Computer Support Forum

Will Kaspersky and VPN protect from malware attacks?

Question: Will Kaspersky and VPN protect from malware attacks?

Hey!
I am a web designer and I just got permission to work from home for the next week. I am allowed to take my work laptop home for it. I would like some advice regarding the security concerns before I start the work.
I have heard about spyware and malware attacks that can cause severe loss of data. I don't want such things happening to me in my work system. As of now it's clean and no malicious files are present in the system. It's installed with Kaspersky Internet Security and ExpressVPN when connecting to the Internet. Will it help in protection from spyware and malware? I have seen articles mentioning not clicking on emails and installing antivirus softwares will help, but still I have heard a lot about such attacks. What else can I do to ensure nothing harmful will happen?

Relevance 100%
Preferred Solution: Will Kaspersky and VPN protect from malware attacks?

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Will Kaspersky and VPN protect from malware attacks?

It being a work laptop, you shouldn't replace any of the pre-installed software, correct?

3 more replies
Relevance 79.95%

I have recently been infected with a fileless malware. I have run a scan with ksc and it reported some memory detection. So,i run a scan with fully updated avast free and emsisoft eek but they didn't find anything. Finally, i have to scan with zemana and only after it detected and removed a fileless malware,ksc was able to give my system a clean sheet. Does kaspersky and zemana the only one to protect against such attacks? I need a free tool to protect my system against such attacks. The detection by zemana was "trojan poweliks: fileless malware". I don't need any whitelisting software and i also sincerely think that even they cannot counter such attacks.
 

Answer:Do you know any free software to protect against fileless malware attacks?

avast and bitdefender free are both goof
 

23 more replies
Relevance 63.96%

Hello! I was wondering if anyone could give me better tips to protect my PC from things like botnets.

In the case I am particularly looking to expand my security horizon not on accidentally visiting websites that would give me a botnet, but people deliberately attempting to botnet or backend my PC through their own custom tools.

I was also wondering how I could help make Discord far more secure than it is because it uses WebRTC, which isn't secure,if there's any way to make it more secure on my PC.

I have ZoneAlarm firewall and, by default, Windows firewall is on, but I am looking for something stronger that won't give in when people overwhelm it/use powerful cutting-edge tools to bruteforce. In general, I would also appreciate tips, as a site I visited no longer offers its PDF on Windows security and most tips online are pretty garbage, like "well, do you have a password? How about a good antivirus?"

Thanks guys!

More replies
Relevance 63.55%

Hello everyone. I was wondering whats a good program or some good info to prevent people from kicking me out of Yahoo chat rooms or performing Denial of Service flood attacks which come in the form of flooding my system with endless Yahoo chat windows. I can stop the attack by closing out the program but have to reboot in order to get things working correctly. Even though I have a vague idea whos doing it and they don't seem interested in my account as a security measure I changed my Yahoo password anyway just to be on the safe side. I know it's a person in the chat room I go to who hates what I have to say and they only seem to kick me when I get on mic. Is there anyway to block these attacks I have ZA but since the attack is coming through Yahoo Messenger which is cleared to run I cannot block the attack itself I need a new way to prevent such attacks. Some people in chat mention anti hack programs but I wanted to come here first in order to be on the safe side as this is a legitimate support website. And Merry Christmas to all and a Happy New year to all! Otherwise I have no problem with my account. It only happens when I log into the chat room and a have a small list of suspects they do it to annoy me.
 

More replies
Relevance 61.91%

Microsoft SmartScreen, integrated with Microsoft Edge, Internet Explorer, and the Windows operating system, has helped protect users from socially engineered attacks such as phishing and malware downloads since its initial release in Internet Explorer 7. With URL reputation checks and Application Reputation protection, SmartScreen has protected users from billions of web-based attacks in the last 8 years. Over time, SmartScreen has expanded its scope from phishing attacks and socially engineered malware to also include warnings for deceptive advertisements and support scam sites.

Please view the full article for details
Evolving Microsoft SmartScreen to protect you from drive-by attacks
 

More replies
Relevance 61.91%

IT Pro Portal said:

Anti-virus products on the market provide zero protection against new, unreported computer viruses and take weeks to update their signatures to handle such security threats, according to an eye-opening new report from Imperva.

The data center security solution provider called the more than 40 anti-virus software products it tracked for a recent study "woefully inadequate" at protecting IT assets from 82 newly created viruses that company researchers unleashed on them.

Imperva also reported that it took "up to a month or longer" for 75 per cent of anti-virus solutions to add those viruses to their signature lists and begin protecting against them.

Consumers and businesses spending big money on such products are only getting an "illusion of security" in return, the company said in its most recent Hacker Intelligence report, which details the findings.

"Enterprise security has drawn an imaginary line with its anti-virus solutions, but the reality is that every single newly created virus subverts these solutions without challenge," Imperva CTO Amichai Shulman said in a statement.

"We cannot continue to invest billions of dollars into anti-virus solutions that provide the illusion of security, especially when freeware solutions outperform paid subscriptions," he added.

In fact, Imperva found that two free anti-virus solutions - Avast and Emsisoft - were on the short list of tested products that "prov... Read more

Answer:Anti-virus products fail to protect against attacks

Interesting.
Zero-Days are really becoming a bigger problem everyday. You need more than just a simple signature AV.
Nice to see Avast and Emsisoft on the short list of provided protection against Zero-Days
But one question, When did Emsisoft become free?
 

19 more replies
Relevance 61.5%

Find out where you are on the Cyberthreat map / ?????, ??? ?????? ????? ??????????

I like it better if I click the grid icon in the upper right.

Answer:See Cyber Attacks Around the Globe in Real Time - Kaspersky.com

This is REALLY cool!! (and you're right, the grid view is a nicer way to view it IMHO).

7 more replies
Relevance 61.5%

Does avast protects against malicious driver installations and the attacks that use hooks to infect the system.
Further, how is avast's bb at detecting process hollowing attempts and protecting COM components and important registry keys?
 

Answer:Does avast protect against malicious driver installation and win hooks attacks

I think Yes, Avast does!
 

1 more replies
Relevance 61.5%

Google Translate:

From the perspective of ordinary users firewall, of course, is the second largest after the anti-virus protection component of a PC. Unfortunately, sources of information, according to which one could determine which of the firewalls on the market protects better, very little.

Let's first define some terminology and answer the question - what is a firewall? By definition, the Internet standard [RFC3511] (2003), a firewall - a system that implements the filtering of network packets according to specified rules in order to distinguish traffic between network segments.

But with the growth of malicious software and hacker attacks, the source of the problem of firewall is supplemented with new functional modules. Already virtually impossible to complete without a firewall module HIPS (system event monitoring, control, integrity, etc.).

The main task of a modern firewall - to block unauthorized network communication (the attacks), subdivided into internal and external. These include:

External attacks on secure firewall system:
initiated by hackers;
initiated by malicious code.
Unauthorized outgoing network connections:
initiated by untrusted applications (malware);
initiated applications whose network activity is expressly forbidden rules.Click to expand...

Original Link

Translated page with More Information and Results
 

Answer:Test firewalls to protect against internal attacks (September 2011)

Thanks.

Anyone know of ways to make Windows Firewall not... suck?
 

10 more replies
Relevance 61.5%

I was asked this on a test for the CEH. What would you answer? My own answer is at the bottom.

What defensive measures will you take to protect your network from password brute-force attacks? (Choose all that apply.)

A) Never leave a default password.

B) Never use a password that can be found in a dictionary.

C) Never use a password related to the hostname, domain name, or anything else that can be found with Whois.

D) Never use a password related to your hobbies, pets, relatives, or date of birth.

E) Use a word that has more than 21 characters from a dictionary as the password.

What do you say? For me, if you are strict, the first 4 cannot be true since they would protect specifically from dictionary attacks, not brute force. The last one would surely protect you from a brute force attack, because even when using only lower case letters for the password, it would take TRILLONS of years to compute all the combinations.

But, guess what? The correct answer is to select all the first 4!!! WTF???
The justification is: "A dictionary word can always be broken using brute force"

What do you think?
 

Answer:What defensive measures will you take to protect from password brute-force attacks?

Option E is still a dictionary word. It would be cracked in moments by a brute force attempt. Remember that most brute force programs will go through the dictionary first unless told otherwise.
 

17 more replies
Relevance 60.68%

Poll for COMODO users only. Do you use this tool, bundled with the firewall, to protect while shopping or online banking?
Does it work if one is not using COMODO SecureDNS?

 

More replies
Relevance 59.04%

I have just bought Kaspersky internet security, multi-device, can I get, it to protect my Kindle Fire, and mobile phone ? if so How ?

More replies
Relevance 56.99%

I am using the trial version of kaspersky internet security(fully updated) on my windows 7 machine .
Does kaspersky trial give enough protection ???
 

Answer:Can Kaspersky 2017 protect a Windows 7 PC against WannaCry ransomware?

Kaspersky Lab? comment on WannaCry attack

After that, new variants are being added...
 

3 more replies
Relevance 54.94%

While the Internet is an amazing resource in terms of the information you can find and things you can do today, it?s important to also be smart about how you browse. A browser can be a great tool in helping you stay safe when you go online.
Most online attacks fall into one of the three situations:
1. Malware that relies on social engineering to spread
2. Attacks directed against your browser or your operating system
3. Attacks directed towards the websites you visit
Learn how Internet Explorer can help protect you from each of these types of attacks.
Read: Security and Internet Explorer

More replies
Relevance 53.3%

Please help me. I have had malware/virus problems before and been able to fix them, but not this time! I've been working on this computer for 9 hours today. I have major problems with trojans and popups, mainly from Aurora and Winfixer.

I have done scans/fixes with Adaware, Spybot S&D, TrojanHunter, Security Task Manager, and Norton Antivirus. I have even edited the registry, removing entries from malicious programs that I identified with the above programs. It seems like the fixed files and registry entries keep resurrecting themselves, or creating new problems.

Can someone please take a look at my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:24:56 PM, on 8/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wqjhsna.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\TrojanHunter 4.2\TrojanHunter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\eZula\mmod.exe
C:\PROGRA~1\WEBOFF~1\wo.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\... Read more

Answer:Malware Attacks! Help!

Okay, I have been working on the problems the last several hours, and have managed to get things looking much better! However, I am still getting some pop ups coming through, mainly from Winfixer or other alleged malware removal websites.

I followed the procedures listed in the reply to this post, entitled aurora - part of the abi network (hijack this log): http://www.techsupportforum.com/showthread.php?t=65147

I ran another Hijackthis log, and ran it through the Hijackthis Analyzer. Here are my latest results:

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Trend Micro\P... Read more

14 more replies
Relevance 53.3%

Hi all,
 
I believe I have some malware that I cant get out of my computer.
 
