Computer Support Forum

Trovi Malware - "Run DLL" pop up box remains on windows startup after malware removal

Question: Trovi Malware - "Run DLL" pop up box remains on windows startup after malware removal

I have followed recommended protocols to suceessfully remove the "Trovi" malware from my computer.
But have one minor problem.
The virus removal programs successfully removed the malware programs, as the program no longer runs on my computer.
But the malware appears to have left code in the windows startup directing the computer to run files which are now no longer present on my computer.
Problem is that this causes the following Windows Popup box "Run DLL" to come up , before any other windows startup programs run.

The Pop up box contains the following wording"

" There was a problem starting
C:\Users\LESTER\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
The specified module could not be found."

Does anyone have any suggestions on how to get rid of the code lines in start up that lead to the popup box, so that it will no longer occur at computer start up.

Thanks.
Lester

Relevance 100%
Preferred Solution: Trovi Malware - "Run DLL" pop up box remains on windows startup after malware removal

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Trovi Malware - "Run DLL" pop up box remains on windows startup after malware removal

Follow this thread and attach requested reports

http://malwaretips.com/threads/malware-removal-assistance-how-to-get-help.20334/

1 more replies
Relevance 80.33%

My computer recently became infected. At first, my taskmanager and regedit were locked. Next, my desktop background was locked. I fixed these problems, but continue to be bombarded with malware in my running processes which regenerate upon rebooting. Eventually, I could not startup Windows. Once the Windows loading page was finished, my computer would restart. I upgraded to XP Pro, can now log on, but still have malware. Please help! Thanks for your time!
 

Answer:completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have malware

Re: completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have mal

Here is my MGTools.zip log. Thanks in advance for your help. Any addition info needed please let me know. Take care.
 

4 more replies
Relevance 79.17%

I ran the steps in the Malware removal guide, i haven't seen any new pop-ups, but i noticed that there were a few problems that bitdefender could not fix, and my laptop is still running slow.

I am running windows XP, and will attach all logs.

Thank you in advance for all you assistance.
 

Answer:ran all the steps in "Read & Run Me First malware removal guide," still have malware

Re: ran all the steps in "Read & Run Me First malware removal guide," still have malw

Here are the last three logs.
 

10 more replies
Relevance 77.43%

A customer picked up the Windows Vista Recovery virus and I could use some help with the removal procedure. I'm currently scanning with a newly created Norton Internet Security bootable CD. The scan takes a while and I don't know yet if it will fully detect and remove the problem. In case you're not familiar with it the virus blocks access to anti-malware apps, hides user data files and is active in SAFE mode. I can't find a way to get to the usual load points, such as "appdata" etc, to see find the virus EXE. I have booted with a rescue CD, but access to folders in the user profile is denied. Is there a removal FAQ for this one? TIA.

Answer:"Windows Vista Recovery" malware removal

See if the manual removal instructions here, will help Windows Vista Recovery and Windows 7 Recovery - Virus Solution and Removal

3 more replies
Relevance 76.56%

I am trying to clean my mother-in-law's computer of viruses, malware, etc. She has no antivirus program, firewall, etc, running. I found and removed cyber security using Superantispyware. The next day I installed Avast antivirus and ran that scan at the same time as a second SAS scan was running. Avast found a virus but when I tried to quarenteen or remove it, the program would say that it could not remove the virus because the file could not be found. I have no idea what file it is talking about. It does however keep popping up with the virus warning, but always the same results. The SAS scan froze. When I restart the computer get a blue screen that says "A problem has been detected and Windows has been shut down..." I restarted the computer many times and get this same message when trying to start in safe mode, last known good configuration, and start windows normally. So, now that is as far as the computer goes. Cannot get past the blue shut down screen. I could really use help as she is counting on me to fix this!!!

Dell desktop (old one)
Windows XP
 

Answer:"...windows has been shut down..."after malware removal. Help!

It's possible that when running both scans at the same time, some system files were deemed infected/corrupted and removed.....possibly by Avast.

Try doing this:
How to recover from a corrupt registry.
 

4 more replies
Relevance 101.68%

I inadvertenly downloaded the wrong site. I meant to get on the FedEx tracking site but ended up with "PackageTracking by myway". This myway Malware has taken over and the problems worsen. Rather than having Google Chrome as my web browser it is now "myway". Also I am on the home page and click Chrome and MicroSost Word pops up instead ? I have tried everything I know to kill it Search/Programs and Features/ etc but there is no trace of it anywhere that I can find ?
I don't have the $ to go thru MicroSoft so I'm hoping this site will prove useful.

Thanks,
Kevin in Boston

Not sure if my email was posted with my question so here it is:

<[email protected]>
 

More replies
Relevance 101.68%

I have been having problems with my computer for two weeks now..when none of the other software removed the infection I knew I had a big problem...I found your site and I've gone through the "Read & Run Me First malware removal guide," but still have problems. (troj/virtum-gen)
 

Answer:I completed the "Read & Run Me First malware removal guide," still problems

tonymiggs said:





I have been having problems with my computer for two weeks now..when none of the other software removed the infection I knew I had a big problem...I found your site and I've gone through the "Read & Run Me First malware removal guide," but still have problems. (troj/virtum-gen)Click to expand...

I have submitted to you my logs...I thank you in advance
 

19 more replies
Relevance 101.68%

I've gone through the steps from the 'READ & RUN ME FIRST. Malware Removal Guide' process and am happy with my system being malware free.

