Computer Support Forum

Avast Malware Like Behavior...Worst AV

Question: Avast Malware Like Behavior...Worst AV

I did Custom Install with File/Web Shield Only.
Next day, Chrome asked me to enable/disable Avast Online Shield.
A day after, Chrome asked me to enable/disable Safe Price.

And I read in Avast forum, Safe Zone Browser, etc gets auto-installed.

Whats the purpose of Custom Install if post install Avast any way is going to install the not installed stuffs?

Avast Behavior is like Malware...Once a reputed AV behaves like Fake AV...It has become Worst AV with sneaky, intrusive, etc... behavior.

Uninstalled the Fake AV Avast by Avast Software a.s

Relevance 100%
Preferred Solution: Avast Malware Like Behavior...Worst AV

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Avast Malware Like Behavior...Worst AV

Yash Khan said:





I did Custom Install with File/Web Shield Only.
Next day, Chrome asked me to enable/disable Avast Online Shield.
A day after, Chrome asked me to enable/disable Safe Price.

And I read in Avast forum, Safe Zone Browser, etc gets auto-installed.

Whats the purpose of Custom Install if post install Avast any way is going to install the not installed stuffs?

Avast Behavior is like Malware...Once a reputed AV behaves like Fake AV...It has become Worst AV with sneaky, intrusive, etc... behavior.Click to expand...

It auto updated the install, with out any input ?
If it did that is a serious concern seeing malware could utilize that avenue to trigger malicious installs. wow

2 more replies
Relevance 77.14%

I did Custom Install with File/Web Shield Only.
Next day, Chrome asked me to enable/disable Avast Online Shield.
A day after, Chrome asked me to enable/disable Safe Price.

And I read in Avast forum, Safe Zone Browser, etc gets auto-installed.

Whats the purpose of Custom Install if post install Avast any way is going to install the not installed stuffs?

Avast Behavior is like Malware...Once a reputed AV behaves like Fake AV...It has become Worst AV with sneaky, intrusive, etc... behavior.

Uninstalled the Fake AV Avast by Avast Software a.s
 

Answer:Avast Malware Like Behavior...Worst Antivirus

Yash Khan said:


I did Custom Install with File/Web Shield Only.
Next day, Chrome asked me to enable/disable Avast Online Shield.
A day after, Chrome asked me to enable/disable Safe Price.

And I read in Avast forum, Safe Zone Browser, etc gets auto-installed.

Whats the purpose of Custom Install if post install Avast any way is going to install the not installed stuffs?

Avast Behavior is like Malware...Once a reputed AV behaves like Fake AV...It has become Worst AV with sneaky, intrusive, etc... behavior.Click to expand...

It auto updated the install, with out any input ?
If it did that is a serious concern seeing malware could utilize that avenue to trigger malicious installs. wow
 

26 more replies
Relevance 58.22%
Question: Avast Behavior

Running Vista Home Premium, and a longtime Avast user. The other day I updated to the latest version of Avast, installation went fine, no issues, but here's what I'm seeing, and pardon my lack of computer lingo if my explanation isn't perfect. Whenever I go to my home page, down the bottom of my screen there's a scrolling of sorts, and it says Avast On Access Scanner Message. While the page loads this "scrolling" increases until the page finishes. It appears that it's checking the content of the page because it does disappear. If I go to a website it does the same thing. Click on any part of a webpage? Same thing. I have never encountered this with previous Avast versions, so I don't know if this is a new feature?

I'm sure it's a safety thing but it's pretty annoying. I've gone into the program and tried to find why it's doing this and the best that I can come up with it this;

Click on the blue Avast Icon in system tray.

In the list of web shield installed providers I disable, or terminate, the web shield option. This seems to stop the onscreen scrolling. Is this safe to do? I'm not 100% sure if it's best to do, but it solves my problem. Any thoughts/opinions by those more knowledgeable than me are welcome.
Thanks.

Answer:Avast Behavior

Hi Junior2007

I don't think it's safe to terminate that web shield. Start it back up, then click on the customize button > advanced button and uncheck the two entries in that window. That should fix your problem.

5 more replies
Relevance 56.99%

I recently went from Avast 4.8 to Avast 5 and am pleased with the new version. I note that it has a Behavior Shield and can't recall if the earlier version also had. What I would like to know is this: does the Behavior Shield make Threatfire, which I also use, redundant?

Unfortunately, although I tried to glean an answer from Avast's Help Center, I do not know enough about computers to know what the description there of the Behavior Shield amounts to: it 'monitors all activity on your computer and detects and blocks any unusual activity that might indicate the presence of malware. It does this by continuously monitoring your computer's entry points using special sensors to identify anything suspicious.'

I have XP, SP 3.

Thanks in anticipation.

Answer:Avast 5's Behavior Shield and Threatfire

Behavior shield - monitors all activity on your computer and detects and bloxks any unusual activity that might indicate the presence of malware. It does this by continuously monitoring your computer's entry points using special sensors to identify anything suspicious.avast! 5.0 Quick User GuideThreatFire monitors your machines activity and uses an intelligent behavioral engine to alert you about malicious behavior rather than rely on signatures. - How ThreatFire WorksAs such there will be some redundancy using both but their technology is different and therefore, what is detected may vary.

2 more replies
Relevance 56.99%

Hello,

My son got into some bad stuff which led me to this forum a few months back. After some research I went with Avast Anti Virus (free version), Malware Bytes (paid version), and Comodo Firewall (free version). I have had a lot of slow behavior when surfing and doing email. The cursor is unstable and I cannot type things without a long wait. I turned of the Avast Behavior Shield and everything is a lot better. What have I lost turing off this feature? There are still several other Avast Shields running along with the Malware Bytes and Comodo.

Any suggestions? Should I try a different AV program?

Thanks,

Dave

Answer:Avast 5 Behavior Shield Slows Down XP?

hello daveplaysbass,The behaviour shield is a bit of a mystery! There's quite a few questions about it on the Avast forums and no real answers. I think the guys on there have been waiting for months for a 'promised' explanation from an Avast official. Found out a few things tho. This is a quote from an interview with a Avast official ...."The Behavior Shield that we shipped in version 5.0 is a new component that is going to be further developed moving forward. For example, in version 5.1, we will be adding more sensors that will allow for even finer-grain filtering.For now, the Behavior Shield is focused on exploits coming via typical mechanisms (browser, PDF reader, and flash vulnerabilities, for example). It also closely monitors all kernel-mode code (drivers) loaded into the operating system, and is able to detect zero-day rootkits."So whilst it's new and not operating at it's fullest potential, it still is an important part of Avast!It's not supposed to use hardly any system resources, but a few people have had problems with it conflicting with other software. One person had the problem of it conflicting with the 'Payed' version of Malwarebytes. And thats interesting because my set up is the same as yours, Avast(free), Comodo firewall(free) but i have the Free version of Malwarebytes, and i have no problems with conflicts.Its worth checking to see if there's any information in the Behaviour Shield report( at the bottom of the Behaviour shield page) in th... Read more

1 more replies
Relevance 55.76%

Can anyone suggest the most appropriate settings for COMODO HIPS so that it would work with Avast behavior shield in tandem?
 

Answer:Avast Behavior Shield with COMODO HIPS. Which settings should I use?

U can use safe mode in comodo hips. It should work realy nice with the behavour shield from avast. Well, i would turn off hips totaly if u use comodo firewall and avast. there is no need for hips.
 

5 more replies
Relevance 55.76%

So basically I only installed the behavior shield from the avast installation wizard. I was thinking having Kaspersky as my main AV along with avast's behavior blocker is a good set up. However, admittingly I am a novice, and I don't know if these two will clash. So far, everything seems to be going smoothly, but the WD notification icon is displaying that X and is saying I shouldn't have more than one AV installed. Thanks.
 

Answer:Using Kaspersky free with only Avast Behavior Shield installed.

I personally think it should work ok running these 2 programs if Avast is only enabled for behavior blocking.
 

20 more replies
Relevance 54.53%

Hey all.

My computer has recently just got a hell of a lot of malware and to even post this here i've had to go on a different computer!

Internet Explorer started getting slow, then popups started appearing advertising gambling/search engines/spyware programs.

I tried to get rid of it using AVG and spybot; it didn't work.

Then it got worse! Pages i'd click on from a google search would be redirected to a .ru website, Internet Explorer got so slow I can't use it and when I could this damn malware would randomly close the website I would be browsing.

Please help!
 

Answer:Worst malware I have ever had! Help!

Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flas... Read more

1 more replies
Relevance 54.53%

I cant run msconfig, task manager, system restor, and install any program what so ever (Windows cannot fin '____'. Make sure you typed thae name correctly and the ntry again. To searhc...) Happens with every program i try to install. Internet explorer doesnt work. Cnat tpye anythign in "run".
I cant run hijackthis. The virus comes off in safe mode as well. The little icon on the bottom right taskbar is a red circle with a white X in the middle. Wall paper is "your system is infected"
No internet at all. I think it was "you pc protector" malware but i deleted some files but i know its still i nhere somewhere. Its an XP sp1 dell 600m. No antivirus cna be installed or ad warez. Can only open somethings on control panel.

Any help please im desperate

also before desktop shows it says "spyware alert!"
security warning
worm.win32.netsky detected on your maching.

type virus
system affected win 2k, ntt ,me ,xp, vista, 7
recomendations: nexxasray for full sysstem scan

More replies
Relevance 54.53%
Question: Worst Malware Ever

I've had a virus or some spyware forcefully installed on my computer a couple times before but I've always been able to get rid of it with some sort of virus or spyware removval software.

But not this time, everytime I try to run Spybot etc. my computer turns off before it can get rid of the crap. At first I thought it was happening randomly but now it's obvious the virus or whatever just refuses to leave.

Is there anyone else who has had this problem and can help me? I don't know enough about computers to do much more. So please help!
 

Answer:Worst Malware Ever

When you say "turns off" do you mean the computer restarts or physically powers off?
 

3 more replies
Relevance 54.12%

Wow. My computer just got infected with quite possibly the worst form of malware I have ever seen, and don't know what it is or what to do to fix it. It has multiple symptoms and seems to be a very complex infection.

It started when I clicked on a link to a website from a Yahoo search and a fake "Anti-virus/spyware" screen popped up saying my computer has been infected and running a "search". And it won't let you cancel the screen without using Task Manager. That part isn't so bad. I have had several of these in the past with no problems after getting the screen closed. It gets worse. Much worse.

Right after this, my computer went to a blue screen saying "A problem has been detected and Windows has been shut down to prevent damage to your computer". I restarted my computer with no problems, but I notice that it appears that I did pick up a "hijacker", as sometimes I would click on a website address in a Yahoo search and it would take me to various second rate "search engine" sites. This was particularly true when going to anti-spyware sites.

So I was pretty sure I was dealing with some form of hijacker spyware. No big deal, I thought. I've dealt with these before. But it gets worse.

I ran Spybot S&D, and it was promply shut down, saying something about not having authorization to run the program. I removed Spybot and downloaded a new copy from Spybot's website. It installed, but when I would click ... Read more

Answer:Help! The worst malware infection ever!

We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.----------------------------------Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to HighAlso try: right-click on rootrepeal.exe and rename it to tatertot.scr

8 more replies
Relevance 54.12%

K, I have a laptop that has a 500 gig hard drive and the complaint was that Windows wouldn't startup, Bootmgr is missing. The first thing I did was an std scan, Kaspersky 2012 found a few and I had to reboot to disinfect my machine since it spread to my drive.

After the reboot, I checked out what's in the hard drive and there's literally nothing but 1.5 gigs of files on it. I looked into the Windows folder and checked the gig amount in it, 1.3 gigs. There's no user data, or program data. It's almost like it was reformatted and Windows was gutted. Explorer.exe is gone.