I have gone though the steps of what to do to check for maleware (ran Avast and Malwarebytes) and they both came up with nothing. Since its affecting my speed of computer and also my internet connection...I ran disk clean up along with Auslogics disk defrag as well.
 
Same problem.
 
 
Any help would be greatly appreated!
 
 
 
D

Answer:When Malware Attacks...

Hello Darkwater Is your connection dropping? Please run and post these logs. Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.   Please Download TDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan results.   Please download AdwCleaner by Xplode onto your desktop.•Close all open programs and internet browsers.•Double click on adwcleaner.exe to run the tool.•Click on Delete.•Confirm each time with Ok.•You will be prompted to restart your computer. A text file will open after the restart.•Please post the contents of that logfile with your next reply.•You can find the logfile at C:\AdwCleaner[S1].txt as well.>>>>Now I'd like us to scan your machine with ESET OnlineScanHold down Control and click on this link to open ESET OnlineScan in a new window.Clic... Read more

11 more replies
Relevance 53.3%
Question: malware attacks

Hey all

I need some help with removing a couple of trojan viruses from my pc.

PSW.lineage.CEY
PSW.generic8.OCZ

Would really appreciate some help.I tried removing them with avg, trojanhunter, etc.

This is the result of my Hijack this scan:

*Edited by dr.moriarty: Inline log removed - READ & RUN ME FIRST. Malware Removal Guide not followed.
 

Answer:malware attacks

What is the file path of the threats being found?

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.


After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot... Read more

3 more replies
Relevance 52.89%

Hello, I inadvertantly installed a "real video codex" on my computer. So far it has tried to shuffle my home page, search page, windows background, run outlook (which I never used, so it had no accounts), and hit some blocked websites invisibly. I have tried Spy Sweeper, AVG's spyware, Spyware doctor, Combofix, McAfee anti-virus, McAfee Stinger, Panda AV..... and a few more. Most of the symptoms were cured, but it still eats memory and and tries to access Outlook and various strange websites. Here is my combofix log :ComboFix 07-12-17.1 - Owner 2007-12-17 18:58:30.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.390 [GMT -7:00]Running from: C:\Documents and Settings\Owner.YOUR-F8C4439DFA\Desktop\ComboFix.exe * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\rs.txtD:\Autorun.inf.((((((((((((((((((((((((( Files Created from 2007-11-18 to 2007-12-18 ))))))))))))))))))))))))))))))).2007-12-13 19:44 . 2007-12-13 19:40 77,824 --a------ C:\WINDOWS\system32\IEDFix.exe2007-12-13 19:29 . 2007-12-13 19:29 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\DivX2007-12-13 17:58 . 2007-12-13 17:58 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-F8C4439DFA\Application Data\DivX2007-12-13 17:56 . 2007-11-29 15:30 129,784 -----... Read more

Answer:Multiple Attacks From Malware

Welcome to the BleepingComputer HijackThis Logs and Analysis forum skyler517My name is Richie and i'll be helping you to fix your problems.Please disable Spybot S&D?s protection,or it will interfere.You can enable it after you're clean.Open Spybot and click on 'Mode' and check 'Advanced Mode'.Click on 'Tools' in bottom left hand corner.Click on the 'System Startup' icon.Uncheck 'Teatimer' box and/or uncheck 'Resident'.Click the 'Allow Change' box.Then, check next to the computer clock to see if the icon for Spybot is still there.If it is, right click it and choose 'exit Spybot-S&D Resident'.Restart the computer.If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:http://www.russelltexas.com/malware/teatimer.htmClick on Start>Run and type Services.msc then hit Ok.Scroll down and find the service called:Active Common ServiceWhen you find it, double-click on it.In the next window that opens, click the 'Stop' button. Then change the 'Startup Type:' to 'Disabled'. Now press Apply and then Ok and close any open windows. Click Start>Run and type regedit then click OK.Navigate to HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>ServicesScroll down the left pane,locate the service name:Active Common ServiceRight click on it 'Delete'. Then restart your pc.Download ATF Cleaner by Atribune:http://www.atribune.org/ccount/click.php?id=1Do not run it just yet.Download\install 'SuperAntiSpyware Home Edition Free Ver... Read more

5 more replies
Relevance 52.89%

Hello, I am using a different computer to post this thread. I use Windows XP
Anyways, yesterday, a pop-up appeared saying "We Hope You Enjoyed Our Content" after days of what I thought to be ad-ware. After the pop-up, the screen turned to something saying "Windows has detected spyware. Click here to download spyware protection" or something around that. I downloaded SpyBot and found out that I got many viruses and trojans including:
-WebHance
-SpyWareKnight
-Perfect Keylogger
-AdwareFinder
-Zlob virus
-SpyWare Sheriff
-GAIN.gator

And many more. I want to remove all of these viruses from my computer but I don't want to have to reboot it because I have many files I need to keep. How can I remove them?

Oh ya, task manager has been disabled

Answer:Malware And Trojan Attacks

Hello and welcome first run thisPlease download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, cl... Read more

16 more replies
Relevance 52.89%

Custom built PC – ASUS MBO, AMD Athlon 64 CPUWindows XP Professional, w/SP3Internet Explorer 8Mozilla FirefoxGoogle Chrome (new installation)Nvidia firewallMcAfee security (AOL version)This problem has three parts where this PC (my wife’s) is under duress from an unknown source and current tools aren’t stopping it:A. Recent outbreaks of Malware taking over systemB. An event in Jan 2011, has resulted in McAfee thrashing with incidentsC. Residual damage: redirected search outcomesIn the last week have had 3 major incidents with Malware. Following the first attack I installed Malwarebytes. Descriptions of each attack and the Malwarebytes logs follow:1. Friday, 6/24/11, approx. 8.45 pm. My wife was watching a scrapbooking video when attack occurred. Trojan: Fake alert: Pop-up windows for product named “XP Security 2012”, damaged/took-over file associations, clicking on most shortcuts would result in a pop-up window, open IE window and connect to site to purchase this product. Found file named “ggn.exe”.Malwarebytes' Anti-Malware 1.51.0.1200www.malwarebytes.orgDatabase version: 6949Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187026/26/2011 12:56:10 AMmbam-log-2011-06-26 (00-56-10).txtScan type: Full scan (C:\|D:\|)Objects scanned: 314522Time elapsed: 4 hour(s), 59 minute(s), 55 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 66Registry Values Infected: 1Registry Dat... Read more

Answer:Multiple Malware Attacks

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. Please take note: If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the '... Read more

2 more replies
Relevance 52.89%

I have been searching the forums for days looking for answers. On startup, Windows XP pops up a not connected to the internet window. Then Ultimate Cleaner ads pop up, Now it is opening IE and Firefox windows at random with ads...Here's my registry

(I have tried smitfraud, combofix, fixwareout, spyware doctor...)

Here's my registry log from HijackThis..Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:27:30 PM, on 2/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\DellSupport\brkrsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32... Read more

Answer:Malware, attacks IE and Firefox

Really wondering if anyone has any ideas for me...I can't even do anything on my computer now...The adware opens 100 windows each of IE and Mozilla.

Help
 

1 more replies
Relevance 52.89%

Hello everyone,

Lately we hear more and more often speak of advanced malware attacks and in this thread I gathered the main characteristics of these attacks.

Traditional security measures, for instance based on signatures and such as firewall, antivirus, no longer enough. Work against less sophisticated attacks but cannot do much against new cyber criminals, who often (70-90% of cases) use malware not known, obfuscated, masked to be unrecognizable!

Here is a brief description of these very dangerous techniques, some recent others less.
Polymorphism: is the ability of a malware to change continuously, to make digital signatures based systems ineffective at detection.

Binary Retraining: same goal of tactics above, reached by modifying the binary structure of the object while maintaining unchanged the malicious functionality.

Recoding with Masking: the malicious executable object is hidden within commonly used file types, to push the unsuspecting user to run the malicious code. These are file types, for example, PDF or Microsoft Office files.

Malware Encapsulation : the malicious code is hidden by extending to legitimate files, commonly used by users. For example, a new version of a popular text editor or a game may hide dangers.

Multi-Flow Attacks: attack is fragmented across multiple flows of information, so as to confound even the tools of modern sandboxing but perform individually analysis objects. These items will be labeled as harmless, because they are only a par... Read more

Answer:Advanced Malware Attacks

Detection based antiviruses cannot even protect you form Polymorphism Thank you for the descriptions
 

21 more replies
Relevance 52.48%

Ok this is weird. I run Ntl netguard, and Spyware Doctor. A few days ago, SpyDoc refused to auto update. Nothing strange thought I, site must be down.

Well its been four days now. Then I noticed I couldn't connect to Microsoft to do updates either. On further investigation, I found I can't connect to ANY legit malware sites. I have run Spybot, Ntl netguard, Malware Byte's anti malware, and Norton AV, none found anything wrong.

However, I tried setting up a proxy within Firefox, and CAN connect to the sites I couldn't otherwise. (albeit incredibly slowly).

As things stand, I can't update any malware software, and assume my poor PC must have caught something new and nasty.

Please help

Hi jack this follows:-

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:08, on 19/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterSer... Read more

Answer:Help Pls! Can't update Malware Protect or Visit Any Malware Sites

sorry, bump
 

2 more replies
Relevance 52.07%

The article is still developing here: https://www.windowscentral.com/new-ransomware-attack-appears-be-making-its-way-across-europe?utm_medium=slider&utm_campaign=navigation&utm_source=wp
But I thought governments, institutions would have learned their lessons after the last major malware attack
So how does this happen? Not for the same companies obviously as that would be just plain ridiculousness but for the new companies that got attacked
You would think they would have learned their lessons and made strides in updating all their systems and tightening their security systems
And why are the attacks predominantly in Europe? Is it because the online network and systems are more in depth or there's a way these scammers and malware creators can target specific regions or systems?

More replies
Relevance 52.07%

As the title says I haven't seen this one before, of course I've seen infections (whether they are trojans or viruses or just simply malware) attack browsers by creating popups saying that your PC is infected or your browser is not safe, etc.

I got a call to remove an infection and I won't say that I haven't seen this before, just the behavior I haven't seen where the browser developer tools shows up and then it flashes like crazy as if someone was task switching the dickens out of it. I recognize the software, I don't recognize the behavior and when this happens it prevents the user from being able to do anything in the browser such as type URLs or manipulate searches on webpages in the search box on webpages that have them.

I suggested we try Chrome, and guess what? It attacked Chrome since the customer normally uses IE (and while I won't rail a user about using IE, its my number one product I jab at because its so deplorably broken and slow IMO) HOWEVER if it is what the customer wants to use then I don't stick my opinion out like a sore thumb but I do at least recommend Chrome or Firefox at least once in my discussion with them only if they are interested.

So because it also affected Google Chrome, it again made it impossible to use the browser, and I know its not a localized problem as I first thought it was an IE only related problem, I've tried rkill, mbam, ccleaner (haven't tried combofix) and I steer away from hijackthis because its a rather complex prog... Read more

Answer:A hijack or malware that attacks ALL browsers?