Now, what to do with the downloaded and installed items? I want to clean these out of my system. Or should I not worry about them?
 

Answer:Clean out the items from "READ & RUN ME FIRST. Malware Removal Guide"

If you do not require any help from us then do the below.


If you are not having any other malware problems, it is time to do our final steps:

We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.

If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
"%userprofile%\Desktop\combofix" /uninstall
Notes: The space between the combofix" and the /uninstall, it must be there.
This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Go to add/remove programs and uninstall HijackThis.
Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders re... Read more

1 more replies
Relevance 101.68%

I'm pretty sure my laptop had something going on (Windows XP 32-bit). It says 70GB of data is used, but I've deleted every file off the computer, except the Programs. It would freeze before I could even open the Programs list...

I somehow managed to run DDS and have attached the logs, but as I was running gmer, maybe 2 minutes in, the screen went blue then the computer restarted. However, this is the text that I'm getting upon start up:
Yukon PXE v4.17.8.1 (alpha) (20060116)
(C)Copyright 2003-2006 Marvell(R). All rights reserved.
Pre-boot eXecution Environment (PXE) v2.1
(C)Copyright 1997-2000 Intel Corporation.
PXE-E61: MEdia test failure, check cable
PXE-M0F: Exiting PXE ROM.
Operating System not found

....I don't know what to do now... Any help would be great, thanks :\ I figured it was a dead laptop anyway, but thought maybe I could revive it... I think it's even more dead now *lol*


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000
Run by Juhua Zhou at 0:20:25 on 2011-09-20
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.957.277 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k ... Read more

Answer:My laptop got killed during the "Preparing for the Malware Removal" process :\

Ooh, I just started it and it worked. But can you still help me? A couple weeks ago my little sister downloaded a lot of stuff that I'm not sure of. I thought I got rid of it all, but the laptop is VERY slow now.

2 more replies
Relevance 101.68%

I have a virus from virus protector which shuts down desktop and the administrator account. I can get access into the other user account but it needs an administrator account which i cannot access. Is there a way to get access to the administator account or to download a virus removal that does not need approval. Any help would be greatly appreciated. many thanks

Celeste
 

More replies
Relevance 101.68%

I went through all the suggested steps within the Malware Removal Guide and Windows XP Cleaning Procedure. My issue is the "Data Execution Protection" error from Windows only when opening Windows Explorer and only on one of the three accounts on this computer. I haven't noticed this error while using any other programs. After going through all the suggested steps, I am still having the same issue. Thank you very much for the help.

behappy7458
 

Answer:ran all the steps in "Read & Run Me First malware removal guide," still have an issue

Re: ran all the steps in "Read & Run Me First malware removal guide," still have an i

Here are the other log files.

behappy7458
 

14 more replies
Relevance 101.68%

Background: I watched a video on Veoh. After I finished and closed the window, weird things start to happen. I used to have McAfee but stopped updates for quite a long time?

Below are steps that I have taken.

Step 1: House Cleaning & Setup
Complete

Step 2: Enable viewing of hidden files, system files and file extensions
Complete

Step 3: Select and run the all steps in the cleaning link below based on your Windows Operating System
? If you have Windows XP, continue here:Windows XP Cleaning Procedure

SuperAntiSpyware (Free Edition) ? I first ran the scan and it crashed. I then followed the steps to uncheck the 2 ?User Kernel?? boxes and the scan completed successfully. However, when the application started to clean up the quarantined items, system crashed again. (Log attached) No further step taken with SuperAntiSpyware

Malwarebytes Anti-Malware ? I finished the scan successfully. When I tried to clean the quarantined items, system crashed. After reboot, I opened the application and deleted all items in quarantine. This time completed with no problem. (Log attached)

ComboFix ? When I tried start the application, I got an error message. ?ALERT It is NOT SAFE to continue! The contents of the ComboFix package has been compromised. Please download a fresh copy from: bleepingcomputer.com Note: You may be infected with a file patching virus (Virut)? I downloaded ComboFix again but got the same error message again.

Cou... Read more

Answer:Problems encountered "READ and RUN ME FIRST. Malware removal guide"

I need the log from running MGTools --> C:\MGLogs.zip
 

5 more replies
Relevance 101.68%

As my title suggests, I followed all of the steps in malware removal for XP but the "Shop to Win 2" is still showing in the Start\Programs. Can you help me remove it please. I don't know how to attach the logs from Malwarebytes or Spybot but I've attached other logs which you've asked for.

Thanks in advance.
 

Answer:I followed the XP malware removal but I still have "Shop toWin 2" showing in my Progr

Re: I followed the XP malware removal but I still have "Shop toWin 2" showing in my P

I can have you attach logs from SUPERantispyware and Malware Bytes soon, for now just attach the log from running MGTools ---> C:\MGLogs.zip.
 

21 more replies
Relevance 101.27%

I am not sure what the current issue is, but I am thinking there is still some remnants of the FBI ransomware. I would like to use your expertise to help solve/resolve this problem.

There are no logs attached as I canot even boot up.
 

Answer:Malware Removal Attempted: Kaspersky Database Update Failure - "Databases Corrupted"

Hi, what is the version of your system?
 