At the moment, I'm running a file recovery on it and hopefully restore things back. But, my question is, how in the blue hell can something like that happen? Especially on 7, that is unheard of, at least to me.

Answer:Probably the WORST malware damage I've ever seen...

You are not alone never seen anything like that.
Just wondering though, have you ever attempted to view the drive when not actually booting from it before?
Do you use bitlocker or any other advanced security features.
There's a ton of reasons you wouldn't be able to see or view the files even though they were there.

edit: also were you booted from that drive when you ran the scan?
because if not it would not consider any of them as system files.

7 more replies
Relevance 54.12%

I spent a full day fighting with a laptop infected with the "FULL-DiskFighter" malware. The laptop was playing audio ads every few minutes and sometime several would be playing at the same time. After much work (stopping processes, uninstalling suspicious apps, tried to boot into safe mode to correct it, etc...), I ran the following:

- Microsoft Security Essentials
- Norton Power Eraser
- ComboFix
- CCleaner
- MalWareBytes
- McAfee Stinger

And none of these were able to clean the PC. MalWareBytes was the only program to detect and quarantine the rogue software, but it couldn't remove it. After about 6 hours, I backed up the data (it was uninfected) and formatted the drive and reinstalled Windows 7. All is well now but that was a nightmare! Has anyone else seen this particularly nasty malware out there?

Answer:Just dealt with the worst malware I've ever seen!

I had not had the unfortunate experience of dealing with this particular variant...but I have run into challenging ones like this before.

Just out of curiosity, what web browser was used on this machine (Was it IE or Chrome)?

21 more replies
Relevance 53.3%

Hi guys,

Okay, so I'm on a Dell Inspiron 9300 running Windows XP.

I admit to taking a wrong turn on a site I should have known not to trust. That site gave me an automatic redirect to a site purporting to be porntubedotcom which instantly loaded up my system with fake AV software, redirects and pop-ups galore. It changed my desktop background to an actively-linked background consisting of a bio-hazard-type image saying, "Your privacy is in danger! Download privacy protection software now!"

The malware has completely disabled my Norton. It has eliminated all the system shortcuts from my Start menu such as Control Panel, My Documents, Connect To, and the Help shortcuts. I cannot use Alt-Ctrl-Delete as it simply pops up saying, "Your Task Manager has been disabled by your system administrator." Nor can I utilize System Restore as it will not allow me access to any restore point other than the moment after all this crap was installed. Also, when I click on Control Panel, my icons for the C:/ and D:/ drives have vanished.

Here's the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:05: VIRUS ALERT!, on 8/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WI... Read more

Answer:Solved: Help! Worst malware I've ever encountered!

Problem solved.

I had set up an unused user profile a few months ago while working on a home networking problem. Turns out, I was able to reboot to that user profile where I then had access to all the files that were critical to me. I transferred those files over to my desktop and did a complete system restore using Ctrl-F11 at reboot.

Sucks to have to reload the entire system again including all the files I now have to put back on the laptop, but I consider it a hard lesson learned. Now I have some font issues that I can't sort out so I'll post a question about that in the appropriate forum.
 

1 more replies
Relevance 53.3%

Okay well its been long since aI have ahd a problem so one day i was online i was looking for a email apssword cracker(for my old yahoo acc) then i downlaoded this program called Turbo's Generator. I ran it, it warned me but i clicked yes, (honestly, my gut told me not totdo it cos it was a virus but stupidly i did run it =.=) so after i ran it nothing popped up adn then the instant i knew it! i was now infected. i ahve used super antispyware, it showed up with 23 adware and stuff so it was then deletes. after a few minutes i went on google and continued my search for email crackers then it redirected me to this -adult content- website. now i seriously dont kinow whats wrong i have deleted all the spyware and adware and malware but then it keeps on coming abck, i ahve tried AVG 9.0 the one that uis the best one (for the 30 day trial) ive scanned and it found alolt of the virus' again it was deleted after a few hours THE ADS WERE BACK! they kept on redirecting me, so i had no choice but to use ComboFix heres the log, and i know i know for a billion times i know im not supposed to use it but i actually relaly need my comptuter so plaease pros out there help me!!! my log will be below.LOG:ComboFix 09-04-23.02 - Johnny 01/04/2010 22:48.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1054 [GMT -8:00]Running from: c:\documents and settings\Johnny\Desktop\Johnnys Backup!\Important files for this computer&#... Read more

Answer:Malware/Spyware probnlem PLEASE HELP i think its getting worst.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

23 more replies
Relevance 53.3%

Malware has affected my login to windows. When I boot into windows it takes forever like it's loading a program or something. I don't get the usual Welcome screen. Instead I get a login screen which shows my login and user name and when I click on it it asks for a password, which I don't have. I tried it in safe mode but all that does is give me the extra option of Administrator login but that's passworded too. I recently got a virus and after I deleted it I scanned for spyware/malware using adaware 7. It found 4 cases of Malware on my hard drive. I used unlocker to delete the files as they were being used by winlogon.exe and explorer.exe. Everything was ok until I turned off my PC overnight and when I came to it the next morning I was completely locked out.

I burned a boot Cd called 'Hirens boot CD' and used it to reset the passwords but it made no difference. I don't know if the logion screen is really the actual windows login screen or if it's a program made to look and act like the real thing. In other words, a program that's intercepted the login process that's running in the background and made to look and act like the real Windows login.

My PC appears to be loading something up as it goes into windows cos it takes forever to kick in. Without access to msconfig.exe or Windows desktop I can't edit my startup programs and can't get a hijack this log.

I tried using my XP installation disk to boot into recovery ... Read more

More replies
Relevance 52.07%

In addition to a bunch of other security software, I've got the free version of avast! Antivirus. I ran a full scan with it late last night. It found nothing. I have also within the past two days run the free versions of Antimalwarebytes' Antimalware, SuperAntiSpyware and Glary Utilities (which includes a Spyware Remover), none of which found anything.

I just rebooted my computer and went online. When I logged into my web-based email website, I got the following error message:

"Suspicious files have been detected (using a heuristic method). This may be a sign of malware infection. Please allow the files to be submitted to our virus lab for analysis.

C:\Documents and Settings\user\Local Settings\Tem...\CADM8RGP.HTM"

Positioning the mouse cursor over this path \ filename revealed the full path to be
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2DY059NS.

This message is in a dialog box which is labeled as, and whose graphics appear consistent with, avast! Antivirus. The dialog box includes two drop-down menus, "Action to take" and "Advanced".

I've never seen or heard of any such behavior by avast! Antivirus, and I've never heard of any free virus analysis lab run by avast!.

I have Windows Explorer configured to display all hidden files and folders, as well as to display all system folders, but I can't even see the Content.IE5 folder, nor can I find the file CADM8RG... Read more

Answer:Is this really avast!, or is this malware masquerading as avast!?

Should I just go through the whole process given in the Malware Removal Guide again?Click to expand...

Yes.
 

1 more replies
Relevance 51.66%

i have norton and defender telling me i have a Trohan.Vundo & a Fotomoto on my computer and its shutting down my explorer and photoshop with out notices....

can you help me out....

so far i just installed the latest HIJACKTHIS program, please let me know what else i need and what reports to send you
thank you

[email protected]
 

Answer:Malware (tron.vundo &Fotomoto) on my comp and getting worst by the minute HELP

16 more replies
Relevance 50.84%

since when does operation bait detail of illegal acts, their was nothing illegal I was doing to retaliate??? You are always the first to shutdown an issue/topic like its the end of the world!!!! I mean come on.. ILLEGAL ACTS... nothing in that thread said I was doing anything illegal... LOL

Answer:Animal! The Worst Of Worst Mods/admins...

what is next animal... you going to threaten me about use of forum... block me or what... just so in 10 minutes ill be logged into another screen name with 2k posts??????? overreacting I think you are... IMO

11 more replies
Relevance 50.43%

A couple days ago I was looking at the weather online on my Toshiba laptop (XP Media, SP3) when I got a report from Avast stating it had blocked a connection to a malware site, just like this, which popped up when I was typing.

Infection Details

Process:file://C:\WINDOWS\System32\svchost.exe Infection:url:Mal
Obviously I scanned and it did pick up some things, and I thought I had gotten the problem. Obviously I didn't, and I got Malwarebytes which I scanned with and again thought I might be good. MWB just started constantly reporting outgoing connections being blocked. I did some digging, a lot more scanning (all turned up clean), and I noticed a couple things.

1. I'm getting issues with SVChost where it is sometimes taking up nearly my entire CPU. I replaced it with a different version of SVChost (in all windows folder locations) and whatever is using it to do the bad stuff isn't the file itself because it resumed causing trouble.

2. I tried to get rid of all unwanted processes & services, & I came upon one which I couldn't get rid of- groovemonitor, associated with Microsoft Office. I'm suspicious because I've tried deleting it, manually and automatically, and whenever I try to delete the entire Microsoft Office folder this one set of files (the groovemonitor dll's) will not let me delete the folder. I've tried disabling this whenever possible.

I'm still getting constant url blocks no matter what I have done, all sca... Read more

Answer:Avast & Malware Bytes Constantly Blocking Malware Connections

Just wanted to provide a bump.
 

1 more replies
Relevance 49.2%

System: AMD 5000+, 3GB RAM, 3 hard drives with nearly 1TB of total space
internet: 1.5Mb DSL modem and router, Actiontec brand supplied from my ISP.
OS: Win XP Pro 32 bit, SP2 pack, has IE7 installed and all critical updates have been applied
Also using Zone Alarm, AVG Antivitus, AVG Spyware, Spybot S&D, and Ad-Ware. I've also used both Trend Micro and Panda's online scans when I suspect something is preventing AVG from working.

Symptom: using either Firefox or IE7, web pages takes a lot longer to load than usual and when I access a web server that I haven't been to for a while, the browser may time out for no reason yet when I refresh, the page loads quickly. This behavior seems like I'm using an unreliable proxy server and/or broken DNS. This only happens on one PC, the 2 other PC on the same network using the same DSL modem all runs fine so it is defiantly not an issue with my ISP, the DNS, or my DSL modem/router.

Also once in a while (every 3 or 4 days), Internet Explorer starts up and opens about 30 or 40 tabs for no apparent reason. Because of this, I have placed IE on blocked list in Zone Alarm. I do not know what it is loading as I forced IR7 to close before it can start loading and since blocking IE7 from internet access, I get 30 or 40 "pages can't be loaded" but none of them mentions what web site(s) IE7 was trying to load.

Browser's internet setting and Internet Options in control panel are not altered and no proxy server is used. I ... Read more

Answer:Strange IE7 behavior, possible malware?

Just wanted to add that:
S3 GMSIPCI - d:\install\gmsipci.sys (file missing)

is obsolete or inaccurate, D: is the DVD drive. Has always been there so no idea why it shows up.

3 more replies
Relevance 49.2%

Basics: Home Dell desktop, 3 yrs old, Windows XP SP2, IE7, FF 3.05, Safari 3.2.1, McAfee (up-to-date)

This PC is my home PC which I typically use for basics such as browsing, paying bills, etc. Several weeks ago my teenage kids started playing games on it. And then came the dreaded Spore game. From that point wierd things started happening. I ran McAfee full scan several times. Everything cleared up except two very annoying problems:

1) Regardless of how many time I tried to set browser (all browsers) to block popups the option would get unset. Thus going to ESPN, CNN, etc. was a PIA but not horrible.
2) Trying to click on any link returned from a Google search resulted in being redirected to some other web site.

In doing research on this topic I was introduced to Malwarebytes' Anti-Malware through pcsafety.us web site. I downloaded it, let it update, ran the full scan (it found 98 issues) and then let it delete/quarantine them.