Sounds like malware. Have you tried starting it in safe mode with networking and p[en the browser there? If so, you could just run malware bytes and it should take care of your problem.

6 more replies
Relevance 52.07%

First things first, I'm running Windows XP, 32-bit, SP3. Almost forgot this little detail!

OK, a few days ago my brother tells me that my Norton 2012 identified an attack coming into it. I check it out, it says it was blocked, no further action required. So far so good. Only it keeps happening. It's not one kind of attack either, here are the logs of some of the most recent ones:

2012-06-04 18:17:56,High,An intrusion attempt by 204.152.214.173 was blocked.,Blocked,No Action Required,Fake App Attack: Fake AV Redirect 21,No Action Required,No Action Required,"204.152.214.173, 80",verifyanalysisav.in/78dee9e271084cb2/50/,"COMPUTER (192.168.1.2, 4058)",204.152.214.173,"TCP, www-http",
2012-06-04 18:01:14,High,An intrusion attempt by 37.59.188.165 was blocked.,Blocked,No Action Required,Web Attack: Blackhole Toolkit Website 14,No Action Required,No Action Required,"37.59.188.165, 80",biztreeentr.firm.in/dasdasaseq.php?page=fe54e51dd1a5ae58,"COMPUTER (192.168.1.2, 4798)",37.59.188.165,"TCP, www-http",
2012-06-03 21:38:39,High,An intrusion attempt by COMPUTER was blocked.,Blocked,No Action Required,Web Attack: Malicious Toolkit Website 25,No Action Required,No Action Required,"COMPUTER (192.168.1.2, 2159)",sixkzz.in/index2.php?src=55&gpr=16&tkr=06040138820273254&tkri=4350aed7bb1b1bb6f49deb9d15ece3dc&tkrb=d1bf8b457b7f4183592500667d8565b8&inframe=1,"205.134.160.134, 80",192.... Read more

Answer:Malware attacks and svchost over 1.5 million K

16 more replies
Relevance 52.07%

Malware purveyors are exploiting web vulnerabilities in appleinsider.com, lawyer.com, news.com.au and a dozen other sites to foist rogue anti-virus on unsuspecting netizens.
The ongoing attacks are notable because they use exploits based on XSS, or cross-site scripting, to hide malware links inside the URLs of trusted sites. That's something application security expert Mike Geide doesn't see often. As a result, people who expect to visit sites they know and trust are connected to a page that tries to trick them into thinking their computer is infected.

The malicious links are blasted out on web forums and typically look something like: Code: hxxp://lawyers.com/find_a_lawyer/content_search/results.php?sCHRISTINA%AGUILERA%20ANOREXIC%20PICS%3C%2F%74%69%74%6C%65%3E%3C%69%66%72%61%6D%65%20%73%72%63%3D%2F%2F%61%73%6B%35%2E%65%75%3E Source: Attacks spread malware with help from AppleInsider ? The Register
Firefox users may install NoScript add on by Giorgio Maone to prevent XSS attacks.

Answer:Attacks spread malware with help from AppleInsider

Thanks for the useful article.

2 more replies
Relevance 52.07%

Hi all,
First, let me say thank you for being available to help people you've never met, because I'm sure there are a lot of us out here.

I recently downloaded a sketchy file which infected my computer. I scanned it with several programs before opening it, and it came up clean, but alarms went off as soon as it ran. I immediately deleted the file but it was too late. When I started running removal programs to clean up, each one crashed and wouldn't open again. I googled for the symptoms and came up with the msa.exe virus/malware. I followed some removal steps I found and seem to have deleted the file from my windows directory, but I don't know if it's gone. I also found process a.exe running which seems to be associated with the monopod virus, but I don't know this for sure either. I have tried running Spybot, Adaware, SUPERAntiSpyware, AVG Antispyware, Windows Defender, and have also since tried to install and run WinPatrol without success. Most of these programs will start up once, but crash during scans and after that will not open. I'm often told I don't have privileges when trying to run them again or even re-install.

As for my log files, I can't seem to run DDS, so I don't have the log for it. I don't have any script blockers that I know of to disable. The GMER file is attached as instructed. Also, I am running WinXP Home, SP2 (I didn't realize there was a SP3 until recently or I would have updated). I DO NOT have the CD or boot disk however; it cam... Read more

Answer:Malware that attacks removal programs

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.


Please download Rkill from any one of these links and save it to your desktop.

Rkill.com
Rkill.scr
Rkill.pif


Now double click on Rkill to run it. Do not reboot.



Combofix
Download ComboFix from one of these locations:

Link 1
Link 2


and rename it to glasgow.exe before saving it to your desktop.

Double click on the renamed ComboFix.exe & follow the prompt... Read more

19 more replies
Relevance 52.07%

 I seem to be getting a lot of attacks since my job involves opening and dealing with  emails all day long and I am tired of having to clean and repair my pc. I just upgraded to Win7 and want to start off right by having good protection so i would like to ask if you can recommend the best options for me please? I am thinking to use the no.1 rate virus software which is Bitdfender and also use SAS, this way I cover the 2 most attacks I seem to be getting all the time, do you think this is best or is there something else you can recommend which will give me the best chances not to get Malware on my pc please?
 

Answer:Best options to prevent Malware attacks?

Bitdefender is good, you can use it, the best way not to infected with malware is to caution when you open your email, see your attachments before open it, is it trustable? Is it secure? You can upload it to virustotal.com to test before open it.
 
Thank you.

26 more replies
Relevance 52.07%

I'm curious about this because of a recent article that I just read ("Internet Security Fail").
This is what disturbs me the most in the article:
"The truth is, consumer-grade antivirus products can’t protect against targeted malware created by well-resourced nation-states with bulging budgets. They can protect you against run-of-the-mill malware: banking trojans, keystroke loggers and e-mail worms. But targeted attacks like these go to great lengths to avoid antivirus products on purpose. And the zero-day exploits used in these attacks are unknown to antivirus companies by definition. As far as we can tell, before releasing their malicious codes to attack victims, the attackers tested them against all of the relevant antivirus products on the market to make sure that the malware wouldn’t be detected. They have unlimited time to perfect their attacks. It’s not a fair war between the attackers and the defenders when the attackers have access to our weapons."
So, the operative word here is "targeted malware". It's one thing to exploit anti-virus software, but another to actually get inside a computer's security perimeter. The majority of infections are caused by an unsuspected payload getting onto a computer and then eventually being executed, or somebody clicking on a website icon/link and accepting the invitation to execute. The anti-virus software is the last line of defense (discounting other intrinsic protections like ... Read more

Answer:How vulnerable are we to direct malware attacks?

The hardest thing to bdo is a direct hack into a computer. Is it impossible? no, but its difficult and time consuming enough that the average user isn't worth the effort.

Now if theres something a hacker wants, its pretty much theirs, but just to steal bank info, theres alot easy ways, i.e. comprimised websites, bad d/l's etc.

You may want to unplug your connection, just to keep your computer from d/l unknowing things like updates, plus you know if someones hacked your wifi.

6 more replies
Relevance 51.66%

2016 saw attackers holding data for ransom at an alarming rate; but in conjunction with the rise of ransomware and the continued ubiquity of mass malware, attackers are increasingly utilizing non-malware attacks in an attempt to remain undetected and persistent in organizations? networks.

According to Carbon Black data, these non-malware attacks are capable of gaining control of computers without downloading any files and are using trusted, native operating system tools (such as PowerShell) and exploiting running applications (such as web browsers and Office applications) to conduct malicious behavior.

In its end-of-year threat report, Carbon Black found that instances of severe non-malware attacks grew throughout 2016. And in any given 90-day period, about one-third of organizations are likely to encounter at least one severe, non-malware attack.

Instances of non-malware attacks leveraging PowerShell and Windows Management Instrumentation (WMI) grew throughout 2016. Such attacks spiked by more than 90% in the second quarter of this year (93.2%) and have stayed at escalated levels since. And, some leading attack campaigns in 2016, including PowerWare and the hack against the Democratic National Committee (DNC) leveraged non-malware attack vectors to carry out nefarious actions.

Meanwhile, the research also found that ransomware, which is on track to be an $850 million business in 2016 according to FBI data, has emerged as the fastest-growing malware across all industrie... Read more

More replies
Relevance 51.66%

Dear all!

First off, I want to tell you guys that I am so thankful that you are here and helping people. This is one amazing, amazing forum.

My computer got infected with Outerinfo/Yazzle adware monstrosity yesterday morning. They disguise their executibles in the "close" buttons in popups that look exactly like system windows - and I just "closed" one, and now..... It's been pure hell.

I am in the middle of a critical project that requires web access, and suddenly my computer is basically exploding with popups, and is barely crawling. It was flying before, and I was loving it. Now it's slow and nastily infected. We tried to uninstall, reboot, actually reinstalled the OS, but it seeded itself in the kernel somewhere and is still there, the evil thing.

Trying to get security upgrades isn't working, simply isn't allowing them to install. It's weird. This thing is protecting itself. Please, please help!

Here is my HiJackThis log. I sooooo very much appreciate your help. So much. Thank you!!!!!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:13 AM, on 1/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Pro... Read more

Answer:Outerinfo Malware attacks XP, popups, here's my HiJackThis log, please,please help!

It all looks fixable....


Download SDFix from here and save it to your desktop.


Please then reboot your computer in Safe Mode by doing the following :
Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.

It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.

Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.

Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).

Finally paste the contents of the Report.txt back on the forum.


=========================================

This will help to identify malware on your system.
Please download Combofix fr... Read more

1 more replies
Relevance 51.66%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:05:01 PM, on 14/4/2009Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16809)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Symantec AntiVirus\VPTray.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Synaptics\SynTP\SynTPStart.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Acer\Empowering Technology\eAudio\eAudio.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files\Launch Manager\LManager.exeC:\Program Files\Windows Live\Family Safety\fsui.exeC:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Microsoft Office Communicator\communicator.exeC:\Users\82043\Program Files\DNA\btdna.exeC:\Users\82043\AppData\Roaming\Google\Google Talk\googletalk.exeC:\Program Files\Common Files\InstallShield\... Read more

Answer:there is still spyware and malware attacks in the forms of advertisements

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Relevance 51.66%

Microsoft bracing for malware attacks from embedded fonts
VULNERABILITIES

Security researchers say it?s only a matter of time ? days not weeks ? before malicious hackers start exploiting one of the vulnerabilities via booby-trapped Web pages or Office (Word or PowerPoint) documents. The specific vulnerability ? in the font parsing subsystem of the win32.sys driver ? provides an entry point for hackers to take complete control of an unpatched machine without any user action beyond normal browsing or opening a rigged document file. ? Microsoft?s MS09-065 bulletin says an exploit was already publicly available before the update was ready on Patch Tuesday, meaning that malware authors have gotten a long head start researching entry points for attacks.