11 more replies
Relevance 101.27%

This morning i got on my computer and i saw 15 webpages, and everything was slow
I closed all them out and then noticed a big red screen with biohazard sign and the privacy thing, and when i clicked on it my wallpaper it would take me to a site and download something, but my nortan antivirus detected it and denied access to it.
So i went to the folder and deleted it, the red screen went away.
my desktop wallpaper turned white and i couldnt find a way to get rid of it.
i then turned off my computer and left my home.
i got home and turned on my computer and the red screen came up again so then my friend told me to get spybot and i deleleted some items including the privacy danger thing. but my wallpaper is still messed up and im afraid the malware would come back. help???

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:32 AM, on 11/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\... Read more

Answer:Solved: incomplete removal of "privacy_danger" malware

Multiple request threads - see here. This thread needs closing.
 

2 more replies
Relevance 101.27%

I'm helping a friend with a computer that got infected when she opened an email attachment. I've used your tools many times before, but this is a tough one. The screens that pop up show "Virus Protector." I have your tools on a flash drive, but I cannot access them. Even in Safe Mode the pop-ups are fast and furious, and I cannot get to Start or anything else. Task Manager is also disabled, so I can't use it to stop processes and perhaps get past the pop-up windows.

Where should I begin? Thanks in advance for your help.
 

Answer:"Virus Protector" is preventing malware removal

If you can't access anything ( start menu / run / task manager / command prompt / cd drive ) in either normal or safe mode, there isn't much we can do to help you. All we can suggest is this:





[*]Take the hard disk out and scan it in another well protected PC
[*]Use another PC to make a special CD which you can boot from to try and run virus and spyware scans or to at least backup data. CDs like the below:

http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html
UBCD4Win
http://www.sysresccd.org/Main_Page
http://trinityhome.org/Home/index.php?wpid=1&front_id=12
[*]reinstall
Click to expand...


 

3 more replies
Relevance 101.27%

OK, so last week I got a really nasty virus/malware. A program called "defender" got installed onto my computer, ever since my computers hasn't been the same. Whenever I turned the computer on this fake virus scanner called "defender" would come on and not let me do anything on my computer, wouldn't let me open task manager to kill the program. Some how I managed to take it off using msconfig on safe mode. Ever since my registry is all messed up, Windows hasn't been updating, programs won't load sometimes, High cpu usage, and computer won't shut down, random site open up while I'm on the browser. I did virus scan with ESET and Spyboy search and destroy, and my computer seem's clean but I'm still having problems.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:09:11 AM, on 8/29/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17099)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Progra... Read more

Answer:"DEFENDER" Virus, Spyware, Malware Removal! HELP

helpp??!
 

1 more replies
Relevance 101.27%

I think I downloaded a virus. I went through the whole Malware Removal Guide and it found some problems, but I don't think it fixed everything. My laptop makes that loading sound constantly now and it's freaking me out!

I'm on Windows Vista, and I have a HijackThis log, CounterSpy log, newfiles, and runkeys. I've attached three of the four on this post, and the last one in the second post. I do not have a BitDefender or PandaActiveScan log because I am using Vista.

In case it helps, I thought I found the virus and it installed as "Video Codec" or something and I tried to uninstall it in the Programs section but it wouldn't let me. It said something like "The file could be corrupt or it could be a virus. It could be removed with the /NCRC command switch, which is not recommended." I tried deleted the files at the source manually, and I think that worked because when I tried to uninstall it again it said that it had been deleted and asked if I wanted to remove it from the programs list. I removed it, but I think the virus created another program called WebVideo Support because now I can't uninstall that and it was created today and I don't know where it came from.

Thanks so much for your help, and let me know if any other information would be helpful.
 

Answer:I've gone through the "Read & Run Me First malware removal guide," still problems

Runkeys.txt attached.
 

44 more replies
Relevance 101.27%

Hello,
I have been removing malware from my friend's computer. I think I have removed most of it except for "US Tech Support Framework". It shows up in Control Panel and wants to run a program when I want to uninstall it. So I searched the internet and found this thread at MajorGeeks.com.

Before I begin to delete more things. I thought it might be a good idea to have someone with more knowledge take a look at the log files. I went through all the steps at the READ & RUN ME FIRST thread and generated the following log files.

Will someone please take a look at these files and recommend the next step?

Thanks!
 

Answer:Malware removal and "US Tech Support Framework"

Update: "Extension 1.0"

uuuuugh!

OK, Chrome is now redirecting when I do a search. It was here before, but I had removed all the extensions in Chrome and all was good.

But now it seems like it is back. After I had removed all the extensions there were none. Now there is one called "Extension 1.0"

Would someone please provide some suggestions on how to approach this problem too?

Thanks!

Should this be it's own thread, or is it OK to leave it here?
 

6 more replies
Relevance 101.27%

Hi,

The last couple of days I started noticing my Gaming computer started slowing down, it's primarily used for playing computer games, but I do check my e-mail and the news on it from time to time. Today I left my browser open for a couple hours (my ISP's webmail), and when I came back to my computer there were numerous popups and programs wanting to install themselves. Now also a couple days ago I tried updating IE with Microsofts Update thing, I thought it was complete as it didn't have anything else for me to install, but after the popups started happening I checked again and it wanted me to install SP3, after installing SP3 it gave me more updates, and still the popups kept happening.

I searched the internet and found one solution that said to install Malwarebytes' Anti-Malware, which I did, and it removed a few things, but every time I reboot my computer and run Malwarebytes' Anti-Malware it keeps finding two more files (the same two every time). After this I uninstalled my old anti-virus (was AVG) and installed Norton as I ran Malwarebytes' Anti-Malware on my other computer that uses Norton and found no problems, kind of was hoping Norton would resolve the issue, but sadly it didn?t.