The new situation is this:
1) Firefox works fine with one exception (see below)
2) I can not run IE. I tried clicking on the desk icon and going directly to the Program Files/.../exe. When I select it Windows tells me that it can not find the application even though I'm looking at it and selecting it to run specifically.
3) So I figured I would re-download IE. Going to the MS web site and trying to download IE resulted in a "Filed to Connect ... Firefox can't establish a connection to the server at download.microsoft.com.&... Read more

Answer:Odd behavior after running Malware

Try this scan:http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/

3 more replies
Relevance 48.79%

I purchased HP AU113TX notebook 3 months back. And since then I am getting BSOD error and till date I have opened 3 case id of which my last case id is opened for more than one month(CaseId: 3036636047) Why customer should suffer because of issues in your laptop. Being a loyal customer of HP, would say I will never ever trust HP again.

Answer:Worst company worst support.

@AliMujtaba

 

I have brought your issue to the attention of an appropriate team within HP. They will likely request information from you in order to look up your case details or product serial number. Please look for a private message from an identified HP contact. Additionally, keep in mind not to publicly post personal information (serial numbers and case details).

If you are unfamiliar with how the Forum's private message capability works, you can learn about that here.
Thank you for visiting the HP Support Forum.

1 more replies
Relevance 48.79%

Hello, strange things happening on my computer:

-Unexplained self shutdowns without overheating
-Team Viewer 7 installed itself this week (don't want that!)
-Frequent connection problems

I have performed requested logs, and Rootrepeal will not complete. Tried twices, a blank 'translucent' window appears over the Rootrepeal windows, if I wait, nothing happens, if I press enter, Rootprepeal closes and no log is generated.
 

Answer:Strange behavior - Suspect malware

I want you to run TDSSKiller so refer to the below for how to do so.

TDSSkiller - How to run


Please also download MBRCheck to your desktop

Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
It will show a Black screen with some information that will contain either the below line if no problem is found:
Done! Press ENTER to exit...

Or you will see more information like below if a problem is found:
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.

 

15 more replies
Relevance 48.79%

Hey all.

About a week ago my internet started disconnecting every 20 minutes. It happens both with wired and wireless. I'm on a college campus and everyone else is fine, its just my laptop. My sent and received bytes are also acting strange. As of right now, i have sent just over 1 million, but recieved over 14 million. I get disconnected from servers constantly and lose packet flow for the games i play. Here is my hijack this log and attatchmennt:

Deckard's System Scanner v20071014.68
Run by Ben Z on 2007-11-06 17:53:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
5: 2007-11-06 22:08:48 UTC - RP73 - Windows Update
4: 2007-11-06 06:45:22 UTC - RP72 - Installed VeohTV BETA
3: 2007-11-06 06:05:25 UTC - RP70 - Installed Rappelz_USA
2: 2007-11-06 03:22:36 UTC - RP68 - Windows Update
1: 2007-11-06 02:45:36 UTC - RP67 - Installed America's Army 2.8.2 Update Patch


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Ben Z.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:55:12 PM, on 11/6/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program File... Read more

More replies
Relevance 48.79%

I use WinPatrol and recently started getting messages about Windows Automatic Update settings being changed to "Never check for updates".  I ran HijackThis to go through the log and noticed that there were "file missing" messages on a few executables/DLLs from the System32 folder (running Windows 7 Ultimate 64-bit).  One of the supposedly missing files, lsass.exe, has been known to have been used by malware programs in the past, but usually is renamed using a capital i instead of the lowercase L and is run from another directory.  The file itself is not missing, even though HijackThis reports it as missing.  I double-clicked it to run it from the System32 folder and immediately got a popup message from BitDefender that an infection was being cleaned.  I then right-clicked it and asked BitDefender to scan it, it came out clean. I use BitDefender Antivirus Plus 2015 which is up-to-date and I've done a full scan with no infections found. Thoughts or suggestions on my next steps? Thanks!Edit: Topic moved from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum.~ Animal

Answer:Strange behavior, possible malware or virus?

Welcome aboard
 
HJT is a very old tool and especially is not compatible with 64-bit systems. That's why you have so many files listed as missing.
Are there any other issues than Windows updates setting change?

5 more replies
Relevance 48.79%

I've got a problem that I originally thought was some sort of problem with my wireless mouse, but that I am now reasonably certain is some sort of malware. Running Windows Vista with a Microsoft Wireless Laser Mouse 6000, the behavior consists of random mouse movements, left clicks, right clicks, and mouse wheel movements. The behavior continues even when the mouse is unplugged, and began while playing a single-player game of Red Alert 3.
It has continued before, during, and after the Vista Cleanup Procedure, and additionally a full scan with Avira AntiVir personal, my antivirus program, has failed to pick up anything.
Logs are attached. Let me know if any more information would be helpful.
 

Answer:Random mouse behavior malware

The last log.

(I believe I've followed all the procedures for getting help around here: please let me know if I've missed a step.)
 

2 more replies
Relevance 48.79%

Hey, so yes sorry for the late time, I had some didfficulties accessing internet when I tried to download FRST. Here is my first log:
 
Résultats d'analyse de  Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2016
Exécuté par Julien (administrateur) sur DESKTOP-5B69OOS (26-11-2016 17:55:26)
Exécuté depuis C:\Users\Julien\Desktop
Profils chargés: Julien (Profils disponibles: defaultuser0 & Julien)
Platform: Windows 10 Home Version 1607 (X64) Langue: Français (Canada)
Internet Explorer Version 11 (Navigateur par défaut: Edge)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processus (Avec liste blanche) =================
 
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\Inst... Read more

More replies
Relevance 48.79%

Hey, so yes sorry for the late time, I had some didfficulties accessing internet when I tried to download FRST. Here is my first log:
Edit:I don't know if it can help or be in conflict but I have to reset my windows 10 as soon as I have updates if I need to reboot or close the pc. He comes back quickly when I connect on internet, but with a fresh reboot without internet, I can handle it for about 30-40 minutes before saying that some parameters has change and windows need to reboot...if I don't turn off the pc and restore while apllying updates, Pc is gonna run at almost 95% disk drive with windows defender on top if the list... This log is from an almost brand new refresh, I'll be writting from my iphone to limit usage of my parents wifi to my computer. My own wifi is all unplugged for now, and as I need to apply minor updates for programs, I use my mobile hotspot from my iphone. If you need anything to know, I can talk about it for hours...it's been about four months that I look around my windows, wiping everything to zero and let "him" work at start up with/without internet.
Edit2: here the link to original request: http://www.bleepingcomputer.com/forums/t/633140/i-must-admit-iti-need-help/#entry4127983
 
Résultats d'analyse de  Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2016
Exécuté par Julien (administrateur) sur DESKTOP-5B69OOS (26-11-2016 17:55:26)
Exécuté depuis C:\Users\Julien\Desktop
Profils chargés: Julien (Profils... Read more

Answer:Infected with a serious malware (behavior backdoor)?

And this is the scan after the updates:  normally at this point, I delete everything (I try) on my hard drive and reinstall Windows because my computer become slower and in Task manager my Disk is between 95% to 100%... and getting a lot more redirected on internet (gotta check every single URL)also if I do some actions, it happened that the computer restarted or force me to restart due to a bug and after that, the command or action (like scanning with windows defender offline, acessing devic and to retry..e manager or disk manager etc.)becomes impossible ''due to a problem''.... also, I noticed a new hive under Hkey_local_machine named BCD00000 with an entry saying: treat as system with 1 for valor, is it normal? 
 ******I also noticed that my iphone is seeing my router (that my parents use for a gateway around the house is not secured because its only in wpa...but not my pc. I can't change anything and i found a key in the registery setting the dhcp at 192.168.0.1.... ******
Résultats d'analyse de  Farbar Recovery Scan Tool (FRST) (x64) Version: 27-11-2016
Exécuté par Julien (administrateur) sur DESKTOP-5B69OOS (27-11-2016 23:31:19)
Exécuté depuis C:\Users\Julien\Desktop
Profils chargés: Julien (Profils disponibles: defaultuser0 & Julien)
Platform: Windows 10 Home Version 1607 (X64) Langue: Français (Canada)
Internet Explorer Version 11 (Navigateur par défaut: Edge)
Mode d'amorçage: Normal
Tutoriel pour Fa... Read more

1 more replies
Relevance 48.79%

I'm not sure if I am infected or not.  My problems began to appear when Norton Security updated itself to the latest version via Norton's LiveUpdate feature.  After that, the browser protection and exploit prevention settings of NS turned themselves off.  Turning these features back on manually would cause them to turn off again after about 30 seconds.
 
At that point I ran Malwarebytes, which reported an infection with PUP.Optional.CrossRider.  I followed the instructions for removal that I found here: https://malwaretips.com/blogs/pup-optional-crossrider-virus/. Malwarebytes no longer reports any infection.  This partially changed the behavior of Norton Security, in that it now allows me to set browser protection on.  However, if I turn on exploit prevention, it continues to turn both browser protection and exploit protection off.  In short, I cannot leave exploit protection turned on without having both it and browser protection turned off after about 30 seconds.
 
I posted a question to the Norton Security forum and received a reply that my computer may continue to be infected; they are uncertain if the problem is with malware or a possible (as yet unreported) bug in the latest version of NS.  They have asked me to ensure that I have no malware on my computer before I contact them again.
 
I have run FRST, and I paste the FRST.txt file below, as well as attach the Addition.txt file.
 
I greatly appreciate any sup... Read more

Answer:Possible malware; odd behavior in Norton Security

Greetings Bill Pierce and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

10 more replies
Relevance 47.97%

Malicious software artifacts like viruses, worms and bots are currently one of the largest threats to the security of the Internet. Upon discovery, such malware must be analyzed to determine the danger which it poses. Because of the speed in which malware spreads and the large number of new malware samples which appear every day, malware analysis calls for automation. CWSandbox is an approach to automatically analyze malware which is based on behavior analysis: malware samples are executed for a finite time in a simulated environment, where all system calls are closely monitored. From these observations, CWSandbox is able to automatically generate a detailed report which greatly simplifies the task of a malware analyst.


:: InMAS :: Internet Malware Analysis System :: CWSandbox ::

More replies
Relevance 47.97%

Hi there. First post, so here goes: Recently had issues with ahkdsk.exe and found a post here that helped to remove it. Now I have a different program popping into the task list and gobbling up any available CPU: UAanregw.exe. It pops in the task list when new browser windows are opened and occasionally when existing windows are updated. Additionally, web pages have mysterious green links randomly located that point to advertising sites and the like. Even pages displayed on our intranet are affected with these crazy green links. They're embeded in text that should have no links at all. I read and followed the steps on the "new to posting" thread and what follows is the HJT log. I look forward to hearing from someone and am grateful for their help.

Logfile of HijackThis v1.99.1
Scan saved at 10:53:59 AM, on 4/7/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\WINNT\system32\cusrvc.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\lyncusb.exe
C:\PROGRA~1\COMERI~1\NetCfgSv.EXE
C:\WINNT\System32\QCONSVC.EXE
C:\WINNT\system32\regsvc.exe
C:... Read more

Answer:Suspected Malware: UAanregw.exe and other strange behavior

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

---------------------------------------------------------------------------------------------

Download Ewido Security SuiteInstall Ewido Security Suite
When installing, under "Additional Options" uncheck..Install background guard
Install scan via context menu

Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.On the left hand side of the main screen click update.
Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

Download CleanUp! (Alternate Link if main link doesn't work) and install it. The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there.

*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Tempora... Read more

6 more replies
Relevance 47.97%

The laptop having an issue is running Windows XP SP2 32-bit.  I do not have a Windows XP install CD, but can borrow one.  At time of possible infection, I was running the free versions of both AVG 2013 and Malwarebytes for protection but not at the same time.  I am typically logged into Windows XP on this laptop as a user who was once part of a network domain (decommissioned work computer), but is not a local user.  I do have a local login as Administrator I am using when booting into safe-mode.  I believe any infection occurred when logged in as the domain user.
 