Date: 12 November 2009

More...........Microsoft bracing for malware attacks from embedded fonts | Zero Day | ZDNet.com

Answer:Microsoft bracing for malware attacks from embedded fon

The Microsoft Security Bullentin says W7 is not affected.

http://www.microsoft.com/technet/sec.../MS09-065.mspx

2 more replies
Relevance 51.66%

Hi, I have a system that is infected with (most likely) a rootkit. It will not allow any scanners or most antimalware programs to run. So far I have successfully run DDS and gotten a log,rkill (iexplore version) which finds and kills 2-3 process' but they get recreated instantly and process names change each time. Renaming other scanner's exe's does not work.

What will not run or gets killed shortly after starting: combofix, mbam, superantispyware, hitman pro, catchme, mbr.

Safe mode produces the same results, no obvious bad files created recently, pulling the hard drive and scanning on another pc with mbam, eset and most of the others above does not find any infected files.

Can you provide any further insight? Much appreciation in advance. Gmer also shuts down after clicking on scan. DDS logs are attached

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Andrea Feigelson at 17:40:15.39 on Wed 03/09/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3327.2582 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
"\\.\globalroot\Device\svchost.exe\... Read more

Answer:Infection attacks anti malware software

I know I'm not supposed to reply to my own thread to keep replies at 0 but its been awhile with 102 views but no replies. Is this a stumper? Or just the pro's havn't gotten to it? I hate giving up and just doing a fresh install, it just feels so...... cheap. One update also, mbam now when scanning the drive from another PC is finding a random named .exe file that gets recreated at boot. Someone else cleared the find so I'm running another to see what mbam thinks its infected with.

7 more replies
Relevance 51.66%

Short on details but sounds interesting!!!
Article:
Washington, Nov 4 : Researchers from North Carolina State University have devised a novel way to block rootkits, one of the most insidious types of malware, preventing them from taking over computer systems.
"Hackers can use rootkits to install and hide spyware or other programs. When you start your machine, everything seems normal but, unfortunately, you've been compromised," said Dr. Xuxian Jiang, assistant professor of computer science at NC State and a co-author of the research.
"Our research leads to a new way that can protect all the hooks in an efficient way, by moving them to a centralized place and thus making them easier to manage and harder to subvert," said Jiang.
Jiang revealed that by placing all of the hooks in one place, researchers were able to simply leverage hardware-based memory protection, which is now commonplace, to prevent hooks from being hijacked.
Whole Article: How to block stealthy malware attacks

Answer:Article: How to block stealthy malware attacks

Thanks for sharing, very interesting article.

6 more replies
Relevance 51.66%

Dear all!

First off, I want to tell you guys that I am so thankful that you are here and helping people. This is one amazing, amazing forum.

My computer got infected with Outerinfo/Yazzle adware monstrosity yesterday morning. They disguise their executibles in the "close" buttons in popups that look exactly like system windows - and I just "closed" one, and now..... It's been pure hell.

I am in the middle of a critical project that requires web access, and suddenly my computer is basically exploding with popups, and is barely crawling. It was flying before, and I was loving it. Now it's slow and nastily infected. We tried to uninstall, reboot, actually reinstalled the OS, but it seeded itself in the kernel somewhere and is still there, the evil thing.

Trying to get security upgrades isn't working, simply isn't allowing them to install. It's weird. This thing is protecting itself. Please, please help!

Here is my HiJackThis log. I sooooo very much appreciate your help. So much. Thank you!!!!!!!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:31 AM, on 1/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\s... Read more

Answer:Outerinfo Malware attacks XP, popups, here's my HiJackThis log, please,please help!

hello & welcome to TSF


what you need to do is post your log in the HJTLog Help forum here at this site , we are not allowed to help you for it take trained techs to read those logs and to explain how to remove the infection

sorry but those are the forum rules

Mike

1 more replies
Relevance 51.66%

After Spybot scan, I think that program have removed any malware from my friend's computer. Just to make sure, can you please have a look at this HijackThis log??Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:21:57 PM, on 9/23/2007Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\System32\svchost.exeC:\PROGRA~1\Navnt\navapsvc.exeC:\PROGRA~1\Navnt\npssvc.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\system32\stisvc.exeC:\WINNT\System32\mspmspsv.exeC:\WINNT\system32\svchost.exeC:\PROGRA~1\Navnt\alertsvc.exeC:\WINNT\Explorer.EXEC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\SpeedUpMyPC3\SpeedUpMyPC.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Navnt\navapw32.exeC:\Program Files\eyeQ\ARLaunch.exeC:\Program Files\HijackThis\HijackThis.exeC:\WINNT\System32\WBEM\WinMgmt.exeR1 - HKLM\Software&#... Read more

Answer:Am I Clean From Malware Attacks After System Scans?

Hi eternal,

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience.

9 more replies
Relevance 51.66%

More captcha busting suspected.
Hackers have figured out how to create computer-generated Facebook profiles and are using them to trick unsuspecting users into installing malware, a security researcher warned Thursday.
The fraudulent profiles display the same picture of a blond-haired, blue-eyed woman, but with slightly different names and birthdates, said Roger Thompson, chief of research at security firm AVG Technologies. Each invites visitors to click on what purports to be a video link that ultimately tries to trick viewers into installing rogue anti-virus software.
AVG's LinkScanner product, which monitors webpages in real time to make sure they're not malicious, has encountered "hundreds" of separate pages. But because AVG only sees a page when one of its subscribers tries to click on one, Thompson suspects the total number of fake profiles is in the thousands.



Source -
Automated attacks push malware on Facebook ?€? The Register

More replies
Relevance 51.66%

AV Vendors Detect On Average 19% Of Malware Attacks.

That detection rate increases only to 61.7% after 30 days. Even after 30 days, many AV vendors cannot detect known attacks.

-- Tom
 

More replies
Relevance 51.66%

Very interesting piece on Mac security.... nothing is 100% bullet proof after all...
 
See full article at: http://www.businessinsider.com/there-are-more-mac-malware-attacks-in-2015-than-last-five-years-combi...
 
Mod Edit:  Deleted unnecessary excerpt from link - Hamluis.

Answer:There have been more malware attacks on Macs this year than the last five years

See BC News article here: http://www.bleepingcomputer.com/news/apple/2015-was-the-worst-in-history-for-osx-malware/
 
Closing topic as this is redundant.
 
~ OB

1 more replies
Relevance 50.84%

 

Microsoft warns of increase in Adnel and Tarbir Trojan attacks on Excel and Word users
Microsoft has warned its Microsoft Office users of significant rise in malware attacks through macros in Excel and Word programs.  In a report published on its blog, Microsoft says that there is more than a threefold jump in the malware campaigns spreading two different Trojan downloaders. These Trojan downloaders arrive in emails masquerading as orders or invoices.
The malwares are being spread through spam emails containing following subject lines accordingly to Microsoft
ACH Transaction Report
DOC-file for report is ready
Invoice as requested
Invoice – P97291
Order – Y24383
Payment Details
Remittance Advice from Engineering Solutions Ltd
Your Automated Clearing House Transaction Has Been Put On
And the attachment containing Adnel and Tarbir campaigns is usually named as following :
20140918_122519.doc
813536MY.xls
ACH Transfer 0084.doc
Automated Clearing House transfer 4995.doc
BAC474047MZ.xls
BILLING DETAILS 4905.doc
CAR014 151239.doc
ID_2542Z.xls
Fuel bill.doc
ORDER DETAILS 9650.doc
Payment Advice 593016.doc
SHIPPING DETAILS 1181.doc
SHIP INVOICE 1677.doc
SHIPPING NO.doc
Microsoft Technet blog says that the two Trojan downloaders,  TrojanDownloader:W97M/Adnel and TrojanDownloader:O97M/Tarbir are being spread at a rapid pace through spam emails and phishing campaigns. Worryingly they are targeting both home PC users and enterprise customers and most of the... Read more

Answer:Microsoft warns for new malware attacks with Office documents

So this is an issue with people letting malicious macros run - guess MBAE will not work against it.A good AV solution that scans documents will, though.

7 more replies
Relevance 50.84%

Sophos said:

iFrames and script tags are being used by malicious hackers to serve up drive-by internet attacks, silently and invisibly.

iFrames allow webmasters to embed the content of one webpage into another, seamlessly.

There are legitimate reasons why some websites may want to do that - but what cybercriminals do is exploit the functionality (presumably they have been able to gain write access to the website) to deliver malware such as fake anti-virus or a PDF vulnerability exploit to infect your computer.

What's sneaky is that malicious hackers can make the embedded content invisible to the naked eye, by making the window zero by zero pixels in size. You can't see the threat, but your web browser is still dragging it down.

Read more: http://nakedsecurity.sophos.com/2012/08/16/invisible-iframe-drive-by-malware-attacks-explained-video/Click to expand...
 

Answer:iFrame drive-by malware attacks explained [VIDEO]

Scary :S

I've never been a victim of any Drive-By, then again, I prob have in the past and never knew about it :/
 

11 more replies
Relevance 50.84%

Hello,

Over the past few days I continue to get warning messages from both Malwarebytes and Norton that some malware is trying to attack my computer. I've run full scans using Malwarebytes and Norton with no success. I'm hoping you can walk me through removing whatever it is that is starting these attacks. Not sure if this helps identify what/where it is, but the some of sites that are blocked by Malwarebytes are:

91.212.226.178
91.212.226.59
There are others too sometimes

I've attached a screenshot of the Norton warning details.

Also, whenever I search those #'s on google it triggers another attack. Fortunately, the attacks are blocked.

Finally, I am using Windows XP.

Thanks!
Sean

Answer:Consistent Malware attacks detected by Malwarebytes and Norton

I see no screenshot.

FWIW: Any computer on the Internet...is probably under "attack" by malware constantly, IMO.

Louis

4 more replies
Relevance 50.84%

New wave of phishing attacks serves malware to PCs and Macs








By Ed Bott
March 23, 2012, 5:24am PDT


Summary: Malware distributors have launched a new wave of attacks aimed at taking over unpatched PCs and Macs. They look like routine messages from a bank or a social network, but instead of phishing for passwords, they?re serving up malware.


In the past few weeks, I?ve noticed an alarming increase in fraudulent email messages coming to some old, well-established email addresses of mine.


It?s not just the quantity of messages that?s noteworthy, it?s the quality as well. This particular wave of attacks includes some attacks that are frighteningly real looking. And they?re being used to serve up a toxic brew of malware to unprotected systems.


Consider these two examples of messages I received this week. The first appears to be a fraud alert from American Express:


It has all the right logos, and the wording has the same professional tone and grammatical accuracy I would expect of a legitimate communication from American Express. Unlike many phishing messages, this one made me look much more closely, and I suspect that the click-through rate was higher than most such attempts.



see full report

Answer:New wave of phishing attacks serves malware to PCs and Macs

I received a message from "Bank of America" on my answering machine telling me about my new account. I don't have an account with "BofA"!!