I finally found this website and all the steps you guys have for clearing Malware, but after doing it all I still get popups, and Malwarebytes' Anti-Malware keeps finding files after reboot. The difference is though, that now the popups seem to... Read more

Answer:Did the "READ & RUN ME FIRST. Malware Removal Guide" Still have problems :(

The other log.
 

2 more replies
Relevance 101.27%

Hi there,

Long-time reader, first time poster....

I've been running through the steps on the READ & RUN ME FIRST page, trying to fix up this computer I've inherited.

I've gotten as far as the Windows XP Cleaning Procedure page and tried to run combofix.exe as instructed and ran into a snag:

The little blue window was up and running through it's scan when it seemed to pause. It never re-started, and I waited for well over an hour. I didn't touch my mouse through the whole process, and no other browsers were running or anything.

At this stage there were no other icons or toolbars on the desktop at all. Just the paused ComboFix window.

I made the decision to re-boot, and now ComboFix won't run at all. I've tried deleting it and re-downloading but the same thing keeps happening: when I run the program, the blue window pops up for a fraction of a second and then disappears. Nothing else happens.

My desktop clock is still in 24 hour time.

What gives?

Any advice is appreciated...
 

Answer:Trouble with "READ & RUN ME FIRST. Malware Removal Guide"

Welcome to Major Geeks!

Just skip ComboFix and continue.





muukiithefinn said:





My desktop clock is still in 24 hour time.

What gives?Click to expand...

This happened because ComboFix never finished.

You can fix your clock from Control Panel ->Regional and Language Options and then on the Regional Options tab click the Customize button then on the next form click the Time tab. Then change the Time format to what you want. It explains there what the lower case and upper case letters will do. Upper case H is giving you 24 hour clock settings.
 

20 more replies
Relevance 101.27%

I have run through all "Read & Run Me First malware removal guide," steps except that I could not download RootRepeal. Attached are the four logs produced. Am running only NAV 2009 on Windows XP. However, after latest reboot "NAV has detected threats that require your attention - High, INFOSTEALER, Remove Failed" appeared yet again. Please, any assistance would be most welcomed. Many thanks.
 

Answer:Re: ran all the steps in "Read & Run Me First malware removal guide,"

Welcome to Major Geeks!

We cannot continue until you attach the other 2 requetsed logs from RootRepeal and MGtools. If your problem with downloading RootRepeal said something about bandwidth limits, just scroll down to one of the other links given where it can be downloaded from on their web page.
 

1 more replies
Relevance 101.27%

The issue is a Malware/Virus Program that is on my Wife's laptop. At startup, the virus shuts down all other programs except the Operating System. The Virus program says the computer is infected, The Virus Program sends the user to a screen to put in Payment information to buy the fake program. This Virus makes the background turn blue and also there are 1's and 0's in the background too.

Scans and attachments are included. I do have a recovery/reboot disk available if needed.








.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Ashley at 17:21:19.86 on Sat 03/05/2011
Internet Explorer: 8.0.6001.19019
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1917.1459 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system3... Read more

Answer:"System Tool Virus" Malware Removal

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

A number of steps are required to remove this infection.

You will find the instructions here:

Remove System Tool and SystemTool (Uninstall Guide)

If at any time you need advice before proceeding please ask for help here.

p.s.
The <random>.exe file mentioned in the article is this one.
uRunOnce: [jNnOkKb06310] c:\programdata\jnnokkb06310\jNnOkKb06310.exe

At any time when you can disable the process via the Task Manager.

CTRL+ALT+DEL KEY should give you the way to the Task Manager.
===

When you ... Read more

2 more replies
Relevance 100.45%

Hi, I have followed everything that you have said to do and can now upload the logs. I can't think of anything that brought the virus on so don't have any additional details for you. When performing the SuperAntiSpyware search, I had to cancel the first search so now have two logs. I have uploaded both of them and the log from the most recent search has been uploaded second. Also, I cannot do a system restore and it asks me to contact the domain administrator. Is there any way of being able to perform a system restore again?Thanks very much.[Saving space, attachment deleted by admin]

Answer:Regarding "Read this before requesting malware removal help"

Welcome to CH.Open HijackThis and select Do a system scan onlyPlace a check mark next to the following entries: (if there) O15 - Trusted Zone: http://*.buy-internet-security10.com O15 - Trusted Zone: http://*.buy-internetsecurity10.com O15 - Trusted Zone: http://*.is-soft-download.com O15 - Trusted Zone: http://*.is-software-download.com O15 - Trusted Zone: http://*.is-software-download25.com O15 - Trusted Zone: http://*.buy-internet-security10.com (HKLM) O15 - Trusted Zone: http://*.buy-internetsecurity10.com (HKLM).Important: Close all open windows except for HijackThis and then click Fix checked.Once completed, exit HijackThis.----------Download Lop S&D by Eric_71 and save it to your desktop. Lop S&D will only run on Windows XP and Windows VistaDisable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.Double click LopSD.exe - If you are using Windows Vista or Windows 7, right-click on the LopSD icon and select Run as administrator to perform this scan.* Choose the language by typing of the corresponding letter and press Enter* Click OK at the informative window.* Type 2 to choose Option 2 (Delete with Hosts File Restore), then press Enter* Wait until the end of the scan.* A report will be generated, post the contents of it in your next reply, along with a HijackThis log.

