit.
The only way to go back to your previous build is .....
1. IF you had created an iso file of your previous build.
If you have, you can then use the iso file to revert back to previous build.
2. If you have done a system image backup of your previous build.
If you have, you can do a system image restore to go back to your previous build.
Otherwise, Creators Update version 1703 is there to stay.
Sorry.

more replies
Relevance 34.03%

The November 10 Windows 7 updates caused my Outlook 2013 to crash after it starts. I attempted to restore my PC with a Windows Restore prior to the previous date but it failed so completely that I could not start my computer. The screen recommended doing
a repair with the Windows disk but mine dates to Service Pack 1 and I doubt that it would work with my Service Pack 2.
I had to replace my C Programs partition with a backup that I had to resume operation. I've disabled any more Windows updates until I get information on this problem being fixed.
Can anyone help me here?

More replies
Relevance 34.03%

Not able to update windows update on Windows 7 getting error message WindowsUpdate_dt000+[email protected]

Answer:Not able to update windows update on Windows 7 getting error message WindowsUpdate_dt000+WindowsUpdate_80072EE2

This error code indicates that you cannot access the Windows Update servers properly. Please refer:
Windows Update error 80072ee2
http://windows.microsoft.com/en-US/windows-vista/Windows-Update-error-80072ee2Please remember to click ?Mark as Answer? on the post that helps you, and to click ?Unmark as Answer? if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ?

3 more replies
Relevance 34.03%

This notebook was upgraded from windows 7 professional to windows 10 professional in July 2016.
In August windows 10 was updated to version 1607 (OS Build 14393.22)
There are some windows updates that have failed with either error code 0x8e5e0152 or 0x8e5e0147.
When the windows update troubleshooter is run it fixes things and then when it is run again it fixes the same things.
These fixes appear temporary or incompletely fixed.
This is an image of the windows update troubleshooter after its temporary fix:



The fixes were applied and it indicated that troubleshooting had completed.
A repeat windows troubleshooting displayed the same results.
Retrying the windows updates displayed the same failures and error codes.
sfc /scannow displayed no integrity violations.
dism /online /cleanup-image /restorehealth completed successfully.
This troubleshooting was from another web site and it also failed:
"use Win+x and select Command Prompt (Admin), then type 'net stop wuauserv' (without the quotes) and hit Enter, followed by 'net stop bits' and Enter. You should
see confirmations that each service was either stopped or wasn't running. Next, open Explorer, navigate to C:\Windows\SoftwareDistribution, and delete its contents including any sub-folders. Now reboot, open Windows Update and click Check for updates.

How do you fix the problem with the windows update troubleshooter so the fixes are permanent?
And how do you troubleshoot and fix the errors for the ... Read more

More replies
Relevance 34.03%

My Surface Pro (1st generation) is running Windows 10 and I have it set to update Windows automatically. It's been doing that fine. Recently though I noticed that it always offers me 'Update and shut down' instead of just 'Shut down'. So I let it update. Next time I use the machine and come to shut it down, it makes me update again. And while it's updating, it certainly looks like it's trying to update rather than just shutting down.
According to my Windows Update history, the last successful update was on 15th September. But it's listing no update failures either, which is suspicious.
Anyone got any ideas?

More replies
Relevance 34.03%

I've been getting messages from my virus software "symantec version 8.1.0.825" constantly stating that it is finding and quarantining Trojan.FakeAV and Trojan.Vundo viruses when running windows in normal mode. Sometimes the messages come in at more than 1 a second and eventually clean and quarantine fail with a message access denied. Along with this are constant messages stating my computer is infected and to purchase the fake antivirus software. I have disabled system restore and run virus scans in safemode which usually catches a file or two. I have also run trendmicro scans which catches 13 files or so. As soon as i boot up in normal windows they come back very quickly. It also appears that the viruses disable any ability to open a command line, task manager, regedit, msconfig, properties of my computer, launch the system icon from control pannel, or launch the firewall window from control pannel when running in normal mode. In safe mode i can get the task manager back with a registry edit, but thats about it. I've tried installing malwarebytes through safemode but it will only work for 2 seconds after initial installation and then the window disapears and can't be reopened. I'm here because i have nowhere else to turn short of hitting the computer with the big hammer and just reloading windows. (something i'd like to avoid of course!!!)