2 more replies
Relevance 50.84%

Recently I'm studying about some sophisticated attack techniques used by criminals to break and infect the systems (Home and Enterprise Network).
The goal is always to steal data and remain persistent in the affected system: "fly under the radar".

The attacker wants to infect while remaining invisible, thus avoiding triggering "alarms", leaving traces in the logs, be detected by various solutions such as firewalls, IDS/IPS, Antimalware and HIPS.

This article is focused on some of the techniques used during the attack.

After compromise a machine, it is necessary to maintain persistent access to the network, for this purpose the choice of payload is crucial.

It's often used a reverse http shell

REVERSE HTTPS
REVERSE: the target use firewall with more or less restrictive rules and very often the only configuration is rejecting all incoming connections, especially if the request originated from a computer within the network.Important to the success of the attack, once compromised the remote machine, then get a shell back. The default setting provides for the attackers to connect directly to the shell meeting in this case the firewall block. By setting the reverse option they get to be the compromised machine to act as a client and to contact the C&C (command and control) of the attackers. (It's the same method used by botnets)

WINDOWS: In this case the target machine has the Windows operating system and the exploited process has the... Read more

More replies
Relevance 50.84%

I'am experiencing a (3) fold problem with malware, spyware & virus attacks. 

My video downloader will (stutter & freeze), to the point of emergency shutdowns.
Can a lenghty download catch infection, when (objects) starts to attack the operating system ?
I do have (Microsoft Security Essentials) installed & updated daily. Since March 30th 2012, I've recorded (258) trojan attacks removed by (MSE) alone, in this (Los Angeles) area.
Is (download security) common while downloading a program ?  I'am starting to worry about future downloading, from websites like (Amazon.com), which can take (6 to 15) hours to complete.
I've also experienced (core damage) to my (Windows 7 professional) upgrade, to "hack out"  my (name files section), to cause a (1) hour (system restore-successfully), because of (spyware, virus & malware) attacks while downloading a program.
Signed: Lee VernonLee Payne

More replies
Relevance 50.84%

Hi, I have a system that is infected with (most likely) a rootkit. It will not allow any scanners or most antimalware programs to run. So far I have successfully run DDS and gotten a log, gmer but it did not specifically identify any threats, rkill (iexplore version) which finds and kills 2-3 process' but they get recreated instantly and process names change each time. Renaming other scanner's exe's does not work.

What will not run or gets killed shortly after starting: combofix, mbam, superantispyware, hitman pro, catchme, mbr.

Safe mode produces the same results, no obvious bad files created recently, pulling the hard drive and scanning on another pc with mbam, eset and most of the others above does not find any infected files.

Can you provide any further insight? Much appreciation in advance.

Answer:Infected system attacks anti-malware software

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

1 more replies
Relevance 50.43%

Tax-themed scams and social engineering attacks are as certain as (death or) tax itself. Every year we see these attacks, and 2017 is no different.

These attacks circulate year-round as cybercriminals take advantage of the different country and region tax schedules, but they peak in the months leading to U.S. Tax Day in mid-April.

Cybercriminals are using a variety of social engineering tactics related to different scenarios associated with tax filing, in order to get you to click links or open malicious attachments.

Here are some recent examples we?ve seen. The best defense is awareness: no matter what stage you are in your tax filing and wherever you are in the world, don?t fall for these social engineering attacks.

Tax refund: ?You are eligible!?
An enticing bait attackers use says that you?re eligible for a refund. We?re seeing several phishing campaigns targeting taxpayers in the United Kingdom, where tax filing season ended in January. These attacks are targeting people who might be waiting for information about their tax refund.

These kinds of phishing emails pretend to come from HM Revenue and Customs, the tax collection body in the UK. These mails vary in how legitimate they appear, but in all cases the attackers want you to click a link in the mail. The link points to a phishing page that will ask for sensitive information.



If your default browser is Microsoft Edge, Microsoft SmartScreen will automatically block access to these phishing sit... Read more

More replies
Relevance 50.43%

hi, my pc has been used by the family may i say to access sites that have more than likely caused extremely slow running and a mouse/cursor that has a mind of its own. i suspect malware and virus attacks. Can i get free software that downloads and runs, or will i have to pay for removal? thanks ever so much for the ethical work you all do here, scott.

Answer:mad mouse and extremely slow lap top, malware and virus attacks suspected

Hi, you need to post on our security forum, they will assist you. There is no charge, we are all volunteers, just be patient they are very busy.

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

1 more replies
Relevance 50.43%

Hello,

I keep getting attacks from a virus that claims that hard drive is failing. When it happens, all my desktop icons disappear and my laptop keeps restarting. I have tried Malware Bytes, Super Anti Spyware, Hitman Pro. Each time, the anti malware program seems to get rid of the malware, and I then use "unhide" to restore my icons. This works for about a day but after a while the malware ALWAYS comes back, randomly! sometimes my laptop will just be on, I'd be listening to music and not even surfing on the internet, and the malware will suddenly appear.

Moreover, sometimes, random audio adverts will start playing on my laptop. These last about 1-2 min.

A third problem - My browsers have become incredibly slow, and I have the 'redirect' problem on both firefox and IE. This means that everytime I perform a search, I have to manually select the result's url and paste it into the address bar.

These multiple problems have been going on for about 2 weeks and it's exhausting me.

Can anyone help me clean this laptop please, it's my work tool and I can't do anything without it I would so buy a new one if I had the money but I can't afford it at the moment.

Answer:Repeated attacks "Hard drive failure" malware/virus

Hello, as you didn;t state your Operating System (OS)...Go herehttp://www.bleepingcomputer.com/virus-removal/page/5/Use the Removal Guide that matches your OS..eg Windows Vista Recovery (Uninstall Guide)Click on the guides name to open the guide.After reading how the malware is misleading you ...You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

8 more replies
Relevance 50.43%

Hello ...... every one !

I have been having lots and lots of problems with my PC. But I think I am not the only one having these probs. Having read some earlier posts I feel I am at the right place now.

I have the following system:
Windows XP Proffessional , Service Pack 2
Computer : Pentium 4 CPU, 2.40 GHz and 256 MB of Ram.

My Computer is running soooooooo sloooooow and I am unable to send mails. Task Manager is disabled. Some shortcuts like My Computer, My documents, Internet explorer etc on the desk top have just vanished and my AVG antivirus is reporting Trojans and other malware repeatedly. I had formatted the PC just a few weeks back and I dont wanto to go thru it again. PLLLLLEASE HEEELLLPP

Logfile of HijackThis v1.99.1
Scan saved at 10:57:34 PM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\Common Files... Read more

Answer:Malware attacks outgoing mail / Task Manager disabled

11 more replies
Relevance 50.02%

Hi, my windows 7 home premium pc, with a Ethernet router, was running BitDefender Security 2016 as my main AV and firewall. I had peerblock with various blacklists. I also had a few port / firewall watchers installed as well. I added them when I noticed BitDefender was acting strange - i.e all the sensitivities on the modules were lowered "by themselves", password access was denied and the "reset password" links disappeared. 
 
Also, when I would scan w/ BitDefender - I kept getting a notice to update firefox, because the version was old and could be exploited --- I uninstalled that program a year+ ago! I would do file search and the actual exe for that program would never appear, just old reg files.
 
My browsers IP was being hijacked. Hosts - 2 Computers mainly, were joining my network, my router's settings were being changed, local network dns changed, mac address changes to all devices. Also remotely someone was connecting their iphone and android devices to my computer, authorizing themselves to mine and my kid's kindles. Ultimately they put themselves with higher authority over my admin status on the pc, as to remain stealthy (I found their hidden user names) - configuring a dns server to file share, and BitDefender was used to dismantle my system (changing ini files and disabling system processes and updaters, enabling remote access), while they could gain access with no problem and reap the rewards.
 
I had to keep reseting my router passwords and ... Read more

Answer:Remote Access Through Trojan/Worm/Malware, Wifi Port Attacks

*

17 more replies
Relevance 50.02%

 
The macro malware-laden documents that target email users through email spam are intentionally crafted to pique any person's curiosity.  With subjects that include sales invoices, federal tax payments, courier notifications, resumes, and donation confirmations, users can be easily tricked to read the email and open the attachment without thinking twice.
The user opens the document, enables the macro, thinking that the document needs it to function properly – unknowingly enabling the macro malware to run.
Just when you think macro malware is a thing of the past, over the past few months, we have seen an increasing macro downloader trend that affects nearly 501,240 unique machines worldwide.

http://blogs.technet.com/b/mmpc/archive/2015/04/28/social-engineering-tricks-open-the-door-to-macro-malware-attacks-how-can-we-close-it.aspx

Answer:Social engineering tricks open the door to macro-malware attacks

I'm surprised that they bother creating these malwares, considering people persist in unzipping "foto.zip" and double-clicking "pic.exe".
 
In my company we have a restricted execution policy that stops all executions running from temp locations. It's not unusual for users to repetitively try to open malware attachments and then call IT for help when they won't work.

37 more replies
Relevance 48.79%

The GozNym banking malware is coming to America with a fresh tactic.

Hackers combined code from two malware types, known as Nymaim and Gozi, to create the unholy hybrid dubbed GozNym?a franken-trojan, if you will. It was first spotted in April, and has since evolved: Its operators are testing redirection attacks on four of the largest banks in the United States and targeting their business accounts, according to IBM X-Force. Redirection attacks are most typically used with organized cybercrime that have the resources necessary to implement them.

The overall idea behind redirection attacks is to hijack malware-infected users, sending them to a website that looks exactly like their bank?s site. They then log into their ?account,? and their credentials are stolen on the fake site in real time, tested against the bank?s genuine home page and used to initiate a fraudulent money transfer out of the account.

?Moreover, the victim is kept on the fake website, where the attacker can push social engineering notifications to them, making them divulge personally identifiable information (PII) and two-factor authentication elements,? IBM researchers explained.

The firm added that the team behind GozNym has built its own special scheme designed to keep the attacks hidden from prying security researchers? eyes.

?To prepare a successful redirection attack, GozNym has a two-stage process in place,? IBM researchers said. ?At first, the malware redirects the victim to... Read more

More replies
Relevance 48.79%

How would you protect yourself from a fud?
 

Answer:How to protect yourself from a FUD malware?

LukeNukesEm said:





How would you protect yourself from a fud?Click to expand...

Supplement your security with something besides signatures.
 

34 more replies
Relevance 48.79%

Something (Malware ? ?) locked up my PC (Windows XP). I got a pop up message that my PC was infected and click "yes" to buy an AV program. I did not click "Yes", but every program I tried to run came up with the same message. I took it where I bought it and they fixed it by cleaning my hard drive and re-loading my OS. Fortunately, I had BU'd my personal files. They called the problem an "intercept". Norton AV did not catch it. They also loaded "Malwarebytes" for me.