I apologize for the lengthy explanation, but don't know what might be relevant.  This began when I attempted to run internet explorer and instead of opening it came up with the "iexplore.exe has encountered a problem and needs to close" window.  I then tried to open internet explorer again and got the same message.  So I figured it was time to reboot Windows XP.  When windows came back up I tried again to get internet explorer to start, but instead of an error message nothing happened.  So I started Task Manager and watched the Processes tab to see if it was even starting up.  I could see iexplore.exe start and then promptly be killed.  I thought internet explorer was corrupted since I was able to start Firefox without any problem.   So I tried to run the Windows System Restore to go back to a working checkpoint.  But it also wouldn't run be... Read more

Answer:Possible lingering malware infection and odd Windows XP behavior

Additional information:  The result of the last scans were all clean except MalwareBytes which successfully removed "PUM.Hijack.StartMenu" from the registry.   A reboot and rescan with MalwareBytes came up clean.  I shutdown and haven't used the laptop since while waiting for assistance. 
 
I also forgot to mention that I am running Windows XP Professional SP2 32-bit OS.  I forgot to mention the "Professional".

17 more replies
Relevance 47.97%

Hello,  I'm not sure what I have in my system but its been showing these signs for some time.  I am still not certain what it can be through process of elimination.  I'm an IT guy but not as much when it comes to hardware.  I've never had an issue in the past but I'm assuming something was introduced to my local network when my elderly neighbors were allowed onto my wifi and suspect they introduced something that went through all my home PCs.
 
What I'm experiencing is when CLICKING on link in browsers, occasionally it will spawn new browser windows on its own (or tabs depending on the browser settings).  Chrome and IE have seen the same issue.  Seems to have been occuring the last few weeks.  I think its something on the network since my laptop, which wasn't on the network for 6 months and had no issues, started seeing this within 3 minutes of booting up on the network just as my desktop.  Its always a scam in the newly spawned browser about downloading a new chrome update, adobe or something else from a non reputable URL link that I don't click, download or agree to.
 
I've since disconnected the neighbor from my network and will use a guest system in the future for a partitioned network as such but how do I go about cleaning out my machines?  Can it be the router thats infected?  Both machines are windows 7 (desktop and laptop). 
 
I've tried almost all details seen here:  http://www.bleepingcompute... Read more

Answer:Possible Virus or Malware (on machines in my network with same behavior)

Please run the following scans.Please run the ESET OnlineScanHold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under scan settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, click List ThreatsClick Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Click the Back button.Click the Finish button. Please download Malwarebytes Anti-Malware.  After clicking on the link the download will start automatically. 1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation. 2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like... Read more

23 more replies
Relevance 47.97%

I recently did something really stupid, and downloaded a ROM file from a shady source. I ran it in an emulator, and after I did, a browser window popped up and said the usual thing about needing to buy this special anti-spyware software, blah blah blah. I did a system restore, and that got rid of the browser hijacking.

Long story short, there are still some residual weird issues where google searches always turn up the same results as the first two results (this is apart from the usual google sponsored results). Also, while attempting to connect to a public library wifi system behind a firewall, I couldn't, and was able to see that the url for my usual google home page was apparently being spoofed from another address.

I do banking and shopping off this system on occasion, should I go through identity theft prevention steps?

I'm about to run combo fix, and I can post logs here if desired.

Answer:Weird browser behavior after malware infection

Hello don't run combo fix yet.. The only thing you've done to remove this was System Restore? What antivirus is installed? We need the malwares name to determine if it stole information.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives se... Read more

6 more replies
Relevance 47.97%

1) I couldn't view this flash object (x), but I can view another one (y) with no problems. If I disable my firewall (Comodo), I can view both few days ago. However now even if I disable it, I cannot view x, only y. However I can view it using Google Chrome, but not Firefox 3 or IE7.

2) So I posted my problem here http://forums.mozillazine.org/viewto...785d5f18e0d5fd, however I couldn't see the confirmation code below. Not tested with Google Chrome, but Firefox and IE7 didn't work, so there is no confirmation code.

3) Today when I double-clicked my SUPERAntiSpyware, it tells me that the shortcut is invalid. I couldn't find the SuperAntiSpyware folder in my E:\Software where I installed it to. However when I tried to install it it says that SUPERAntiSpyware is already installed. I don't recall uninstall/doing any chances to SUPERAntiSpyware though.

My friends can view the confirmation code (listed in the 2nd problem), only I can't for some reason.

Also for the first one, I have reinstalled Flash several times, including installing older versions of it like Flash 9, etc. And isn't it weird that one browser can view it while the other can't?

DDS.txt:

DDS (Ver_09-03-16.01) - NTFSx86
Run by fabian at 8:11:05.57 on Fri 01/05/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.65.1033.18.2046.761 [GMT 8:00]

AV: avast! antivirus 4.8.1229 [VPS 081113-1] *On-access scanning enabled* (Upd... Read more

Answer:Weird PC Behavior, Malware Infection Suspected

Sorry if it hasn't been 72 hours, I need this fix asap, bump :(

1 more replies
Relevance 47.97%

Hey Guys.
Getting really frustrated over my pc.
I earlyer this week seem to have gotton some virus/malware. i thought i got rid of it. but not so sure anymore.

When i click links on webpages, i randomly get redirected to malware sites.
And when i boot up, my Avira catches this:


Code:
Virus or unwanted program 'TR/Spy.96256.32 [trojan]'
detected in file 'C:\Windows\System32\wininit.exe.
DDS:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Bekker at 23:19:35,58 on 14-09-2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1030.18.3071.1913 [GMT 2:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common File... Read more

Answer:Malware Help (redirecting links, and suspecious behavior)

New symptom:

When i try to uninstall software from control panel, it tryes to launch "Explorer.EXE"...

4 more replies
Relevance 47.97%

This doesn't really fit in the "am I infected" because I have run all kinds of spyware apps in vain.

So I thought I'd ask here

Has anyone ever seen a spyware / malware/rootkit that says your copy of windows is not genuine? I'm pretty sure the guy that has this is on the up and up, but he keeps getting a popup that says his windows isn't genuine

I did a google search but came up with very little, so I thought I'd ask here.

Is this a piece of malware? or am I to assume his windows is genuinely not genuine?
If it is in fact possible for this to be infected - then maybe it needs to be moved to the "am I infected" forum?!?!?!?!

Thanks all

Answer:Windows is not genuine? is there a malware that exhibits this behavior?

Windows Genuine Advantage is not 100% reliable in detecting actually non-genuine versions of Windows (not by a looooooooong shot)

The notification should have info about contacting Microsoft. Contact them and explain the situation to them. If they believe you then they can help you fix it. If not... there's always Linux! :D

1 more replies
Relevance 47.56%

I am using Windows 10 and accidentally installed an executable file I downloaded that turned out to be malicious. Among the obvious symptoms that occurred (adware, browser setting changes, etc), my system became unusably slow.  I have run and cleaned with Malwarebytes Anti-Malware and Kaspersky Total Security multiple times.  Multiple maleware and trojan problems were found. Also, Windows Defender detected and removed problems on its on.  No more issues are being detected.  I have deleted the offending .exe file. The malware installed/problems I was able to see were:
 
-KNCTR
-MPC Cleaner
-Media Assistant
-Quicky Translation
-S5 Mark
-Space Sound Pro
-Note up
-"Activate Windows Now" pop up window.
-noticed "erunt.exe" running, but I did not install this program
 
(Since I thought the MalwareBytes and Kaspersky could be causing the slow system, I completely uninstalled these programs and all related files. I'm not sure any logs of the problems found still exist)
 
However, my system is still extremely slow.  Task Manager shows disk usage at near 100% most of the time, with the following processes using it the most (randomly):
-System and compressed memory
-Service Host:Local System (Network Restricted)(8)
-Runtime Broker (this has also caused out of memory messages)
 
I have performed with no problems found:
-System File Check
-DISM restore health
-CHKDSK
 
I have played with the pagefile sizes in Advanced System Settings with ... Read more

Answer:Accidentally installed malware .exe file. HD now thrashes/other odd behavior

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to a new file. 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Failed to access process -> ElanTPCfg64.exe
Failed to access process -> FBAgent.exe
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\S-1-5-21-579598394-4230413160-2855374277-1001 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=WmzxJmX8DXyhfe5IAjixX5mdzf8?q={searchTerms}
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll => No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKU\S-1-5-21-579598394-4230413160-2855374277-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
CHR Plugin: (Shockwave Flash) - C:\U... Read more

10 more replies
Relevance 47.56%

Hi i reciently notices a small window randomly pops up and dissapears on it own frequently and i know it is malware related due to past experience
Also i cant post whole log in a single post so i will cut it in half, im not so sure why it is so long tho
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-09-2016
Ran by dale (administrator) on DALE-ASUS (21-09-2016 21:21:11)
Running from C:\Users\dale\Downloads
Loaded Profiles: dale & DefaultAppPool &  (Available Profiles: dale & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
() C:\Windows\Sy... Read more

Answer:Malware/virus infection behavior recently noticed

Chrome: 
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default [2016-09-21]
CHR Extension: (Google Docs) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-06]
CHR Extension: (Google Drive) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Skype) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-08-30]
CHR Extension: (Gmail) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-06]
CHR Extension: (Chrome Media Router) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-21]
CHR Extension: (RoboForm Password Manager) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2016-08-... Read more

1 more replies
Relevance 47.56%

Hi i recently noticed a  random window(small) keeps popping up briefly and going away on its own and i had similar issues in the past and it was an infection so im sure it is the same thing but nothing to serious as long as i get it removed right away.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-09-2016
Ran by dale (administrator) on DALE-ASUS (21-09-2016 21:21:11)
Running from C:\Users\dale\Downloads
Loaded Profiles: dale & DefaultAppPool &  (Available Profiles: dale & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
() C:\Window... Read more

More replies
Relevance 47.56%

Recently I've been having trouble closing Internet Explorer successfully. Oftentimes I'll get a very suspicious error window that says "closing this window may cause serious problems." Generally when that happens I'll end the process via Task Manager rather than clicking on anything on the error window. I'm a bit paranoid that I may be infected with a key-logger of some type and I'd very much like to keep my online accounts secured. Once I've gotten the all clear from you guys I plan on creating new strong passwords for all my accounts. It seems like I haven't seen the problem since installing the latest Windows Updates recently (including the latest malware removal tool) but I thought I'd ask the pros just to be safe rather than sorry. Thanks for any assistance you can provide. Here are the logs I've created so far per your instructions:
DDS (Ver_09-07-30.01) - NTFSx86
Run by Shane at 10:13:48.70 on Tue 09/01/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1410 [GMT -7:00]
============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsof... Read more

Answer:Malware causing strange Internet Explorer behavior

Hello and welcome to Bleeping Computer.My name is km2357 and I will be helping you to remove any infection(s) that you may have.I will be giving you a series of instructions that need to be followed in the order in which I give them to you.If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.Please do not start another thread or topic, I will assist you at this thread until we solve your problems.Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh DDS Log

3 more replies
Relevance 47.56%

Greetings and thanks in advance for any help you can provide -

I am running Windows XP Service Pack 2.

Computer was running fine, with minimal software load (have only had the computer for 6 months) when I noticed a common problem reported here: when typing in searches in any browser (Firefox, IE, for example) I am often redirected to other sites and noticing a lot of "google-analytics" in the bottom left corner of the browser. Certainly appears that I somehow got some malware that has embedded a piece of malware that is redirecting my clicks after I hit on a search result. It does it mainly with malware or software-related searches, but has hit other links as well.