13 more replies
Relevance 100.45%

Hope I dont offend anyone with the subject title of this post. I firmly believe the best resources on the internet are websites just like this one and the people that communicate through these forums.

But for anyone else who works in a corporate setting I'm sure you understand how important accountability is.

What im looking for, are resources from credible sites (is, us-cert, microsoft, eset, etc) that specify a 'best practises' for malware removal. I'm looking specifically for something that mentions the value of scanning a system either in Safe Mode, or a PE environment. This is something I almost always do and have done for years. I have friends who basically make a living cleaning this crap out (guys who own Nerds On Site franchises, local shops etc) and there advice is the same.

Again the reason I ask, is you can't really point to forums or newsgroups because ultimately there really is no 'accountability' and its too easy for someone who doesnt know any better to totally discredit them as a legit resource.

Any help greatly appreciated.

TIA...
 

Answer:Looking for "official" best practises on malware removal

The below is what we consider the best practice. If companies like McAfee and Symantec wrote up a procedure you would be using their tools and procedures to try and remove malware which they do not properly do. That is the reason this forum and others like it exist. Much of the malware that exists now requires special tools and frequently additional manual steps to fully remove. While scanning in safe mode is sometimes helpful and use a PE environment can also be useful in some cases, but they will very frequently not be as effective as the below and the manual steps that follow.





Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the sc... Read more

2 more replies
Relevance 100.45%

Hijack this log

Can I post my hijack this log here for feed back?
 

Answer:Reports from "MALWARE REMOVAL GUIDE!"

Re: Hijack this log

Hi Bob O



As I mentioned in the earlier thread the guide I will repost below needs to be followed as you likely already know is that malware is a massive pest these days and does its level best to hide itself in any number of places, So just a Hijackthis log will not show all the malware that can be on your PC, the full guide of our steps below has a few other logs that show alot of the malware on your PC and where they are located,



Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide


Once these are attached to your next post in this thread as its best to keep all info in one place, out malware experts will be able to determine if indeed you have a malware issue and if so they will post some manula removal instructions for you to follow to clean up the remaining pest.
 

12 more replies
Relevance 100.45%

Hi,

I have a dialer pop up regularly when I am using the browser (both Firefox and IE). The dialer is called "ENTER".

I have followed the instructions and I have all the logs.

If I can get some help that would be much appreciated.

jordi
 

Answer:Malware removal help "Enter" dialer

and here is the HJT log
 

7 more replies
Relevance 100.45%

Additionally the new tab that pops open has a text box that opens:

"Critical Security Warning!

Your PC may have been infected with a malicious virus due to recent internet activities."

etc etc
 

Answer:"ADs by info", Malware Removal Request

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 100.45%

I can connect to my router/modem wirelessly and via ethernet cable, i can connect a go into my router change setting from my router but it wont load any websites, and my msn won't log mi in. its NOT the router/modem. other computers including this one can connect without any problems. And my computer that cant connect also cant go online connected to other wireless connections.

any ideas how i can fix this?
 

Answer:I have no internet after malware removal with "StopZilla!"

Maybe this can Help, http://www.ezlan.net/clean.html#refreshnet
 

1 more replies
Relevance 100.45%

I've gone through all the steps as instructed. Before coming to the forum, an Avast scan found 2-3 Trojans which were all sent to the chest and then subsequently deleted per the instructions in this forum.

I'm Running XP Pro with the latest updates and SP's.

I've attached the SuperAntiSpyware log which I believe found false positives. I don't believe those two files mentioned in the log are trojans but I deleted them anyway.

MBAM & Spybot found nothing. Mbam log is attached.

Combo Fix log attached.

With a max of 3 attachments, I uploaded MGlog.zip Here.

If I got everything, I still have a few problems. The main problem is my Start>All Programs Directory is empty. The programs are installed. Is there a way to rebuild this beyond manually adding shortcuts for all my programs? And I'm not even sure how to do that for things like the Accessories and the programs that come with XP.

Beyond that, I've got a Skype Error that pops up when I reboot. "Exception EFCreatedError in module SkypePM.exe at 00021cf9". When I try updating Skype, it finds a new version but it won't install saying it can't write to disk which may be full. Actually, there are 20gb on the disk and it's not giving me the option to choose another disk (I've got three on the machine). I'm sure I can sort this out with Skype but am mentioning this since this only started happening with this malware incident.

Thanks in advance ... Read more

Answer:"All Programs" empty after malware removal

Re: "All Programs" found now - But is my system clean?

Ok, found all the programs. They were hidden and now I've restored them.

Please let me know if my logs indicate I'm malware free.

All the best,

Bill
 

2 more replies
Relevance 100.45%

Hey all,
I've been here before and have heeded all warnings and advice but somehow got a program called Disk Repair on my computer. I have no idea how or when but it pops up windows that say disk space full or disconnected or no ram or a number of other messages that are constant. From what I can find, it is a trojan and also keylogger!!!! Bad news!
I am not typing this from that computer as I have disconnected it from the internet.
I was going to just run the Read & Run Me First stuff but believe someone said to not do that without contacting someone here first.
Doing so in the past has always turned out favorably and hopefully will again.

Thanks. Awaiting any and all help
Paul
 

Answer:"Disk Repair" malware removal help

Hello!

Yes, do go ahead and run the procedures which I will link to below for reference.

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.