What is the best way to protect for this kind of problem ?
 

Answer:How to protect against Malware ?

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.


After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using... Read more

1 more replies
Relevance 48.79%

i Just bought a new PC. i have a couple questions from the 'How to protect yourself from malware' thread.

My Pc is running windows 7.

In the Firewall section it doesnt say if the windows 7 firewall is sufficent? If it isnt i will download and outpost firewall and disable the windows one.

In the Antispware tools i downloaded Micrsoft security essentials for Winbdows 7. Since i also downloaded Avast as my anti Virus is it ok to run both these?

In the disable the autoruns feature there is no update for windows 7?
 

Answer:How to protect yourself from Malware

avilo4u said:





In the Firewall section it doesnt say if the windows 7 firewall is sufficent? If it isnt i will download and outpost firewall and disable the windows one.Click to expand...

While the Windows 7 firewall is better than what was in previous versions of Windows, it is still very inadequate.





avilo4u said:





In the Antispware tools i downloaded Micrsoft security essentials for Winbdows 7. Since i also downloaded Avast as my anti Virus is it ok to run both these?Click to expand...

No! MSE is and antivirus and antispyware. So is Avast. You can only have one of them installed.





avilo4u said:





In the disable the autoruns feature there is no update for windows 7?Click to expand...

Microsoft has never updated their info ( from here http://support.microsoft.com/kb/967715 ) for Windows 7 so I'm not sure if everything that is used for Vista would apply.

You can just run this >> Autorun Eater
 

6 more replies
Relevance 48.79%

Make sure you get your system protected from ocurrences of malware problems. Below are some simple steps you can take to reduce the chance of infection in the future. I strongly encourage you to do them all. There is no perfect solution for totally preventing malware from getting on your PC, however, these steps will help.

Please do not make the false assumption that this thread is old or out of date based on the date the thread was started ( 10-10-04 21:52 ). Look at the Last Edited date at the bottom of this message as this procedures does evolve with time.

IMPORTANT NOTE: It is getting more and more difficult to find real true freeware these days that does not include bundleware, toolbars...etc and junk you just don't want. Make sure you pay attention during installation of anything you download and read license agreements. Be sure to uncheck check boxes for the bundleware and toolbars where you can so that you opt out because the defaults are always to opt in.


1. Visit Windows Update: Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS. For anyone who is not yet running at least Windows 7 (which you really should be running at a minimum if your PC supports it) see the below link before updating. Note: Windows XP is not longer supported by Microsoft and is hence a security risk.

Windows 7 Upgrade Advisor
You should check for Windows Updates at least once a ... Read more

More replies
Relevance 48.38%

I continue to get the "SysProtect" download window on both I.E. and Mozilla. Followed your steps listed to clean my system, but same "Virtumonde" files appear each time I run Ad-Aware. Here is the Hi-Jack this log (after running Ad-Aware, see end of log for HijackThis log generated after restarting computer w/o running Ad-Aware):Logfile of HijackThis v1.99.1Scan saved at 9:48:28 PM, on 5/18/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\System3... Read more

Answer:Malware - Virtumonde & Sys Protect?

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.Step #1Scan again with HijackThis and check the following items:R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\system32\jkhhe.dllO20 - Winlogon Notify: jkhhe - C:\WINDOWS\system32\jkhhe.dllAfter checking these items, close all browser windows except HijackThis and click "Fix checked".Step #2Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Put a check next to Run VundoFix as a task.You will receive a message saying vundofix will close and re-open in a minute or less. Click OKWhen VundoFix re-opens, click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will shutdown your computer, click OK.Turn your computer back on.Please go HERE to run Panda's ActiveScanOnce you are on the Panda site click the ... Read more

7 more replies
Relevance 48.38%

I have read this threadhttp://forums.majorgeeks.com/showthread.php?t=44525 and i am paying particular attention to #5 AntiSpyWare Tools, and it states ONLY USE 1 REALTIME BLOCKER So my question is, i use ESET'S nod32 Antivirus to protect my machine, but it has antispyware protection included. I also have Malwarebytes Pro providing real time blocking, so am i in effect useing more then 1 realtime blocker? If so what do i do about that? I paid for Malwarebytes Pro, not using it will defeat it's purpose and be considered a waste of money!
 

Answer:How to Protect yourself from malware Thread

You;re fine. One AV only, but you can have more than one AS (Anti-spyware ).
 

3 more replies
Relevance 48.38%

Hello - First, let me say thank you for helping me rectify a really poor choicesof opening software I wasn't 100% certain was verifiable. As a result I have the Virust Protect Pro problem (at a miniumum) which seems to tie up my machine a lot and causes problems with my wireless network adapter. I have used Spybot and Adware to no avail. I've copied and pasted the Hijack This log below and won't make any changes until I hear from you.
With great thanks for your help!
K

Logfile of HijackThis v1.99.1
Scan saved at 3:52:29 PM, on 8/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program F... Read more

More replies
Relevance 48.38%

We maintain several PCs from a library, a research lab for students in a university. Just recently bunch of malwares swarm inside the lab and nearly affected all the machines. Most of these malwares are being imported from student's flash drives in which they're freely allowed to plug on the PC's. So cleaning the infections was really tedious. We cloned the drives and some were fixed using anti-malware softwares. 
 
Each computer is running a Microsoft Security Essentials for virus protection, and that's it.

Our main problem is, how should we setup each PCs so that we can prevent those viruses from porting inside the system? Is there any particular software or windows configurations that can offer such functionality? MSE merely detects all these viruses and most of it already infiltrated the system and removing each as I said is very tedious and time consuming.
Maybe you guys got some efficient workarounds with this type of predicament.NOTE:
All PCs have the same hardware and uses Windows 7 32bit.
 

Answer:How to protect PCs from USB-malware carriers?

Simple, look at:
 
http://www.bleepingcomputer.com/forums/t/541639/security-suggestions-post-3-of-7/
 
Have a great day!

 

11 more replies
Relevance 48.38%

Hello,

Is there any thread for "How to protect yourself from malware (for vista)" as the one written by chaslang for windows xp.

Another question plz. Is there any site to give ranking for antivirus softwares like matousec for pro-active internet security softwares.

Also kindly tell me plz that avast antivirus is better or comodo internet security with antivirus is better.

Thanks.
 

Answer:How to protect yourself from malware (for Vista)

ablaze said:





Is there any thread for "How to protect yourself from malware (for vista)" as the one written by chaslang for windows xp.Click to expand...

It was not written for Win XP. It is for all versions of Windows althoough obviously there is more in there that relates to WinXP and older since they have been around longer.





ablaze said:





Another question plz. Is there any site to give ranking for antivirus softwares like matousec for pro-active internet security softwares.Click to expand...

You should ask in the Software Forum. But reviews of AVs are typically out of date by the time they are published. This happens because many programs update 3 to 5 times per day and even just one update can drastically improve or reduce an AVs test score.





ablaze said:





Also kindly tell me plz that avast antivirus is better or comodo internet security with antivirus is better.Click to expand...

You are not comparing apples to apples. Avast is just an antivirus. Comodo Internet Security includes all of the below:

firewall
antivirus
Host Intrusion Protection System (HIPS)
BOClean Anti-Malware is not being included in CIS

 

3 more replies
Relevance 48.38%

Hi. I am rather a person with basic knowledge about computers so don?t be surprised if my question will sound stupid to you.
I have a Windows PC and I often use my thumb drive to print some documents in my university. I?m afraid that it will become infected someday so I thought it would be a good idea to use it only with Puppy Linux when I'm at home. This is why I made my thumb drive a bootable one with Puppy on board. What I want to do is to boot to Puppy, copy the files I need to print or use at the university to the USB drive, then close the system and disconnect the USB drive. To be clear, only one USB stick is involved in this process (Puppy and data are on the same USB stick). Would that prevent infecting my Windows PC? If not then how can I avoid viruses spreading through USB? Can malware do any harm to Windows OS when Puppy is booting?
 

Answer:Can puppy protect me from malware?

Good idea if I understood correctly
 

7 more replies
Relevance 47.56%

Hello,
My son went to an untrusted site and the computer was infected with the conduit searchprotect.  I tried removing it with Eset Home Security.
 
However, my PC is still acting strange. I think the internet is a bit slower. As well, when I try to run some .exe files, such as Eset's ERARemover tool, windows gives me an error "this app can't run on your PC".  I have windows 8.1 64-bit and have tried both 32bit and 64bit programs.
 
I can't attach a DDS log because it's now win8.1 compatible.
 
thanks.

Answer:Conduit Search Protect and other malware?

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===These tools are compatible with your operating system.Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by click... Read more

8 more replies
Relevance 47.56%

Will Ad-Aware only detect the malware in its definitions during a scan, or does it also prevent it from being installed on your computer in the first place? What about A2? Many thanks. - Tye

Answer:Does Ad-Aware protect your computer from malware?

No on both counts. Try Spywareblaster click here

3 more replies
Relevance 47.56%

If you know about security in website and computer then tell me how to secure Website from Malware Attack. And what is the role of Google Webmaster in security purpose?
 

More replies
Relevance 47.56%

If I visit a malware site with latest version of Firefox with the NoScript extension without allowing any scripts, whats the chance of me getting infected if I don't download anything?
 
Also, I hope this is the right place to post this.

Answer:Will using NoScript protect you from a malware site if..?

COPIED FROM NoScript:
The NoScript Firefox extension provides extra protection for Firefox, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank).
NoScript also provides the most powerful anti-XSS and anti-Clickjacking protection ever available in a browser.
NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not known yet!) with no loss of functionality...
You can enable JavaScript, Java and plugin execution for sites you trust with a simple left-click on the NoScript status bar icon (look at the picture), or using the contextual menu, for easier operation in popup statusbar-less windows.Watch the "Block scripts in Firefox" video by cnet.
 
If I were using Windows and could only have one security program/ add-on....it would be NoScript. I use it in Ubuntu, too.
There is a learning curve. It is not just install and forget. Install it and go to a popular site and then view all the scripts you never knew
were active on that site and are now blocked from running. You can click to allow just the site's scripting and still block all the others.
The ones that you want to play videos on will be one that you will spend the most time learning which script to allow only the videos to play.

11 more replies
Relevance 47.56%

I have somehow acquired some malware titled system tool protect your pc. It comes up randomly, asks if I want to scan, says I have over 800 Infections, and constantly prompts me to sign up for it to erase my viruses. I know this is malware, and I aquired it after my Norton expired. How can I remove it? Thank you!

I am using a Hp Pavilion Vista.
 

Answer:System Tool Protect your pc (malware)

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.