The computer is not functioning slowly at all, it is just getting redirected most of the time.

I have run AVG, Kaspersky (from a bootable CD drive), Spybot S&D, PCTools, and Avast. All have declared the computer clean. However, I did notice the last time I ran Spybot S&D, it gave me only one minor virus hit, but about 200 lines that said it had an error reading certain hex addresses. It was as if SPYbot found an anomoly, but the malware prevented it from identifying it as a malware and it read out as a read error instead.

I have n doubt that this is a common problem you have seen. This malware is really annoying, but has never ocked up or shut down my computer, and I believe this is the result of a single, limited piece of malware as opposed to a systemic and multiple amount of malware on my... Read more

Answer:Malware resistant to purging - search redirect behavior

Hi, start off by doing a scan with Malwarebytes AntimalwareSome types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it.Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first

Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys. ~ Courtesy of boopmePlease download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will aut... Read more

1 more replies
Relevance 47.56%

I borrowed the following from another thread:
 
...Emsisoft products were originally designed to complement antivirus and firewall software. Today this is no longer the case, with Emsisoft now providing a full replacement for any antivirus and/or firewall software. As such, some of Emsisoft's protection modules are not compatible with other antivirus software. Emsisoft Anti-Malware is a complete anti-malware and anti-virus solution and offers solid protection...
 
Back then, there was a menu, I think within Protection/Behavior Blocker, of numerous behavior clicks.
Is that menu gone?  I can't seem to find it anymore.  I can reach Behavior Blocker, but there are no more numerous clicks - unless it got moved?

Answer:Emsisoft Anti-Malware; Behavior Blocker clicks

What do you mean with "behavior clicks"?

1 more replies
Relevance 47.15%

Avast keeps on telling me that it has blocked a file which has malware on it. How do I remove it because I have tried the following:Avast.Malwarebytes.Super Antispyware.Spybot Search and Destroy.Windows Defender.And nothing has shown up.

Answer:How do I get rid of the DLL malware file that Avast is saying that is malware?

That's because it has been blocked. Have you installed and new programs prior to this happening?

13 more replies
Relevance 47.15%

Avast keeps on telling me that it has blocked a file which has malware on it. How do I remove it because I have tried the following:Avast.Malwarebytes.Super Antispyware.Spybot Search and Destroy.Windows Defender.And nothing has shown up.

Answer:How do I get rid of the DLL malware file that Avast is saying that is malware?

That's because it has been blocked. Have you installed and new programs prior to this happening?

13 more replies
Relevance 47.15%

I was attacked by a TDSS rootkit which disabled Avast including its self-defense mode. Malware scanners were put out of action and Google was redirected. Have done some cleaning, but Windows Defender reports suspicious drivers and some hardware is not responding in an expected manner. TDSSKILLER has removed a forged file. Ran several diagnostic applications referenced in your malware semoval section but am unable to determine what needs to be fixed. Gmer reports missing filesRecent Windows Defender events: driver Normandy, kftdrprog, fsbl-standalone avastTestService, service: klmd25, driver:klmd25, system32 drivers etc hosts, system33 E6BDA\0B.exe, Rootkit Unhooker reports possible rootkit activity detected. aswSP.SYS hooked Ran: MalwareBytes ? no problem Avast boot scan ? no problem Spyware Terminator ? no problem iOBit360 ? no problem SuperAntiSpyware ? no problem Spybot SD ? no problem TrendMicro Housecall ? no problem F-Secure online scanner ? no problem HitmanPro found and removed some trojans.DVD-Rom will not load DVD, but will do so upon startup. (Sometimes)USB DVD player/recorder works fine.It appears these demons are hiding themselves well.Please advise what scans are needed in order to assess and alleviate this problem.Windows XP Home Sp 3Thanks in advanceHere are my logs:UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_10-12-12.02)Microsoft... Read more

Answer:Serious malware / rootkit infection. Erratic software/hardware behavior.

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that... Read more

8 more replies
Relevance 47.15%

Hey.

I made the mistake on clicking on "Accept" on an application in which I thought was clean (it was one of those apps where it's bundled with a legitimate application), which unleashed a pretty bad piece of malware.

Well, I was able to use Malwarebytes to clean up most of it, but now, Firefox continues to freeze/not respond/flash, which seems like it's trying to load the malware/fake web sites. Furthermore, other applications (even Task Manager) also start the exhibit the same issue. This makes me think that there's still specs of the malware still infecting this computer.

Any help would be wonderful.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 10 Pro, 64 bit
Processor: Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz, Intel64 Family 6 Model 94 Stepping 3
Processor Count: 4
RAM: 16333 Mb
Graphics Card: AMD Radeon R9 200 Series, -1024 Mb
Hard Drives: C: Total - 237972 MB, Free - 128868 MB; E: Total - 2861458 MB, Free - 2312122 MB; F: Total - 1907725 MB, Free - 776327 MB; G: Total - 1907057 MB, Free - 1498821 MB; H: Total - 1907527 MB, Free - 205693 MB; I: Total - 1430796 MB, Free - 608609 MB; J: Total - 1907695 MB, Free - 652878 MB;
Motherboard: Gigabyte Technology Co., Ltd., Z170-HD3P-CF
Antivirus: Windows Defender, Disabled
 

Answer:Firefox/apps freezes/wonky behavior after Malware cleanup

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:29:23 PM, on 11/12/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10240.16412)

FIREFOX: 42.0 (x86 en-US)
Boot mode: Normal

Running processes:
c:\program files (x86)\teamviewer\TeamViewer.exe
C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\GraphicsCardEngine.exe
C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
C:\Program Files (x86)\GIGABYTE\SIV\thermald.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Microsoft Office\Office16\OUTLOOK.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Dakota Green\Downloads\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g... Read more

1 more replies
Relevance 47.15%

Followed steps stated in "Please, Read This Before Posting A Hijackthis Log":

Observations:

Ad-aware: Failed to finish deep scan of C until IE cache was manually deleted. Found numerious items after that. Upon reboot, still finding items in safe mode

Spybot S&D: found many malware items including smitfraud and alexa. Keeps on finding new items in safe mode upon multiple reboots.

CWShredder: found nothing

Installed Avast, updated to latest defs, ran a number of pre-boot scans, found many items, and will post the log in a sepearate post to this thread since it took up to man lines.

Ran Trendmicro Housecall, found a number of adware/malware items, some items unable to clean becuase the "pattern" wasn't able to.

STRANGE OBSERVANCE:

When trying to run panda software scan, Avast on access scanner found a trojan trying to be loaded from the HTTP path of the panda scan. Not sure of what to make of this. I clicked on "abort" within the avast pop-up, and it ended the Panda scan.

Manually Uninstalled the Viewpoints media player and toolbar.

Unable to delete "Temporary Internet files" from Tools>Internet Options> Delete files. I manually deleted the folders after booting into the DOS command prompt.

Other Details:

It looks like there was a failed uninstallation of Norton AV 2004, becuase Avast still detects is when trying to run some "on access" features. Not looking forward to manuall... Read more

Answer:unable to thouroughly clean LT; tons of malware, strange behavior

Avast Log:

07/02/2006 21:15
Scan of all local drives
File C:\Documents and Settings\Owner\Application Data\m\data.oct is infected by Win32:Beagle-LD [Wrm], Deleted
File C:\Documents and Settings\Owner\Application Data\m\mue.exe is infected by Win32:Trojan-gen. {Other}, Deleted
File C:\Documents and Settings\Owner\Application Data\m\muk.exe is infected by Win32:Beagle-LS [Wrm], Deleted
File C:\Documents and Settings\Owner\Application Data\m\mzuek.exe is infected by Win32:Beagle-KR [Wrm], Deleted
File C:\Documents and Settings\Owner\Local Settings\Application Data\8af7697e.exe is infected by Win32:Small-ADK [Trj], Deleted
File C:\Documents and Settings\Owner\Local Settings\Temp\6.dlb is infected by Win32:Small-AJB [Trj], Deleted
File C:\Documents and Settings\Owner\Local Settings\Temp\7.dlb is infected by Win32:Small-AJC [Trj], Deleted
File C:\Documents and Settings\Owner\Local Settings\Temp\901S5176A36\4348.tmp is infected by Win32:Trojan-gen. {Other}, Deleted
File C:\Documents and Settings\Owner\Local Settings\Temp\901S5176A36\980.tmp is infected by Win32:Tiny-O [Trj], Deleted
File C:\Documents and Settings\Owner\Local Settings\Temp\clumpmfl.dll is infected by Win32:Trojano-1165 [Trj], Deleted
File C:\Documents and Settings\Owner\Local Settings\Temp\h91746.exe is infected by Win32:Small-ADK [Trj], Deleted
File C:\Documents and Settings\Owner\Local Settings\Temp\ICD1.tmp\UWAS6_0001_N69M0903NetInstaller.exe is infected by Win32:FakeAlert [Trj], Deleted
File C:\... Read more

13 more replies
Relevance 46.74%

Can someone explain for me the difference between Behavior Blocker (awesome feature in Emsisoft Anti-Malware) and HIPS ? Which is stronger and better?
 

Answer:Can someone explain for me the difference between Behavior Blocker (Emsisoft Anti-Malware) & HIPS ?

behavior blocker completely blocks the application to be executed & harm the machine (if not false positive & obviously it detects negative aspects of application by it's behavior on your machine) while hips blocks any particular action of the application & asks you to either allow or disallow, like you can execute program but hips can block its access to internet & asks you if you want to allow that application to communicate with the network.
 

10 more replies
Relevance 46.74%

Hi there!
 
I wish I had more info to offer, but I don't have many specifics to go on myself, or else I would put more research into them before posting here. However, I'm stumped and not sure where to look for help.
 
My Acer Aspire laptop (5742-6798 - Intel Core i5-430M, 15.6 HD LED, 4 GB DDR3) with Windows 7 Home Premium is suffering some very erratic behavior.
 
First I was experiencing random shutdowns, usually when using music software like Winamp or MixMeister Fusion. I thought perhaps overheating was the problem. I've since blown out the vents and the computer doesn't seem overly dusty.
 
Lately VLC Player is running in a very glitchy way - 10 s-1 min of video and then freezing, then starting, stopping, etc.
 
Sometimes other software is quite slow when it wasn't before. I'm decent at basic computer maintenance like defragging so I don't imagine this is the problem.
 
I see that MsMpEng.exe is often using a lot of resources, but when I look up info about turning it off, I get a message saying I've already disabled Defender. I can't end the process through task manager.
 
And now sometimes during a reboot, my computer goes into a Startup Repair loop and just sits there doing nothing.
 
I tried running TDDSKiller and it seemed to find at least one issue, but then I ran into the reboot problem.
 
Anyway, here is DDS.txt below and attach.txt is attached.
 
Thanks!
David
 
______________________________________________... Read more

Answer:Erratic Malware-like behavior: StartUp Repair, glitchy VLC player, shutdowns

Hi there,my name is Marius and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.   Download GMER Rootkit Scanner from here or here. Unzip it to your Desktop.Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer fo... Read more

57 more replies
Relevance 45.92%
Question: Avast malware

MY BUDDY HAS A SONY LAPTOP THAT HAD AVAST SECURITY AND MALWARE ON IT, BUT HE UNINSTALLED IT AND THEN WHEN HE TRIED TO GO ON THE INTERNET, THE WIRELESS CONNECTION HE USE TO HAVE WAS NO LONGER THERE. NOW HE CAN'T EVEN GO ONLINE TO TRY AND FIX THIS PROBLEM. HOW CAN I HELP HIM.
 