After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and inf... Read more

1 more replies
Relevance 100.04%

Configuring updates...
I've had this problem for about a couple of months now and cannot get rid of it. Once fully started, my PC runs without issue, however starting up and shutting down are a pain. Every time I shut down the system, I get the regular shut down routine only it says "Configuring updates..." and churns for a while. On start up I get the "Configuring updates..." message for a while and then it says "Shutting down..." and it reboots completely. Shut down and start up both take approximately 5 minutes a piece and that's not an exaggeration. I would much appreciate it if someone can lend a hand. I've pasted a HijackThis log below. Sure would be nice to startup in less than 5 minutes again...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:40 AM, on 8/9/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Del... Read more

Answer:Solved: "Configuring Updates" Every Startup &amp; Shutdown {Moved from Malware}

No replies so I found similar issues others had and it led to a complete re-install of WIndows since I had already had KB938371 installed and could not install KB937287-x86.msu even stand-alone. See info here:
Microsoft admits KB937287 & KB938371 problems
Update for Windows Vista (KB938371)
Download standalones KB937287-x86.msu and KB938371-x86.msu
Disable UAC, Anti-virus, Windows firewall and disconnect from internet
Install KB937287 (no reboot required) then KB938371 reboot and it succesfully installs without multi bootups.

Microsoft admits installing KB937287 with other windows updates will not work, and as pulled the patch. Therefore you have to install KB937287 seperately and preferably as a standalone then KB938371 and other patches should install OK. The problem caused many machines to multi-boot with unsuccesful installs, and in some cases failed to system restore.
The standalone patchs can be found at:
Download details: Update for Windows Vista (KB937287) "
 

1 more replies
Relevance 99.63%

using windows xp media and mozilla firefox.  have norton antivirus, use zonealarm and ad-aware.  about 2 weeks ago, wife accidentally allowed some crap  to get in (Personal Antivirus was the name - it looked like AV program, so she clicked OK).  with my limited skills, i made it go away.  probably not permanently, but appeared to be gone.well, today we had several porn icons pop up on wife and my desktops, and a splash screen popping up continuously looking like windows protection center screen.  could not turn it off for longer than 5 or 10 seconds.  had to explore/search, found a couple of folders where it was hiding (was called Protection System, had an exe file "wscsvc.exe" that was primary culprit, as far as i could tell), changed file extensions by adding an alpha, and was finally able to get it to stop.  had difficulty running norton anti-virus, when i finally did get it to run, it found a couple of viruses, said it cleaned them, then said i needed to restart.  upon restart, and ever since then, i get continuous "..... - BAD IMAGE" alerts, saying "....not a valid windows image, check installation diskette".  apart from that, the programs appear to work fine, after clicking on "OK"i have a cold/sore throat, and this is upsetting me.  have a gazillion pics of kids on drive, which aren't backed up (I KNOW, I'M Stupid and/or lazy), but now i'm in trouble.  i h... Read more

Answer:multiple "bad image" errors at startup - MALWARE?

http://www.computerhope.com/forum/index.php/topic,46313.0.htmlgo to above and complete , post the 3 logs HERE and they will be looked at

4 more replies
Relevance 99.63%

 I PROBABLY POSTED THIS IN WRONG FORUM - SORRY.  NOT SURE HOW or IF ITS PROPER FORUM ETIQUETTE TO TRY AND MOVE OR DELETE.I need help all the way around, apparently....using windows xp media and mozilla firefox.  have norton antivirus, use zonealarm and ad-aware.  about 2 weeks ago, wife accidentally allowed some crap  to get in (Personal Antivirus was the name - it looked like AV program, so she clicked OK).  with my limited skills, i made it go away.  probably not permanently, but appeared to be gone.well, today we had several porn icons pop up on wife and my desktops, and a splash screen popping up continuously looking like windows protection center screen.  could not turn it off for longer than 5 or 10 seconds.  had to explore/search, found a couple of folders where it was hiding (was called Protection System, had an exe file "wscsvc.exe" that was primary culprit, as far as i could tell), changed file extensions by adding an alpha, and was finally able to get it to stop.  had difficulty running norton anti-virus, when i finally did get it to run, it found a couple of viruses, said it cleaned them, then said i needed to restart.  upon restart, and ever since then, i get continuous "..... - BAD IMAGE" alerts, saying "....not a valid windows image, check installation diskette".  apart from that, the programs appear to work fine, after clicking on "OK"i have a cold/sore throat, ... Read more

Answer:multiple "bad image" errors at startup - MALWARE?

Read here: http://www.computerhope.com/forum/index.php/topic,46313.0.htmlStart new topic here: http://www.computerhope.com/forum/index.php/board,7.0.htmlDo NOT post any logs in THIS thread.

3 more replies
Relevance 98.81%

Apologies for double posting in two different forums! I read the rules for posting for help and it says you must wait for a reply, so that others can see there has been no response, but the other thread had responses so having it moved here would have been counter productive.

"Open With

Choose the program you want to use to open this file:

File: All"

When I reboot my computer, I find the above dialogue box appears twice. I suppose Windows does not recognise a program being loaded up, but no idea what program that would be.

Please will someone please help me remove these annoying prompts?