After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using... Read more

1 more replies
Relevance 47.56%

Topic title pretty much says it all. How can i prevent hijacking of my browser or even worse my entire computer? Last night i made a stupid move and attempted to download something off Pirate Bay, i read the comments and it looked legit. Since i didn't have a software that downloads the torrent i clicked on whichever one Pirate Bay offered me. The software was successfully installed and was downloading the program but it froze the halfway and my google chrome completely stopped working, Later on i found out that Conduit is a malware that sometimes installs itself without the user's permission and takes over the browser. Now i'm paranoid about downloading anything. By the way i have a supposedly good anti-virus : Bitdefender for which i paid good money! Very disappointed that it pretty much welcomed the bad malware with open hands and allowed it install itself. 

Answer:How to protect your computer from malware like CONDUIT??

attempted to download something off Pirate Bay : < Anything off these Torrents sites is 50 to 90% infected and not usually legalWinPatrol Free is one of the better programs to warn you if there is going to be an attempt to change your Home Page. This may help after you do a full scan with your Antivirus -Please download AdwCleaner by Xplode onto your desktop.*Close all open programs and internet browsers.*Double click on adwcleaner.exe to run the tool.*Click on Delete.*Confirm each time with Ok.*Your computer will be rebooted automatically. A text file will open after the restart.*Please post the contents of that logfile with your next reply.*You can find the logfile at C:\AdwCleaner[S1].txt as well.  Thank You -  

1 more replies
Relevance 47.56%

I am getting three screens that come up when ever I try to do work on any program. (1) Windows Security alert (2) Spyware Protect 2009 alert (3) Spyware Alert

DDS (Ver_09-02-01.01) - NTFSx86
Run by Kim at 10:54:20.07 on Thu 02/19/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2430.1853 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)

============== Running Processes ===============

J:\WINDOWS\system32\Ati2evxx.exe
J:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
J:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
J:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
J:\WINDOWS\system32\Ati2evxx.exe
J:\WINDOWS\Explorer.EXE
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\McAfee.com\Agent\mcagent.exe
J:\WINDOWS\svcho.exe
J:\Program Files\AIM6\aim6.exe
J:\Program Files\Windows Live\Messenger\msnmsgr.exe
J:\Program Files\Messenger\msmsgs.exe
J:\WINDOWS\sysguard.exe
J:\Program Files\AIM6\aolsoftware.exe
J:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
j:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
j:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
J:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
J:\Program Files&... Read more

Answer:Spyware Protect 2009 malware

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

2 more replies
Relevance 47.56%

Malware Protection is a rogue anti-virus application that runs a fake system scan and then concludes that your computer has a malware infection or serious security/privacy issues. To fix the malware infection you must pay a fee, about $50. The rogue program copies user interface elements from real programs and it looks like a legitimate application. Plenty of people shell out $50 to register this fraud and that's a big problem because if you're transacting with these guys online you're offering them your credit card details. Cyber criminals can later user that information to their benefit. You should protect yourself with common sense and legitimate anti-virus software because such fake anti-virus applications as Malware Protection now represent about 20% of all malware in circulation. If you made a mistake and purchased it, please contact your credit card company and dispute the charges. And if you still have this fake AV on your computer, please follow the removal instructions below to remove Malware Protection and related malware for free.

Manual Malware Protection removal instructions:

1. Right click on the "Malware Protection" icon, click Properties in the drop-down menu, then click the Shortcut tab.

The location of the malware is in the Target box.

NOTE: by default, Application Data folder is hidden. Malware files are hidden as well. To see hidden files and folders, please read Show Hidden Files and Folders in Windows.

Under the Hidden f... Read more

Answer:How to protect and clean your computer from malware

Is this a removal guide for this rogue or ?

 

1 more replies
Relevance 47.56%

Hello,I recently managed to aquire a virus that seems to have taken over my computer. There's a bar that appears right below the address bar for internet explorer telling me to download the latest antispyware to protect my computer. I cannot pull up my Task Manager, my computer prompts me that it has been disabled by my administrator. My desktop background has been changed to a message stating the computer has several fatal errors. and occasionally music will play at random that i've never heard before.here is my log:Deckard's System Scanner v20071014.68Run by Josh UWL on 2008-04-09 16:35:51Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --49: 2008-04-09 21:36:32 UTC - RP521 - Deckard's System Scanner Restore Point48: 2008-04-08 16:12:26 UTC - RP520 - Restore Operation47: 2008-04-08 16:08:59 UTC - RP519 - Last known good configuration46: 2008-04-08 16:08:42 UTC - RP518 - Restore Operation45: 2008-04-08 16:08:41 UTC - RP517 - Last known good configuration-- First Restore Point -- 1: 2008-04-08 16:08:11 UTC - RP473 - System CheckpointBacked up registry hives.Performed disk cleanup.Percentage of Memory in Use: 85% (more than 75%).Total Physical Memory: 447 MiB (512 MiB recommended).-- HijackThis Clone --------------------------------------------------... Read more

Answer:Protect.antivirus Malware Infection

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

10 more replies
Relevance 47.56%

I just got my degree and have not been able to find work so I can only thank all the people at MajorGeeks.
I am 'Gunk Free' but was reading the chaslang's post "dated 10-10-04, 21:52, How to Protect yourself from malware! - MajorGeeks Support Forums"; and under the firewalls to use "Outpost Firewall Free" is listed when I went to download it, it is Dated: 2009-05-08 is it still a good firewall to use?
Thank you in advance for your help.

At a point in time I was 01 of them that understood some binary.
 

Answer:How to Protect yourself from malware! post question

Yes, it is still a good firewall. Just make sure you keep it updated as you would with all other protection software.
 

1 more replies
Relevance 47.56%

Microsoft said:

A view of the current landscape
Criminal attacks continue to evolve and malware has become their standard weapon against anyone who uses the Internet?on traditional form-factor devices, as well as on mobile devices like tablets and phones. Malware targets all operating systems and browsers, and in recent years, criminal attacks against applications have increased substantially.

Criminals also use social engineering to trick you into performing actions that put you at risk. An increasingly common social engineering strategy uses online advertising campaigns to lure you to a site that installs malware on your computer.

An economy has developed around building reliable vulnerability exploits, which criminals buy to help distribute their malware. Criminals make money from their malware, so they invest in ways to keep it alive such as producing a higher quantity of malware, updating it more frequently?e.g. multiples times each day?and increasing its size and complexity. Some malware is as complex as commercial applications.

Secure by design
We use the Security Development Lifecycle (SDL) to build Windows with the best security design, development and testing practices available. Some highlights include:
Threat modeling and security design reviews. During the design process we consider how criminals might seek to attack features and scenarios, and incorporate this analysis into our designs.
Writing secure code. Training and code quality tools help to pre... Read more

Answer:Windows 8 will better protect users from malware

Well its like malware writers would take time to discuss how they will bypass those features. Its like Windows 8 were built in security and could led to few vulnerability probably.
 

6 more replies
Relevance 47.56%

hello friends-i hope my title makes some sense. i wanted it to convey what i was asking about so people browsing could tell. cuz i couldn't find a question like mine.

i have a new hd completely installed and setup. my old hard drive is now the secondary master and although i still have the OS and programs installed, i never use it. lately i have been actively file-sharing via lime wire. i am behind a zone alarm firewall and running spyware blaster and AVG free. i also regularly scan with spybot S&D. i also scan each file with AVG b4 opening (thanks to majorgeeks for advising me on security)
however, i've been warned the limewire is notoriously risky as far as spyware etc. so my question is:

If i choose to open my secondary OS at start up, and browse and download these risky files to my secondary HD. will that protect my primary HD from infection?

if not, any other advice u have regarding the risks of file sharing are appreciated.

one thing i look out for is files that are too small to contain what they say they do. for example 100kb song files. i just dont download these.
 

Answer:2nd HD for dwnlds/protect primary from malware?

IMHO, I keep an operating system and a backup drive, without an operating system. Just put it on the same cable as primary slave. Frankly, if you are not dual booting 2 operating systems, theres no need to keep them both installed. That said, no any files on a second drive can, and probably will, affect the main drive, in your case, probably infect both drives. A drive formatted without an operating system for backup should be safe from virus and spyware infections, but can affect the other drive, in other words. Having that second drive is great for backups of important data in case of a need to format. I love having my spare drive. Your also correct about Limewire, but it is not specific to Limewire. Any file sharing application is a risk.

Did I answer what you needed?
 

2 more replies
Relevance 47.56%

QUESTION _Sticky:" How to Protect yourself from malware! "

In the below instructions, Is it necessary if I *NEVER* use IE, only Firefox?

Thanks!


"6) Adjust Active X security settings

* In Internet Explorer, click Tools, Internet Options, Security. Click on the Internet globe. Then select Default Level, then click OK. Now select Custom Level and scroll down to the ActiveX controls and plug-ins section (some may already be set correctly):
o Set Download signed Active X controls to Prompt
o Set Download unsigned Active X controls to Disable
o Set Initialize and Script ActiveX controls not marked as safe to Disable
o Set Installation of desktop items to Prompt
o Set Launching programs and files in an IFRAME to Prompt
o Set Navigate sub-frames across different domains to Prompt
o Set Allow paste operations via script to Disable (see: http://support.microsoft.com/kb/224993 )
o Click OK and OK again. "
 

Answer:QUESTION _Sticky: How to Protect yourself from malware!

Re: QUESTION _Sticky:" How to Protect yourself from malware! "



jilter said:





In the below instructions, Is it necessary if I *NEVER* use IE, only Firefox?Click to expand...

Yes! Some applications will automatically launch IE sessions since that may be all the can use. Also you need to use IE to be able to get all of your Windows Updates. And some websites (just like some applications) do require IE.
 

1 more replies
Relevance 47.56%

hey, can u run both kaspersky pure and malwarebytes anti-malware together? thank you

Answer:kaspersky & anti-malware

Sure can

8 more replies
Relevance 47.56%

Hey guys.

So my PC has been on now for approximately 50 minutes and when it logged on and connected to my wireless network, Kaspersky Internet Security starts to download it's updates. Next thing I see if Kaspersky's Network Security Map pop up with 3 infection detections...when in fact these "files" were not on my PC last night, at all.. I tweet to Kaspersky on Twitter and they claim that it's something I've downloaded.. Now, me being me, I'm a freak for security and will do and prevent anything from causing a security risk on my system. I just won't allow it. I have strict network filters set up through the Kaspersky Internet Security program so that I am alerted of anything coming in and/or going out. If there's something coming in or out, whether it's Internet traffic or not I want to know about it so I can keep an eye on it if need be.

First of all, the security map from Kaspersky appears and says it detected some "MediaPlayer" exe file in my Temporary Internet Files. For a start, no such file was present in my TIFs last night.. I have my KIS scan my system daily..and nothing gets detected, thus it saying my system is clean. (right?) Yet when I boot up at 5:00 PM (London time) Kaspersky detects this MediaPlayer file. So it disinfects/removes it. (well, so it claims) and then as KIS is still downloading it's usual updates, another 2 things are detected/downloaded to my PC. "chromebrowser.exe" and 2 other things..