Answer:Avast malware

10 more replies
Relevance 45.51%

I also had my avast pop up with a warning about the trojan horse : VBS Obfuscated-gen. Does anyone know how to get rid of it ? I hit abort connection, but I know it's probably still hinding somewhere on my system. if it's in temp internet files, how do I find it to purge it ?
 

More replies
Relevance 45.51%

my computer performance seems slower and there are pop ups sometimes - occasionally when my browser is off. what do i do? thanks.
 

Answer:Avast says it deleted a malware but..

7 more replies
Relevance 45.51%

Hi,

1) Recently, Avast blocked an access to a malicious site while the system was idle & no web browser was active. Screenshot of the threat attached as first thumbnail.

2) Also, the USB drives being used with this system are getting infected.

3) Getting an error message 'ubd.exe - Entry Point Not Found' every time on startup. Screenshot of the same attached as second thumbnail.

4) Also, the system is running slow. Nothing else in particular observed.

Hence, I hereby post the DDS logs for review. Kindly assist;

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.18098 BrowserJavaVersion: 11.66.2
Run by USER at 17:18:21 on 2015-12-09
Microsoft Windows 7 Professional 6.1.7601.1.1252.91.1033.18.3069.1463 [GMT 5.5:30]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Outdated* {D68DUSER3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIUSEROMM\Bluetooth Software\btwdins.e... Read more

More replies
Relevance 45.51%

After finding malware Avast removed it but not sure if its all gone. I did the READ & RUN ME FIRST steps and will attach files I hope I am doing this right thanks for any help giving me.
 

Answer:malware was found by avast

I want you to run TDSSKiller so refer to the below for how to do so.

TDSSkiller - How to run


Please also download MBRCheck to your desktop

Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
It will show a Black screen with some information that will contain either the below line if no problem is found:
Done! Press ENTER to exit...

Or you will see more information like below if a problem is found:
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.

 

5 more replies
Relevance 45.51%

Hi all,

Avast! has detected the Malware-gen virus on my brand new machine. I immediately put the file(s) into the chest and ran a boot scan. The boot scan didn't detect any infected files, so I ran a full system scan, which also didn't detect any infection. I am fairly certain that I am still infected, however, because my desktop background suddenly changed when I was running a scan.

I did a bunch of research on the web and kept seeing people posting about Combofix, so I downloaded it and ran it. Unfortunately, I had not yet read the warnings on this site about not running it until you are instructed to do so--oops! I hope I haven't done any damage to my system.

Nevertheless, after reviewing the instructions on these forums for preparing to submit a request for help, I think I am on the right track. Thanks in advance to anyone who is willing to help.

KT

DDS log:

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by KT at 17:41:49.03 on Wed 01/26/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2806.1643 [GMT -5:00]

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Wi... Read more

Answer:avast! detects Malware-gen

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

12 more replies
Relevance 45.51%

Hello all.

I am here because I'm certain that my brand new machine is infected. Avast! detected Malware-gen, so I placed the file(s) in the chest. I immediately ran a boot scan, which didn't find any infected files. I then ran another full system scan, which also came up clean.

I'm pretty certain that I still have the virus, however, because my desktop background was changed to a random picture stored in my documents. I read a bunch of blogs, forums, etc. and found that Combofix was the recommended by nearly all of them, so I found this site, downloaded, and ran Combofix. During my scan, however, I found a warning on one of the welcome pages, explaining not to run Combofix unless asked to do so. Oops!

I hope I haven't done some sort of damage by running the software. In any case, however, I will be posting the log in a subsequent post. Thanks in advance to anyone who is willing to help!

KT

Answer:avast! warns of Malware-gen

If you are dealing with a malware infection, please be aware that using ComboFix is only one part of the disinfection process. Preliminary scans from other tools like DDS, RSIT and GMER should be used first because they provide comprehensive logs with specific details about files, folders and registry keys which may have been modified by malware infection. Analysis of those logs allows planning an strategy for effective disinfection and a determination if using ComboFix is necessary. ComboFix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware which scan individual drives or different folders on a computer for viruses. With that said, please read the pinned topic ComboFix usage, Questions, Help? - Look here. ComboFix logs, where should I post them?ComboFix logs are not permitted outside the Virus, Trojan, Spyware, and Malware Removal Logsl forum and then only when requested by a Malware Response Team member. However, If you ran or want to run ComboFix on your own due to malware infection, please be aware that a ComboFix log is only one part of the disinfection process. Therefore we ask that you please read the pinned topic titled "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help". When you have done that, post the required logs to include your ComboFix log in that forum, NOT here, for assistance by the Malware Response Team Experts.

2 more replies
Relevance 45.51%

So Avast! keeps telling me that it blocks a threat in windows/system32/svchost.exe

this happens every time I go online, open up a new browser, and seems to randomly pop up while I am browsing.

I have ran avast! many times and it seems to find nothing. However I ran malwarebytes last night and it found some, I ended up checking them all off and clicking removed.

I thought that might of fixed the problem but this morning it is this there.

here is the log

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7462

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

8/14/2011 4:31:59 AM
mbam-log-2011-08-14 (04-31-59).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 393250
Time elapsed: 1 hour(s), 41 minute(s), 9 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 14
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 9

Memory Processes Infected:
c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> 3352 -> Unloaded process successfully.

Memory Modules Infected:
c:\program files\youtube downloader toolbar\IE\4.5\youtubedownloadertoolbarie.dll (PUP.Dealio.TB) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Micr... Read more

Answer:svchost.exe malware avast!

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

3 more replies
Relevance 45.51%

Hi,
Avast boot scan detected a Malware-Gen Trj
On C:\Users\Inuka\Appdata\Local\Microsoft\Windows\Burn\Burn\desktop.ini

Is this a false positive?
I just switched from Avila to Avast and ran a scan and this popped up.

Thanks
 

More replies
Relevance 45.51%

Hello all,
 
I'll keep this short!
 
Avast is throwing the me the following message upon start up of Firefox.
 
I've scanned and cleaned with both Avast and Malwarebytes but I'm still getting the same message.
 

 
Thanks heaps,
 
 

Answer:Firefox/Avast Malware Help

Hello Dell95 and welcome to Bleeping Computer.
My name is Satchfan and I would be glad to help you with your computer problem.Please read the following guidelines which will help to make cleaning your machine easier:
please follow all instructions in the order posted
please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
if you don't understand something, please don't hesitate to ask for clarification before proceeding
the fixes are specific to your problem and should only be used for this issue on this machine.
please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
IMPORTANT:
Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested
===================================================Note: Please follow these instructions in the order given.
 
===================================================Download and run AdwCleaner
Download AdwCleaner from here and save it to your desktop.
run AdwCleaner by clicking on Scan
when it has finished, leave everything that was found checked, (ticked), then click on Clean
if it asks to reboot, allow the reboot
on reboot a log will be produced; please atta... Read more

0 more replies
Relevance 45.51%

Our Avast Threat Lab is Grand Central Station to malware. Somewhere between 600,000 and 1 million files come through the detection system every day. Nearly half of those are unknown files. That means that somewhere in the world, someone is targeted by cybercriminals. Avast Threat Lab analysts like Michal Salat, in the above picture, works to stop those attacks.

CyberCapture?s automated systems do most of the heavy lifting, but when needed, Avast analysts, like Michal, will examine an unknown file and make the final decision.

How does Avast detect malicious files?
Cybercrooks are software developers who create programs meant to steal your information, hold your data for ransom, or crash your machine. They are constantly modifying malicious code to make variants that travel from computer to computer. Avast has a massive database called FileRepthat contains more than 5 BILLION of these kinds of files.

Every day, 250,000 Windows executable binary files flow through FileRep and go through a 100-point checklist to determine if the files are safe or not. And every day, about 40,000 files are classified as malicious and are locked in quarantine so they won?t hurt you.

What happens when Avast discovers brand new malware?
Malware authors try every trick in the book to evade detection by antivirus software like Avast. One of those tricks is a shape-shifting technique called server polymorphism. This means that the malware code morphs or changes into something unrecognizable from... Read more

More replies
Relevance 45.51%

Hello,This is my first posting to this site. My problem is my pc is starting to run very slow. I did virus scan-AvastSpyware scan-Super Anti-SpywareMal-ware scan-MalwarebytesNothing works, I keep getting this pop up. This is what I've been getting:Avast Maiware BlockedWebShield has blocked a harmful web page.This pops up about every 10-15 minutes or soand when it pops up it keeps saying malware blocked 10-11 times. I'm running windows xp pro.Service pack 3 I believe. Any help here please, Thank-You,JohnEdit: Moved topic from Windows XP to the more appropriate forum. ~ Animal

Answer:Avast Malware Blocked

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Up... Read more

31 more replies
Relevance 45.51%

I'm trying to decide on a better anti virus. I currently have avast installed and running. However, today from different sources I've been told that malware bytes does the job the best. Is malware bytes better...or something I should use ontop of avast. Both are the free versions
 

Answer:Avast vs malware bytes?

11 more replies
Relevance 45.51%

How can I get rid of the malware Avast is supposedly blocking?And i did not the checkup.txt here it is... Results of screen317's Security Check version 0.99.42 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Trend Micro Titanium Antivirus out of date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Java™ 6 Update 31 Java version out of Date! Mozilla Firefox (13.0.1) Google Chrome 20.0.1132.47 Google Chrome 20.0.1132.57 ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 12% Defragment your hard drive soon!````````````````````End of Log``````````````````````

Answer:Avast Malware URL blocked

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/460990 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 44.69%

Hi Experts,

Having a weird issues with my PC all of a sudden but my avast anti-virus keeps popping msg saying web shield has blocked a harmful page, URL:Mal, Process : D:\Windows\syswow64\dllhost.exe

After running a full scan through anti-vrus no issues were found but still the message keeps coming as soon as I start the machine. Even if i turn-off avast temporarily, sometimes my OS crashes

I have downloaded Malware bytes and did a scan twice which removed some of the infected files. I did a third scan to make sure everything is ok but the result returned "Forged Physical Sectors". All this while my PC crashes and avast message keeps killing me.

I have attached two log files from previous two scans, not posting the third one as it showing only forged physical sectors and no other infections. Kindly help
 

Answer:Multiple avast alert malware

sorry avoid typos, was in a bit of hurry thinking OS might crash anytime
 

3 more replies
Relevance 44.69%

Windows XP SP3
Pentium Dual-Core CPU E5200 @ 2.50GHz
2 GB ram
Realtek RTL8139/810x Ehternet NIC
Avast
D-link wired router
DSL connection
I think I have something that's messing with my net connection and/or Avast. A few things happened around the time I started having problems.

I got an update for Adobe Flash, and right away video and web sites started going slower until I had no net connection. Tried this thing where you use about:config to disable the 'plugin-container.exe' , nothing changed. Cycling my modem would give access for a few pages before it stopped. I was advised on another thread to do fresh installs of Adobe, Java , Shockwave. ​

Avast was also acting wierd, it would say it was not protecting upon start up then sort of turn itself on..going from unprotected to protected....if I remember right it would always be protecting and not have a vulnerable moment on start up before. Trying to disable Avast in the task menu it would say that access to Avast was denied (weird?). So I just uninstalled Avast through the control panel.
After I uninstalled Avast and did the fresh installs noted above I rebooted and had access for a few minutes before it came to a halt again. Because I got rid of Avast and the fresh installs at the same time I don't know which was effective or not but either way it only got my performance back for a few minutes. Other wise system performance has been fine.
What I've done, none of whi... Read more

Answer:Malware messing with Avast net connection

Welcome to Major Geeks!





robert707 said:





ComboFix: This scan did not work, clicking Combo fix icon on desktop: first got an agreement of terms box, then a C;/ window opens up and I get this message:

"Date error
2010-08-18
check your settings
OK." Click to expand...