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows 7 Ultimate , 64 bit
Processor: Intel(R) Core(TM)2 Quad CPU Q6700 @ 2.66GHz, Intel64 Family 6 Model 15 Stepping 11
Processor Count: 4
RAM: 4095 Mb
Graphics Card: NVIDIA GeForce 8800 GTX, 768 Mb
Hard Drives: A: Total - 2046 MB, Free - 1341 MB; B: Total - 95 MB, Free - 92 MB; C: Total - 102405 MB, Free - 27100 MB; D: Total - 953866 MB, Free - 664326 MB; E: Total - 953859 MB, Free - 312092 MB; F: Total - 713253 MB, Free - 369867 MB; Y: Total - 100839 MB, Free - 100712 MB;
Motherboard: ASUSTeK Computer INC., P5Q DELUXE, Rev 1.xx, 101732390000346
Antivirus: BitDefender Antivirus, Updated and Enabled

-------------------------------------------------------------------------------

HiJackThis
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 14:08:12, on 26/09/2010
Platform: Unknown Windo... Read more

More replies
Relevance 98.4%

Hi all,

I've been a member of this forum for a month or so, and you guys have really helped me. I wanted to give something back and improve my computing knowledge.

The sticky was a bit vague - contact a moderator.

1) How do i contact a mod?
2) How long does the 'training' take?
3) Are there any requirements to becoming authorised, and if so, do I meet them?
4) Is the 'training' a straight course you follow, or do you spend sessions with other people, or what?

Thanks,

Nappymonster
 

Answer:How do I "Get trained up?" in malware removal?

bump
 

1 more replies
Relevance 98.4%

This program called "Save! on" has showed up on my computer. It creates an extension in my Google Chrome browser that places ads on every website that I visit. Disabling/deleting the extension doesn't solve the problem. I've also tried uninstalling the "Save! on" software from my computer, but the problem still persists. I ran a FRST scan on my computer and have attached the logs. Someone please help! Thanks sooo much.
 

Answer:"Save! on" malware removal

Hi,

Before we begin, I want you to have this in mind:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like ever... Read more

3 more replies
Relevance 98.4%

I have completed the steps in the Malware Removal Guide. I believe everything is running normal. I just need some confirmation from someone with more expertise.

This is not my computer so I do not know what allowed this attack. My guess is user error and that is why I was called in. The computer system is Windows Vista Business edition i386 with McAfee. Obviously McAfee failed to stop the intrusion.

Please see the attached logs.
 

Answer:"Fun Web Products" Malware Removal

more logs
 

5 more replies
Relevance 97.17%

i have a big problem, 2days ago 2 icons appeared on my desktop called "live safety centre"+"online sercurity guide" and im geting sercurity alerts in my task bar telling me to download antiviruses and system performance monitor and also im geting loads of pop ups, iv tryed every thing i can think off is der any1 da can help me.

Thx :confused
 

Answer:malware 2 icons on my dt called"live safety centre"+"online sercurity guide" plz help

Re: malware 2 icons on my dt called"live safety centre"+"online sercurity guide" plz

Welcome to Major Geeks!


I'm going to post two sets of instructions below. Each will be enclosed in separate Quote boxes. Make sure to complete the first one 100% before moving on to the second one.





STEP 1: Complete this procedure completely including attaching the requested log before doing the second procedure.

Download SmitfraudFix (by S!Ri) to your Desktop.

Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please attach that log in your next reply.

Note:process.exe ( which is used my SmitFraudFIx ) is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. The below is a link to what process.exe is.

http://www.be... Read more

6 more replies
Relevance 97.17%

Got my computer back today (Windows XP), and my background is now all green with a black box in the middle saying "Your System Is Infected...etc"

Also a red circle with a white X in the task bar

I can't open the task manager

Can Anyone Help???...

Downloaded HiJackThis

My log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:51 AM, on 12/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\i... Read more

More replies
Relevance 97.17%

Got my computer back today (Windows XP), and my background is now all green with a black box in the middle saying "Your System Is Infected...etc"

Also a red circle with a white X in the task bar

I can't open the task manager

Can Anyone Help???...

Downloaded HiJackThis

My log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:51 AM, on 12/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\sy... Read more

Answer:"Your System Is Infected" Background + "Internet Security 2010" virus/malware problem

Hi and welcome to TSF.

I'm afraid HijackThis no longer provides the information we require.

We want all our members to perform the steps outlined in the link given below, as far as they possibly can, before posting for assistance.

http://www.techsupportforum.com/f50/...lp-305963.html

If you have problems with any of the steps, simply move on to the next one and make a note of the problem in your reply.

Please note that the Security Forum is always busy, so I would ask for your patience while waiting for a reply - it may take a few days.

This thread will now be closed.

1 more replies
Relevance 96.76%

virus.. popup "Malware Wipe" "the spy guard" and alot of commercials like porn poker and more crap..
this is what I get when I start internetexplorer
Recommended Anti-Spyware Software: Pest Trap, Malware Wipe, Spy Guard Internet Security

TOP RATED
Pest Trap
Most popular spyware/adware cleaner software all over the world. Cleans all known viruses and worms.

• Visit Website • Free Scan
Malware Wipe
Became one of the most popular programs very fast. It`s really easy to use and at the same time very effective.

• Visit Website • Free Scan
The Spy Guard
Developed as the most efficient spyware cleaner with realtime protection.

• Visit Website • Free Scan
Brave Sentry
Award-winning spyware removal utility that will help you fighting all kinds of spyware including keyloggers, trojans and password thieves.

• Visit Website • Free Scan
AD Protect
World's leading software application that checks, protects and re-checks spyware and spam vulnerability in your home computer.