Here's the logs:


Code:... Read more

More replies
Relevance 47.56%

I have reposted this blog under ''security'' for the benefit of the readers ...so here goes.

Hi, this follows reading the problems of many messages posted on this site and other sites, referring to the higher cpu usage of file avp.exe (AVP.exe) linked to Kasp AV software ??
Last week (aug 10) I had updated from 2010 to 2011 Kaspersky...just to run the latest tools and hopefully to speed up my system.... MISTAKE >> When loaded, I then couldnt use same password, so had to uninstall and install again..painful. The 2011 then worked fine, new password etc, OK for two days; then next day, I tried to run the laptop (t41 thinkpad) and the system seemed locked up. I thought perhaps it was updating the Kasp virus definitions, or other similar function. I checked on the windows task mgr......file avp.exe (which may have read as AVE) was using 100%, hard drive seemed very quiet though. This went on for some 24 hours or more, I was still trying to access and run the laptop at 3 in the morning....well next day I uninstalled the Kasp software....loaded a free AV named AVAST, and hey presto, the system hasnt' been this fast since 6 years ago when I bought the T41 laptop.
AVAST did find a trojan however (win32 something)...!!! So this might have been behind the Kasp not working...but why didnt' Kasp find this too??? It cost me money and time and stress of possibly losing everything....fingers crossed.

For the tech minded out there....I run windows xp pro... Read more

Answer:AVP.exe Kaspersky 2011 and Malware

Please do not double-post. This is not a blog site.

http://forums.techguy.org/all-other-software/946078-solved-avp-exe-kaspersky-2011-a.html
 

1 more replies
Relevance 47.56%

Here are some Kaspersky programs including some updated ones notably the TDSS Killer and there is some other good stuff here

Utilities#

Answer:Kaspersky malware programs

lovely! thank you.

1 more replies
Relevance 47.56%

I tried upgrading Kaspersky from version 6.0 to 7.0 when my problems started. My computer became extremely slow, and I've had to do several things including running in safe mode, installing a different antivirus, and using system restore. Kaspersky found and fixed 6 viruses including virtumonde and monde, but now Kaspersky says its only 'partially running.'Deckard's System Scanner v20071014.68Run by Tyler on 2008-05-30 21:26:35Computer is in Normal Mode.---------------------------------------------------------------------------------- Last 5 Restore Point(s) --18: 2008-05-31 01:15:08 UTC - RP267 - Windows Update17: 2008-05-31 00:57:49 UTC - RP266 - Device Driver Package Install: Zone Labs, a Check Point company Network Service16: 2008-05-31 00:51:55 UTC - RP265 - Installed Kaspersky Internet Security 7.0.15: 2008-05-31 00:30:42 UTC - RP264 - Removed Cisco Clean Access Agent.14: 2008-05-31 00:30:05 UTC - RP263 - Windows Update-- First Restore Point -- 1: 2008-05-28 18:54:37 UTC - RP250 - Windows UpdateBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Tyler.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:30:49 PM, on 5/30/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16643)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Window... Read more

Answer:Malware Problem, Kaspersky Can't Fix

Hello stygian,See if you can find the DSS Extra.txt file, If you find it then post it.Run DSS again, using these instructions: Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK (this assumes dss.exe is on your desktop "%userprofile%\desktop\dss.exe" /daft Click on Scan. Tick the boxes which should appear for these entries: .js - unable to read key.txt - unable to read key then Click on Fix Click Scan again, you should get a message "All Associations OK!" Next, click Save Log, and post this log in your next reply. By default, it will save as daft.txt.

8 more replies
Relevance 47.56%

Hi MajorGeeks,

I have Windows 7 and I got a virus while doing a Google search on food diets. I clicked to what seemed to be a legitimate site - livestrong.com and something invaded my computer and started opening my files. I quickly shut down my computer and restarted in safe mode.

I did a malwarebytes scan and a kaspersky scan and nothing came up. Yesterday it disable my Kaspersky security and now I am unable to reinstall it with the CD.

My logs are attached. Please help.

Thanks in advance
 

Answer:Malware Disable Kaspersky

Please download OTM by Old Timer and save it to your Desktop.

Run it by double clicking on it (Note: if using Vista, Win7, or Win8, don't double click, use right click and select Run As Administrator).
Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
(or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
the code box

Code:

:Processes
explorer.exe
:Services
5538257drv

:Files
C:\ProgramData\AVG2013
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
C:\$AVG
C:\Windows\SysNative\drivers\5538257drv.sys
C:\Windows\SysNative\drivers\5538257drv.sys.dump
C:\Windows\system32\drivers\5538257drv.sys
C:\Windows\system32\drivers\5538257drv.sys.dump
C:\Users\Traveler\AppData\Local\Temp\RarSFX0\*.*
C:\Users\Traveler\AppData\Local\Temp\*.*

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]

Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
) and choose Paste.
Now click the large button.
If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Close OTM.
Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be... Read more

5 more replies
Relevance 47.15%

I'm running McAfee Firewall version 4.02.6000.0 and several times a day it gives me warning messages about how it blocked a port scan attack or a syn attack and so forth. I'm connected to the Web via cable. Now I'm sure that there aren't that many hackers out there going for my computer specifically, so what is it that's really going on? Are these false alarms or are there hackers out there that are specifically targeting computer? Thanks.
 

Answer:Port Scan Attacks/Syn Attacks

Are these false alarms or are there hackers out there that are specifically targeting computer?

Without looking at the alerts myself, I couldn't tell you. However, there are viruses that scan for certain port vulnerabilities. These virus are simply out there and looking. If you have the particular vulnerability, you're s.o.l.

Does that answer your question?
 

3 more replies
Relevance 47.15%

To start let me thank you for putting all these great programs in one easy to download area! Just following this guide has cleaned out several items from my supposedly secure system.

I did find one broken link however and got lost going through the giant comodo forum trying to find another thread with a similar ease of use allure.

This one: Configuring CIS for Maximum Security with ZERO Alerts for Novices

If you could give me an updated link it would be much appreciated.
 

Answer:Broken link in: Sticky How to Protect yourself from malware!

Thank you for bringing it to our attention. We will see what can be done to fix that issue.
 

2 more replies
Relevance 47.15%

Hello. My kid's PC -- an HP (Model M7567C, with 2, 260 GB hard disks and 2 GB RAM) is infected by "Spyware Protect 2009" malware. The malware repeatedly displays at least 3 different pop-ups saying there's a spyware infection and offers to sell a fix; the program also prevents Explorer from working properly. There are no obvious programs/processes to shut down from the control panel. The machine has Zone Alarm Security Suite installed - I'm not sure if my kids ignored a warning or if the software mistakenly let something in. Zone Alarm technical support said to try running Malwarebytes' Anti-Malware automated removal tool, but the program doesn't seem to run (nothing happens after the program is downloaded and launched). I tried running Zone Alarm virus and spyware scans, but the program runs slowly and eventually hangs (I think I ran the Zone Alarm scan in the Windows Safe mode). I can boot the PC in Windows Safe mode, but unfortunately there is no useful restore point. I can boot the PC in the normal Windows mode but it takes 2 or 3 cold starts. I can use Microsoft Explorer (through a wireless LAN connection), but in the normal Windows mode Spyware keeps hi-jacking Explorer and displaying its rouge messages.

Before I give up and reformat the hard disk and re-imaging the disk from the backup system disks, I would like to try a less time consuming solution. Any suggestions are welcome! Thanks!

I ran the DSS scan as instructed. Here are the res... Read more

Answer:"Spyware Protect 2009" malware problem

I wanted to add some new information to my original posting that seems to be related to my problem.

When my spyware infected PC boots, I get the following messages:

"The application or DLL c:\windows\system32\digeste.dll is not a valid windows image."

"View Manager has encountered a problem and needs to close."

"Error loading c:\windows\griwapaxim.dll. The specified module could not be found."

I noticed that there was a Windows update available today (the February update of Microsoft's anti-spyware program). I installed this application; after this, Zone Alarm Suite was then able to run (up to now, it just hung up), and 2 items were quarintined: WIN32.SYSGUARD adn WIN32.TROJAN.FAKEALERT.IEH

However, there are still problems with my PC. I still can't get Malwarebytes' program to run, even when I rename the *.exe file to *.bat. It seems like whatever is still injecting my PC interferes with any anti-spyware/malware program from running properly and interferes with the operation of Explorer.

Thanks.

4 more replies
Relevance 47.15%

> I am  using sify ISP with limited data tarnsfer package.>My ISP is showing that i have downloaded 1200 MB which is not true.>I did'nt turned  on the PC on the date prescribed by ISP but it showing i have downloaded 1200 MB and has cut down 20 valid days>I think some one has hacked my system.So i am requesting you to tell the best way to protect my system from malware and internetThanks in advace.

Answer:Best way and best software to protect my system from malware and Internet?

Before anyone tells you that,   it may be that someone connected to your internet connection, via wireless?How are you connected to the internet?Because if your computer was off on those dates, even if a hacker got into the system the computer needs a physical connection to the internet, while the computer is off, there is no way of obtaining an internet connection.

3 more replies
Relevance 47.15%

How does comodo firewall protects against signed malware at cruelsister's settings? Also i can disable its processes via task manager. How its self protection?
I am going to use it on my system with cruelsister's settings but these issues are my main concern which do not let me believe in comodo's power.
So,help me out and give the required info.
Thanks.
 

More replies
Relevance 47.15%

Hi Folks, Yes I've got the privacy protection Malware, currently running windows XP on a dell laptop and I cannot start up in the safe mode, no Internet start up or execution of any programs allowed. Looks like I can strip documents & information off but thats about it. Can anyone share my options to cure this problem?

Thanks in advance - L

Answer:OK I've got the Privacy protect malware & no safe mode

Hello LarsLind,I moved this to Am I Infected.For the connection try these...Please click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.Now check if the internet is working again.ORGo to Start ... Run and type in cmdA dos Window will appear.Type in the dos window: netsh winsock resetClick on the enter key.Reboot your system to complete the process..Please follow our Removal Guide here Remove Privacy Protection (Uninstall Guide) .After reading how the malware is misleading you ...You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Also the other tool log.. A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.

1 more replies
Relevance 47.15%

I would really appreciate some assistance with "Internet secruity designed to portect" malware and/or virus.  I have attempted to remove this with no luck.  I did install and run Malware Bytes.  Initially it listed several virus which I removed.  However, I still have a problem.  Anytime I try to run/download anything it is blocked by this annoying virus.  What can I do? Any and all help would be greatly appreciated.

Answer:Internet Secruity Designed to Protect Malware Help Please

Hello, I moved you from WIN7 to the Am I Infected forum for now.
Please try following this GUIDE.

1 more replies