This is pointing out part of your problems. The current date is not August 18, 2010. It is now September 20, 2010 ( 2010-09-20 ). You need to fix the date and time on your PC so that ComboFix can run. The logs from MGtools also show you have the wrong date, so a new log from MGtools should be obtained too.





robert707 said:





ROOT PEAL: found one file, 'hiberfil.sys' ----> 'locked to the winows API!'Click to expand...

Normal.




robert707 said:





MGTOOLS: got this message over and over during scans, kept pressing cancel but it kept scanning through out anyway...Click to expand...

Not normal and not sure why this is happening yet.
 

9 more replies
Relevance 44.69%

What does this mean?
 
avast! saved your computer from crashing You just dodged a bullet
Good thing avast! had your back.
 
and the red pop-up for avast! - does this mean I got saved? Is it good thing if this happens?
 
 
 
EDIT: Moved To Antivirus ~~ boopme

Answer:Question about avast! malware alert.

Hi -
It sounds like one of the avast! Shields have stopped some item prior to it entering your system
Were you browsing (on-line) at the time on a site that may have been suspect ??
 
As a non avast! user, I can only guess it is their normal reaction to a minor infection that was caught or prevented -
 
You could ask this at the avast! forum for a better idea of the message, or there may be some avast! users here that have seen this.
 
Thank You -

3 more replies
Relevance 44.69%

I extremely often get a avast message saying malicious site blocked even when I didnt go to it.
It says the object came from 199.80.55.19/go.php?uid=47196&suid=179829&data=xgxft2HDjxUP
Infection: URL:Mal
Action: Blocked
Process: c:\windows\system32\svchost.exe
nothing bad has happened except its really annoying. I dont know if someone is trying to communicate with my computer with bad intentions, or its a random act of bad intentions.
My hijackthis log said this: (I didnt stop any programs and I didnt stop avast because its the only thing stopping me from the malware to activate, so if i was supposed to stop any programs, i didnt)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:41:37 PM, on 4/10/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows&... Read more

Answer:Avast keeps blocking Malware Site

Nevermind I removed it by first downloading the new service pack for vista, using ATF cleaner, then using a program i found on here called aswMBR and it scanned for the virus, removed it, then when I rebooted using malwarebytes, (a malware scanning removing tool) and removed a file in my application data folder.
Now im clean.
Supposably I had some sort of fake alert virus, and a rootkit malware/trojan i forgot what it was.

2 more replies
Relevance 44.69%

I think I had this question in the wrong area so here goes:
i recently was having problems with every part of my laptop it seems and my AVG said all was good but a friend suggested Avast and he was a professor for ITT. I loaded that and Malware Bytes then upgraded to the pay version of both and ran the scans which Malware found several trojans ect. Since then neither has not a one virus or anything in the quarantine areas but constantly I do see a window at the bottom right saying Malware has successfully blocked a incoming threat. when I check the logs here is what I get and it is blocking a outgoing port IP but at the end says Avast.exe are they conflicting with each other?? Please help me determine what's wrong. Here is what is printed 50 plus times on each log and they are rapid fire!
17:31:20 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50785, Process: avastsvc.exe)
17:31:21 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50788, Process: avastsvc.exe)
17:31:21 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50790, Process: avastsvc.exe)
17:31:21 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50791, Process: avastsvc.exe)
17:31:21 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50792, Process: avastsvc.exe)
17:31:21 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50793, Process: avastsvc.exe)
17:31:21 nardcore714 IP-BLOCK 178.218.210.194 (Type: outgoing, Port: 50794, Process: avastsvc.exe)... Read more

Answer:Is my Malware blocking my Avast security?

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C... Read more

8 more replies
Relevance 44.69%

Hi!
I currently run Avast and Malware-bytes together, just from briefly researching that it's the best thing to do...being secure online, etc.

I'm wondering though if I should pay / upgrade for one, or the other...or are they both worth upgrading?!

Need some advice.

Thanks
 

More replies
Relevance 44.69%

for the past few days I've been getting this message from Avast stating that it has detected a threat. I am not sure how to get rid of it. I scanned Avast and nothing comes up. I am working on a Windows 10 Toshiba Satellite A665-S5170
 

Answer:Avast detecting Malware-help on getting rid of it-Windows 10

hzmksreiuojy.in/ldr.php....doing a search for that produces this at Scan report for http://hzmksreiuojy.in/ldr.php at 2015-10-02 08:40:56 UTC - VirusTotal
 
AutoShun Malicious site
Sophos Malicious site
Websense ThreatSeeker Malicious site
ESET Malware site
Fortinet Malware site
Kaspersky Malware site
 
See what these scans report...allow them to remove whatever they find.
 
Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
Click the Remove Selected button.
MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays... Read more

10 more replies
Relevance 44.69%

First of all my OS is Windows 8.1, my pc is extremely slow, and Avast keeps saying I have malware. I have scanned with Malwarebytes and Avast and they have not found anything.

Answer:Avast blocking everything, and I have a feeling I have malware

First of all my OS is Windows 8.1, my pc is extremely slow, and Avast keeps saying I have malware. I have scanned with Malwarebytes and Avast and they have not found anything.
Switch the machine to Windows Defender, give it a good & proper cleaning* then, scan (Full) w/ WD.  Remove any unwanted or unneeded programs, as well; including any 'computer tuner-uppers'
* CCleaner, Internet Options & Sage
 
Cheers,Drew
 

 

4 more replies
Relevance 44.69%

I downloaded the free antivireus program from avast. i have purchased a Malware programfor protection on my old computer before I transfer it to this computer I want to mae sure it wont compete.please advicethank you for your help

More replies
Relevance 44.69%

Hi All

The problem is with my daughters computer. She said it is running slow and takes forever to load web pages. I tried to run her anti virus and anti spyware programs to see if that would help.

First I ran SuperAntiSpyware. I updated the definitions and ran a quick scan. It found and removed 555 issues. The log consists of 42 registry threats and 513 file threats detected. The main items are PUP.StartNow Tool Bar (69 items); PUP.FunmoodsToolbar (23 items) and the rest were adware tracking cookies. I can post the log if you want but it is quite long.

Next I tried to run Avast. It wouldn't load or start or whatever you call it. Then I tried Malwarebytes Anti-Malware. I was able to update and start a quick scan. It would run for about a minute. It found 2 items. Then the computer would freeze up. I wasn't able to view what it found. I had to kill the power and restart the computer.

I restarted in Safe Mode and tried Malwarebytes again. It would run for a minute or two. Find two items and them freeze up. Power off and restart in Safe Mode. I tried running Avast it completed 76% of the quick scam. Found one item and then the computer froze up again.

I was unable to download CCleaner. There are no system restore points set on the computer.

Where do I go from here? The computer is a Dell Inspiron laptop running Windows 7

Answer:Can't run Avast or Malwarebytes Anti-Malware

Hello, Note: those infections are from downloading applications and not unchecking the bundled software.For example[/b] when installing updates you may want to UN check the box that installs a free tool bar.Free! Google Toolbar search Google from any web page, block pop-upsYes, install Google Toolbar - optional>>>>Try to reboot into safe mode with networking. Now see if you can run RKill and TDSS.If you cannot stay connected you will need to copy these to a Flash Drive or a CD and run from there.Run RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.If you continue having problems running rkill.com, you can download iExplore.e... Read more

7 more replies
Relevance 44.69%

Hello,
 
For each new page requestd by the browser, Avast detects a malware URL.
 
Can you help me solving this ?
 
Thanks in advance.
 
Pascal

Answer:Malware detected by Avast - PC very slow

See what the below programs can find and remove.
 
Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
The scan may take some time to finish,so please be patient.
If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
 
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risk... Read more

13 more replies
Relevance 44.69%

I know this is what Emsisoft say:
"It?s a popular myth that you shouldn?t run two antivirus programs at the same time. We have spent considerable time building Emsisoft Anti-Malware in a way that makes it compatible with almost all other antivirus programs!"
But should I run Emsisoft and Avast Free at the same time? Should I throw out Avast Free? Or should I throw out Emsisoft? I am using 30 day free trial, so testing Emsisoft right now.
 

Answer:Avast and Emsisoft Anti-Malware?

Why complicate things.
Emsisoft is strong and solid enough on it's own IMHO.
 

4 more replies
Relevance 44.69%

Recently I uninstalled Avira and started to use Avast because Avira became worthless to me. Right after I had switched, Avast had been constantly blocking malware URLs and are usually the same name over and over again. From what I can remember sites called supergroupon, findyourex, webest and such keep recurring after every start up. I'm beginning to get annoyed because I've done scans with Malwarebytes and Avast that would not completely fix my problem. Also Avast says that the malware urls are coming from a folder with chrome.exe in it. I'm not computer literate so please someone help me fix this problem.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015
Ran by RedxWing14 (administrator) on REDXWING14-PC on 03-03-2015 00:00:47
Running from C:\Users\RedxWing14\Desktop
Loaded Profiles: RedxWing14 (Available profiles: RedxWing14 & Account)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(... Read more

Answer:Keep seeing malware sites blocked by Avast

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.start

CloseProcesses:

HKLM\...\Run: [] => [X]
HKLM\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe
HKU\S-1-5-21-1538061077-1757749813-1683611041-1001\...\Run: [Ichuhc] => C:\Users\RedxWing14\AppData\Roaming\Ichuhc.exe
HKU\S-1-5-21-1538061077-1757749813-1683611041-1001\...\Run: [AdobeBridge] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1538061077-1757749813-1683611041-1002\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> ... Read more

6 more replies
Relevance 44.69%

Hey there,
 
I've recently been having issues with Avast constantly detecting svchost.exe as URL:MAL, some places I've checked said this is a false positive, but I just want to be sure, so I came here.
 
I've already used Avast scan itself and Malwarebytes Anti-Malware Premium to try fix this issue, but the message still seems to be coming up every now and then consistently. I had a few infections quarantined by MBAM, here's the log, however do note Avast still seems to be detecting the svchost.exe as malware:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 17/07/2014
Scan Time: 05:31:39
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.17.03
Rootkit Database: v2014.07.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Zahbia

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 305987
Time Elapsed: 7 min, 34 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.WebPlayer.A, C:\Users\Zahbia\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe, 2984, Delete-on-Reboot, [4b4c7f21651671c549d6259a36cc7789]
PUP.Optional.FilesFrog.A, C:\Users\Zahbia\AppData\Local\FilesFrog Update Checker\update_checker.exe, 5096, Delete-on-Reboot, [05928f1159221c1af44a2879fa08fa06]

Modules: 0
(No malicious... Read more

Answer:Avast detecting svchost.exe as malware.

Hi there,please do the following:Step 1Please download Farbar Recovery Scan Tool and save it to your Desktop.Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply.Step 2Please download this attached
 fixlist.txt   116bytes
  9 downloads and save it in the same directory as FRST.Start FRST with Administrator privileges.Press the Fix button.When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.Please copy and paste its contents in your next reply.

6 more replies
Relevance 44.69%

i recently was having problems with every part of my laptop it seems and my AVG said all was good but a friend suggested Avast and he was a professor for ITT. I loaded that and Malware Bytes then upgraded to the pay version of both and ran the scans which Malware found several trojans ect. Since then neither has not a one virus or anything in the quarantine areas but constantly I do see a window at the bottom right saying Malware has successfully blocked a incoming threat. when I check the logs here is what I get and it is blocking a outgoing port IP but at the end says Avast.exe are they conflicting with each other?? Please help me determine what's wrong.
Thank you

Answer:Is my Malware blocking my Avast security?

Simple answer to your question.. yes they are conflicting with eachother. It is only recommend to have ONE live scanner on your computer. I would suggest removing AVG, Avast and keeping the paid version of MBam as your antivirus since it provides active security.