DDS log:

DDS (Ver_09-10-13.01) - NTFSx86 NETWORK
Run by Katie at 22:33:22.42 on Wed 10/14/2009
Internet ... Read more

Answer:Trojan.FakeAV, Trojan.Vundo, Antiviruspro 2010, windows police pro, advanced virus removal

Thanks for all that reviewed my logs. I was able to solve the problem by starting the computer in safemode and installing malwarebytes. The problem was the virus was deleting the malwarebytes program before i could run it. I was able to install and quickly copy the executable file to the desktop before it was deleted. The virus deleted the file out of the program files folder. I added it back in from the desktop and it worked!!! Great program, cleaned everything up!!!

2 more replies
Relevance 34.03%

The Family PC began having problems a few weeks ago...here are the primary symptoms:
-McAfee can't download updates - I can visit the McAfee website, but any attempts to download software or the tech assistance program cause an "Internet Explorer cannot display the webpage" error. McAFee scan runs, reports no problems.
-Windows Defender can't check for definition updates.
-Google, yahoo, etc. redirect to various ads and website when you click on search results.

I installed and ran Malwarebytes' Anti-Malware. It took almost 10 hours to scan and returned 71 results, addressed them and restarted the computer, no difference.

I ran Defogger to disable CD emulation software.
I downloaded DDS to a flash drive from my laptop and installed it on the desktop, ran it and the DDS file text is below, the Attach file attached.
I also downloaded and ran GMER. Changed the settings as directed, clicked "Scan" and within 5-7 seconds of the scan starting, got a blue screen. I restarted the computer, ran the GMER scan again and within 5-7 seconds again got the blue screen.

I'm out of my league here and not sure what to do next. Any assistance would be greatly appreciated. Thank you!


DDS (Ver_10-11-03.01) - NTFSx86
Run by DAD at 9:57:19.64 on Thu 11/04/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1185 [GMT -5:00]

AV: McAfee Anti-Virus and Anti-Spyware *On-a... Read more

Answer:Trojan? - AV and WD won't update, IE redirects

Hello Waddle_Woman ,I'm thinking you have a rootkit,rather than a trojan. Let's see:Download TDSSKiller.zipExtract it to your desktopDouble click TDSSKiller.exePress Start Scan
If Malicious objects are found then ensure Cure is selectedThen click Continue > Reboot nowCopy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)Thanks,tea

12 more replies
Relevance 34.03%

hi...i am hoping somebody can help me.i keep getting the same trojan coming up on my pc . i am using avg anti-virus which keeps detecting it ,i then heal the virus but then some hours later it reappears,this has been going on for over a week now and i dont know how to permanently get rid of this pest.when avg detects it the file name it gives is !update.exe.i have followed all the steps in the preparation guide before i have posted my hijackthis log.Logfile of HijackThis v1.99.1Scan saved at 17:54:32, on 16/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Zonelabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Spyware Doctor\sdhelp.exeC:\WINDOWS\system32\svchost.exeC:&... Read more

Answer:Infected With Trojan !update.exe

Hi whiteshoes and Welcome to the Bleeping Computer!Please download Combofix to your desktop.http://download.bleepingcomputer.com/sUBs/combofix.exeDoubleclick combo.exe to launch the application.Follow the prompts that will be displayed on the screen.Don't click on the window while the fix is running, because that will cause your system to hang.When finished, it should produce a log, combofix.txtPlease post that log in the next reply.

7 more replies
Relevance 34.03%

Trojan Remover update today at http://www.simplysup.com/tremover/
 

More replies
Relevance 34.03%

Hey guys .... (no rest for the weary) ....can not seem to get rid of this trojan that keeps popping up ....have run spy bot, adaware, ccleaner, turned off system restore ...manually deleted the damn thing 10 times ....yet each time I restart the 'puter, Mcafee virus scan reports this trojan at the time of start up ...always shows up in temp internet files ....application reported is [email protected] as a downloader-EV. Suggestions?
 

Answer:Trojan !update-3895

Just noticed in processes ....updaterUI running ....ended the process, going into msconfig to see if its also there!!!
 

17 more replies
Relevance 34.03%

I came here last week, got a reply on the 7th just worked through some of the suggestions. I had the backdoor.jeem ran CWshredder & cleaned up the original Hijack this list. Things are much better, but IE keeps trying to open multiple pages when I first log on http://accu.acculoader.com/download/dialer/us_cax.cab
And I get a WINNT/dl.com or something similar page that is hidden, an "about blank", plus all of my pages open in a small window in the corner of my screen. I think I got most of the critical updates, but this Norton Internet Security keeps blocking good pages. Here is is the latest Hijack this.

Thanks in advance.
Logfile of HijackThis v1.97.7
Scan saved at 10:07:30 PM, on 6/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.... Read more

More replies
Relevance 34.03%

called stsrtpage.dji ran spybot s&D ver 2.1 from the magzine found lots of spyware and adware like dialers ect, which it removed, but spybot stopped half way.spybots keeps stopping half way and the only way to exit it is to ctrl alt del, and end tasktherefore spybot does not ever get to the trojan.HELP

Answer:trojan horse update

have you got latest updates? what is your os? how many other programs running at the same time.johnny.

4 more replies
Relevance 34.03%

Hi -

I recently posted a thread regarding help with a trojan horse, and have now completed the "first steps" to receiving help. Below is my original message re: my problem:

I believe I have a trojan horse virus on my computer. I'm running Windows XP with Media Center and I did a "destructive recovery" in hopes that it would wipe out the virus completely. After the recovery, I installed Spybot Search and Destory and Spyware Terminator. I use Terminator as my real time shield and virus scanner, and I use Search and Destroy as a secondary scanner. In looking at the logs, I noticed that there are cookies and registries that are being removed, but I also noticed that there are .exe files as well.

Symptoms before the destructive recovery included:
- when clicking on applications, I would receive a "Bad Image" pop up, for everything
- when clicking on links, it would take me to different sites
- Windows Media Center stopped working

My current symptoms include:
- Media Center not working
- Spyware Terminator is catching a lot of "installations", and I'm not sure which ones are legith microsoft updates, or which ones might be cause by the virus.

Below is a copy/paste of my dds log, and I have attached my ark.txt and attach.txt. When running the gmr program, all of my fields were not checked as indicated in the picture. The boxes that I did have checked were registry, services, files and c:.

In regards to my Media Cen... Read more

Answer:Need help with Trojan Horse: Update

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so.


Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please read all the information carefully!

You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.

Please include the log C:\ComboFix.txt in your next reply for further review.

7 more replies
Relevance 34.03%

My browser keeps redirecting to various sites. From google and other sites.

AVG has detected that ../system32/services.exe is infected with trojan horse patched_c.lxt
It has also detected that ../windows/assembly/GAC_32/desktop.ini is infected with trojan.generic15.axla

Malware bytes detected that a file in the windows/installer/ folder was infected with trojan.dropper.bcmilner and healed it.

problem Still remains please help!

DDS and GMER logs are attached.

Below is the DDS log.

Any help is much appreciated!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by LesH at 14:26:59 on 2012-06-25
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4001.1993 [GMT 1:00]
.
AV: AVG Internet Security Business Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security Business Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\W... Read more

Answer:services.exe infected trojan horse patched_c.lxt, and ../windows/assembly/GAC_32/desktop.ini with trojan.generic15.axla

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

16 more replies
Relevance 34.03%

Search Results

I am trying to update from Windows 10 OS Build 10586.589 to the Anniversary Update but my computer freezes at 1% progress. I have tried everything I can think of including: Unplugging all extra SATA drives except my main SSD, unplugging my wireless network adapter, unplugging all USB devices (even mouse and keyboard), removing old drivers and updating outdated ones, and installing the update through a USB flash drive. It always gets to the same part and freezes until I shutdown my computer and lose no data.

You can see pictures of the frozen screen here: http://imgur.com/a/PseoH.
Reddit thread (Took the guys advice on there): Windows 10 Anniversary Update Freeze : Windows10
Hopefully someone can give me some guidance on how to fix this as I've tried everything I can think of. Thanks!

Motherboard: Asus M5A97 R2.0
CPU: AMD FX-8320 (OC)
GPU: EVGA GTX 750 SC OS
SSD: Samsung 840 EVO 120 GB SSD

More replies
Relevance 34.03%

Search Results

I am trying to update from Windows 10 OS Build 10586.589 to the Anniversary Update but my computer freezes at 1% progress. I have tried everything I can think of including: Unplugging all extra SATA drives except my main SSD, unplugging my wireless network adapter, unplugging all USB devices (even mouse and keyboard), removing old drivers and updating outdated ones, and installing the update through a USB flash drive. It always gets to the same part and freezes until I shutdown my computer and lose no data.

You can see pictures of the frozen screen here: http://imgur.com/a/PseoH.
Reddit thread (Took the guys advice on there): Windows 10 Anniversary Update Freeze : Windows10
Hopefully someone can give me some guidance on how to fix this as I've tried everything I can think of. Thanks!

Motherboard: Asus M5A97 R2.0
CPU: AMD FX-8320 (OC)
GPU: EVGA GTX 750 SC OS
SSD: Samsung 840 EVO 120 GB SSD

More replies
Relevance 33.62%

Hi everyone,

First i will to thank you for trying to help me.