4 more replies
Relevance 44.69%

Avast detected Win32:Malware-gen in the following places:

5/31/2010 5:59:51 PM C:\WINDOWS\SYSTEM32\CSELECT.EXE [L] Win32:Malware-gen (0)
File was successfully moved to chest...
5/31/2010 7:39:04 PM C:\Program Files\TOSHIBA\TOSAPINS\COMPS1\Toshiba Software Modem0\MANUAL\B26470A.EXE|>CSELECT.EXE [L] Win32:Malware-gen (0)
File was successfully moved to chest...
5/31/2010 7:49:31 PM C:\System Volume Information\_restore{E6281E8D-5BCF-412A-8532-C7FE9ECF653A}\RP30\A0016753.exe [L] Win32:Malware-gen (0)
File was successfully moved to chest...
5/31/2010 7:49:36 PM C:\System Volume Information\_restore{E6281E8D-5BCF-412A-8532-C7FE9ECF653A}\RP30\A0016755.EXE|>CSELECT.EXE [L] Win32:Malware-gen (0)
File was successfully moved to chest...
*

I cleaned with CCleaner, TFC, turned off system restore. Also scanned with SpySweeper, Comodo Firewall, aSquared, along with SAS and MBAM. No detection with any of those. Full scans with Avast have found no further detection.


Followed "READ & RUN ME FIRST".
Unable to get ComboFix to run on desktop, even after disabling all anti-spyware, malware, and avast.

Attached the four logs I could obtain.

Your help is greatly appreciated in determining if the virus remains on the computer.
 

Answer:Win32:Malware-gen Detected by Avast

Hello, melm





melm said:



...turned off system restoreClick to expand...

You are not instructed to do this until your system is found to be malware-free.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




O4 - HKLM\..\Run: [Alcmtr] "ALCMTR.EXE"Click to expand...

After clicking Fix, exit HJT.

Open CCleaner - select "Cleaner" > "Run Cleaner" <---use this function ONLY!

Please run the below scanner and post the results:

Using ESET's Online Scanner

What malware problems are you still experiencing?


dr.m
 

7 more replies
Relevance 44.69%

Hi,

Practically every website I try to open does so with a warning from Avast! Antivirus and it reads, "HTML:Iframe-inf" infection. I ran my other malware program to scan the system, Malwarebytes' Anti-Malware, and it detected NO malicious objects or infection. The only new installation on my pc is a faster DSL connection that took effect today. It was installed remotely by my internet service provider, not myself.

I have Internet Explorer 8, Windows Vista, installed on my computer. Please help. Also, my homepage was changed without my consent. Thank you.

Jose
 

More replies
Relevance 44.69%

i Have run the Rkiller and this is the text. The  first time i run the program avast works but it didnt find something or the malwre also. MY machine has windows 7 home premium.
 
Rkill 2.6.8 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 12/02/2014 09:42:43 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
 * No malware services found to stop.
Checking for processes to terminate:
 * No malware processes found to kill.
Checking Registry for malware related settings:
 * No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
 * No issues found.
Checking Windows Service Integrity:
 * Network Connections (Netman) is not Running.
   Startup Type set to: Manual
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 * Windows Management Instrumentation (Winmgmt) is not Running.
   Startup Type set to: Automatic
 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Automatic (Delayed Start)
Searching f... Read more

Answer:no network or avast or malware working

Please download the SUPERAntiSpyware Portable Scanner Personal Edition from here: http://www.superantispyware.com/portablescanner.html?tag=SAS_HOMEPAGEClick on the "Download" button on the right hand side of the screen. Read the End User License Agreement and click the box "I agree to the product license terms". Click the red "download" box and follow the instructions given for running the scan.If you do not have internet connection on the problem computer download with another computer and transfer across with a USB pen drive or similar.

10 more replies
Relevance 44.69%

Hello. I'm new on this board, and I'd really appreciate some help!
 
Avast signals an alert every ten mnutes to say that malware has been bocked. It always says something ending in 'svchost,.
 
When I check the 'Details', the following comes up:
 

Infekce zablokována
URL

hxxp://getinstaal.info/?e=svon&cht=2&dcu=1&cpatch=2&dcs=1&pf=1&publisher=714&dd=4&country=GB&ind=1218507681100175637&exid=1403559918432850567&ssd=5705138279865466979&hid=18284283606151802211&osid=603&channel=0&sfx=1&jc=1&category_name=SaveOn2&install_date=20130623

Infection

URL:Mal

Sometimes the URL is slightly different.
 
I've tried ADW Cleaner, RKill, TDSSKiller, and Malwarebytes Anti Root-Kit, but they seem to detect nothing wrong.
 
I'd appreciate any tips on this particular case.

Answer:Svchost malware message on Avast! Not sure what else to try.

Hello and Welcome -
 
The programs you listed also create logs, so can you please Copy and Paste them here.
Copies of these should be on your desktop and named as such.
 
 
First -
Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.Note: If any security program requests permission to access the Internet, allow it to do so.
 
 
 
 
Next -
* Download Malwarebytes Anti-Malware Free and save it to your desktop
* Follow the normal install prompts as there are no hidden extras in the download.
* Select I accept the agreement then continue to click Next then finally click Install
** Uncheck Enable free trial of Malwarebytes Anti-Malware Premium if you do not want the free trial of the paid version, then click Finish
* If you are notified the Database is out of date click Update Now
* Click Scan Now >>
----------

** Note: If Malwarebytes will not launch please do the following to launch Malwarebytes Chameleon:
* Click Start (Start, Search, All files and folders for Windows XP) then type mbam
* Double click one of the four following files (if one does not work try the next one, and so on) - A black command window will open. Follow those instructions until the Malwarebytes program starts the scan
mbam-chameleon.scr
mbam-cha... Read more

12 more replies
Relevance 44.69%

I booted up my windows 7 computer today and Avast antivirius started giving me the following errors
 
infection blocked
http://redirector.gvt1.com/crx/blobs/QwAAAHF3InbmK-wFIemaY3I3BCOrQhs58MSM0PACaKZwziDKslDhLuYcy_uiEOziZrKSpdyKC2u0xWpTd8_mlQlb2TOoodI6B6uEyCjEHUIiCrE_AMZSmuUICZ9D46JdFolcNTWzSkVgupRLMQ/extension_1_4_8_866.crx
Infection:URL:Mal
Process:C:\Windows\System32\svchost.exe
and different other urls.

 

URL:http://r7---sn-a0jpm-a0ml.gvt1.com/edgedl/release2/yguh78k4ozs8llp4cwtmxavwjt6knme8edzf2dyqdmqamwjc8n6f1k2t3n1uwfqm6mf3lbuhzpv09imfqrro2vyquon25h3bgvb/47.0.2526.106_47.0.2526.80_chrome_updater_3stage.exe?cms_redirect=yes&expire=1450552324&ip=178.162.206.97&ipbits=0&mm=28&mn=sn-a0jpm-a0ml&ms=nvh&mt=1450537855&mv=u&pl=22&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4CD08CDC1C412B5E2A9ACE7384A7785161BA9EDC.121D354FB19FDDB28D37D24F43F04555BA97188D&key=cms1
Infection:URL:Mal
Process:C:\Windows\System32\svchost.exe
 
Avast doesn't seem to be able to get rid of the problem and I keep getting more nad more of these avast blocked urls.
What do I do Now.
Please Help
 

 

 

Answer:Malware in Windows 7 reported by Avast

Use the programs below to find and remove both adware and malware.
 
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download
 
Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
Click the Remove Selected button.
MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When remo... Read more

5 more replies
Relevance 44.69%

please help i well give as much details as possible first i have windows xp home edition sp2.

my question is dose the avast resident scanner scan all files on pc like the anti-virus or only the files that are in use . because i installed avast 4.8 and i was going good the sensitivity is on high . every thing is going good until i try housecall in ie 7 it says it was having problems transfering data or something oh and i was using the java kernel . then i tryed housecall using firefox every thing was good then avast showed a messaging saying the sensitivity scanner found WIN32:Trojan-gen {Other} so i choose to delete at next restart so i restarted my pc then did a avast 4.8 anti-virus scan and a avg anti-spyware scan they found nothing . so i thought it was gone i try housecall in firefox again and during the housecall scan it said it found a WIN32:Trojan-gen {Other} so i put it in the avast chest . is the WIN32:Trojan-gen {Other} being found because avastis conflicting with housecall 6.5 has any one else had this problem. here is some additional info .

avast gives

File Name: VS113HU6.4CC
FileID: 6
Virus Description: Win32:Trojan-gen {Other}

Original file name: C:\DOCUME~1\myname\LOCALS~1\Temp\VS113HU6.4CC
heres a hijackthis log this is what it gave im copy and pasting it as is

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:07 AM, on 4/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

R... Read more

Answer:Avast 4.8 question/ trojan / possible malware

11 more replies
Relevance 44.69%

My PC cant access the web in safe or normal mode and Avast has been disabled, and cant be turned back on. I press fix now or start program but avast stays unsecured. I can, however, run scans with Avast, but it has found nothing!Malwarebytes forund a few trojan.agent and trojan.fakeagent (or something similar)Now MBAM doesnt find anything anymore... where is this thing hidding?My pc was shutting itself down as well. Please help if you can, I am so at a loss and cant lose all my schoolwork on it.Ill be watching this thread so I can do whatever you recommend quickly.Thanks in advance for your time.vista 32

Answer:Malware turned off Avast can't access web!

1st of all open IE and click on tools/internet options/connections/Lan Settings and uncheck use proxy server. Try opening your homepage, if you are online, continue belowNow go into msconfig and uncheck ALL startup items. Download rkill.exe and run it to shut down the malware process;http://www.technibble.com/rkill-rep...1- download tdsskiller and run ithttp://support.kaspersky.com/viruse...2- now open malwarebytes and do a full scan3- Trojan Removerhttp://www.simplysup.com/tremover/d...After running those let us know if you still have some redirectsSome HELP in posting on Computing.net plus free progs and instructions Cheers

8 more replies
Relevance 44.28%

I ran avast and malware bytes and it found numerous trojans. It cleaned everything out (or so I thought) but today i ran malware bytes and avast and malware found chert5-998.exe. Can someone tell me if there is anything else that these programs are missing. Thanx.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:14:42 PM, on 1/31/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\system32\svchost.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files&#... Read more

Answer:Avast and malware bytes keeps finding trojans

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

2 more replies
Relevance 44.28%

Hi,

I was chatting in Yahoo when I suddenly I got infected, although I didn't click any link. Actually my Avast was turned off and that could have been the issue. Now Avast continuously warns me about VBS:Malware-gen in C:\autorun.inf and in the same file in all my drives. Also this virus has disallowed me to see hidden files and folders. I just don't know what to do. Any solution except for XP reinstall ?

I'm using Windows XP SP2.

HijackThis Log -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:45:15 AM, on 9/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SnoopFreeUI.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EverNote\EverNot... Read more

Answer:Please Help ! VBS:Malware-gen in drive:\autorun.inf...Avast can't remove

Hi Welcome to TSG!!
Please visit this webpage for instructions for downloading and running ComboFix.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
 

1 more replies
Relevance 44.28%

Just a curios person trying to build my own antivirus and I currently use Avast! I was wondering how those MD5 antivirus's (or avast!) detect malware. I know of Violasoft which is pretty crappy but I just want to create one as a experiment. I found a open source project on YouTube but the code doesn't make any sense to me. I've been programming in vb since I was 8 or 9 and would really like to advance. Should I find another easier project to do or can someone try to tell me not how to code them but just..how they work. Thanks ~ Flames
 

Answer:How does avast! Antivirus work and detect malware?

Well, first it installs it on your system, and then it finds it and prompts you.

JUST KIDDING JUST KIDDING

Hang tight. Someone surely knows.
 

5 more replies