I have done a search for services.exe trojan but found that it has a lot of variations.

Hence, I need help from the expert.

The problem I have is the duplicates of services.exe and cmd.exe processes which severely slowed down my computer.

Below is the HJT log that I have scanned.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:29 AM, on 10/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mess... Read more

More replies
Relevance 33.62%

One to be aware of.click here

Answer:Trojan masquerades as Skype update

nice tip thanks.johnny.

2 more replies
Relevance 33.62%

Hi, running on Windows XP SP3, 5 drives, recently reformated it, also did it today after the warning. All the latest Windows updates are installed.
I noticed that in the 14th January update in NOD32 Antivirus update they added this trojan, so that means that I have had it for years maybe, and maybe it's not a dangerous trojan but anyway, it doesn't exclude the fact that I want to get rid of it.

This is the warning, and Clean doesn't work, error.

MBR sector of the 4 (or 0,1,2,3). physical disk

Win32/Agent.SDG.Gen trojan

Thanks.

Logs:

DDS (Ver_10-12-12.02) - NTFSx86
Run by Administrat?r at 22:25:54,70 on 2011-01-14
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1053.18.3327.2846 [GMT 1:00]

AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program\Sygate Personal Firewall\smc.exe
C:\Program\Aston\aston.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program\OO Software\Defrag\oodag.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Aston\XP\internat.exe
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\Program\Utilities\TaskSwitchXP\TaskSwitchXP.exe
C:\Program\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\ESET\ESET NOD32 Antivi... Read more

Answer:14th Jan nod32 update says I have SDG.Gen trojan

Bump, please :)

1 more replies
Relevance 33.62%

How do I...remove adobe disguised Trojan received as update to Adobe Reader received from auto forum last week.Had to use system restore cd to log in, McAfee removes but returns as hard drive is infected. McAfee Real time scan disables on it's own, websites are re-directed, etc...

Answer:Adobe Reader Update Trojan

W32.Fakeupver.trojanhttp://qurl.com/q5k8p

5 more replies
Relevance 33.62%

I updated my PC(XP)using the MS site and downloaded SP3.I believe I may have a trojan I cannot run Malwarebytes etc as they are blocked and Avast is poorly.When I tried system restore I end up with file dll32.exe.I would be grateful for any advice.Moreover the taskm manger is not working properly.CAN I run a cd with antispyware etc through my PC to eliminate problem?Thanks in anticipation

Answer:Service Pack 3 update;TROJAN?

Could try SuperAntiSPyware. Also now has a portable download I believe. (put on a flash card/stick)click here

10 more replies
Relevance 33.62%

BitDeffender finds trojan.generic in Bios Update 74319Flash.exe.   Quote from BD scan "D:\Downloads D\HP Downloads\HP Consumer Desktop PC BIOS Update (ROM Family SSID 2B47) - sp74319.exe=>(CAB Sfx 2o)=>\Flash.exe Trojan.GenericKD.3051785 Moved to Quarantine ". And I am denied access to the flash.exe.Has anyone else seen this?

More replies
Relevance 33.62%

Trojan masquerades as Skype updateBy Joris EversStaff Writer, CNET News.comPublished: October 17, 2005, 5:01 PM PDT Cybercriminals are spreading a malicious Trojan horse under the guise of an update to Skype, e-mail security firm MessageLabs said Monday. The Trojan horse, a variant of IRCbot, arrives in an e-mail purporting to be an update to Skype, the popular Internet telephony application. Once opened the malicious software displays a phony installation error message. It then blocks access to security updates and installs a back door on computers, MessageLabs said in a statement.news.com

More replies
Relevance 33.62%

i am using firefox as my browser and today i got a message that my flashplayer needed to be updated so i went through the stages and it was downloaded, i rhen did a scan with avg 9 free and it came back and told me, flashplayer 10.1 update for win. exe is a trojan horse downloader generic 10.adtf, and it put it in the vault, has anybody else come across this,is it a mistake or should i leave it in the vault. thankyou.

Answer:Trojan downloader from flshplayer update

try a bootscan with Avast Free and see what it finds, you may want to use that instead of SVG, AVG has many false positives lately. Just a thought.Some HELP in posting on Computing.net plus free progs and instructions Cheers

2 more replies
Relevance 33.62%

The latest Google-related exploit...poses as a message from Google that takes users to a Website that's a replica of the popular search engine. Once you download the "update,"...you're "punk'd" by a Trojan into joining a spam botnet.darkreading.comMore here.

More replies