• Visit Website • Free Scan

WARNING! YOUR SYSTEM IS VULNERABLE TO HACKERS' ATTACKS AND BREAKDOWNS!
Attention! Your system is currently exposed. Any remote computer can easily browse following folders and files on your computer:
- \Windows\System32
- \Program Files\Internet Explorer
- \My Documents
- Drive C:\ files
Click here to download official intrusion detection system (IDS software)
YOUR PRIVATE INFORMATION IS IN OPEN ACCESS TO OTHER COMPUTERS
Your... Read more

Answer:Solved: virus.. popup "Malware Wipe" "the spy guard" and alot of commercials

14 more replies
Relevance 96.35%

I am running Windows XP Professional version 2002, service pack2. Dell Dimension 2350 Pentium 4 CPU 2.00Ghz 1.99 Ghz 512RAMwith 7.31GB free of 27.9GB.
Using "Internet Explorer 8 and/or "Mozilla 3.0.12".
95% of the time i use Firefox.
I have Glary Utlities and PC-Tools Spyware Doctor. Just REcently added UniBlue Registry Booster2009. I do not want to pay for removal and it reports over 400 registry problems(will only remove 15)
?? What to Do? please help.
Originally i recieved this error/alert:

~Aug 1 09:
re: VIrus : "W32/Gaobot.worm.gen.u"
______________________________
Today: Aug 22 09:
Spyware Dr. scan reports:
19 threats and 3455 infections in my computer. :

[ high-Trojan.CWS(3 infection). 422(low)application.tracking cookies. high-Trojan.FakeAlert(100 infec.) Elavated-Adware.Component.Claria (2479 infec.)
Adware.BHO.GEN(19) Adware.eBates ~ Trojan.WinShow ~ Adware.IE_Driver,.. etc. etc.]


AVG never downloaded properly to get req'd updates needed to even start it. (i have downloaded & removed it several times.) Same problem with Avira. (connection to server failed/access denied )

Another Quirk i'm having is:
Other than being slow(at times) and Browser hanging/or crashing,...
Upon Reboot a black screen appears with only this text: E.S.C.D. updating ,, (Extended System Configuration Data) in which it started to hang. i reboot F2 or F10, exit the diagnostic test, hit F2 again and Widows started.

When u... Read more

Answer:Malware-Virus re:"W32/Gaobot.worm.gen.u"/re:"feriopsedi.com" alert-...Protocol

Welcome to Major Geeks!

Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.
If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First. If TDSSserv is not found, just continue on with the READ & RUN ME.

TDSSserv Non-Plug & Play Driver Disable

READ & RUN ME FIRST. Malware Removal Guide
If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:
If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to s... Read more

1 more replies
Relevance 96.35%

Ran everything a few times. Still comes back.
 

Answer:"Online Security guide", "Live Safety Center" malware

a few more logs
 

16 more replies
Relevance 96.35%

Hello,

I'm running Windows XP SP 3. I have fake "Security Center Alert" popups and "Security Center" popups. A program called "Malware Defense" has also seemed to installed itself onto my computer. And I've just noticed porn icons appearing on my desktop. It's also disabled my Avira software.

GMER doesn't seem to run. I've clicked on it a couple of times but it doesn't seem to do anything. The DDS logs are attached/follows.

Thanks in advance!

DDS (Ver_09-12-01.01) - NTFSx86
Run by zili at 23:28:31.96 on Wed 01/06/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1022.493 [GMT 11:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WI... Read more

Answer:"Security Center Alert" popups, "Malware Defense" self install

Let's try this version of gmer.


Download GMER Rootkit Scanner from here to your desktop. Double click the exe file.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

4 more replies
Relevance 96.35%

Hiya,

I am exhausted and frustrated. I have infected PC with malware "shopping assistant" and pop up ads powered by GREAt FIND. I have followed your removal guide but it has not worked. Is there something I'm missing or not doing to get rid of this pain the butt.

Your expertise in this miatter would be highly appreciated
 

Answer:PROBLEM REMOVING "SHOPPING ASSISTANT" PUP & "GREAT FIND" MALWARE

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

1 more replies
Relevance 94.3%

I am running Windows 10 Professional 64 bit. Whenever I set the option "Turn off the display" to "Never", it reverts back to the default "15 minutes". This is under the "High Performance" profile. I have never, since Windows 3.11, ever had a setting change itself back. I have tried to change it and restart. It will either revert upon restart or shortly after. It will revert back even if I do not restart.

Answer:Power Option for "Turning off display" remains at "15 minutes"

That sounds like my problem - I leave the computer for an hour and it is shut down (I think sleep mode). I just need to hit the power button and it comes on to where it was when I left - but 2 of my USB devices are lost so I have to restart the computer anyway.

I changed all the power settings to NEVER. But his doesn't seem to make any difference......

2 more replies
Relevance 94.3%

I am running Windows 10 Professional 64 bit. Whenever I set the option "Turn off the display" to "Never", it reverts back to the default "15 minutes". This is under the "High Performance" profile. I have never, since Windows 3.11, ever had a setting change itself back. I have tried to change it and restart. It will either revert upon restart or shortly after. It will revert back even if I do not restart.

Answer:Power Option for "Turning off display" remains at "15 minutes"

That sounds like my problem - I leave the computer for an hour and it is shut down (I think sleep mode). I just need to hit the power button and it comes on to where it was when I left - but 2 of my USB devices are lost so I have to restart the computer anyway.

I changed all the power settings to NEVER. But his doesn't seem to make any difference......

0 more replies
Relevance 91.43%

I copied this from another post, as it is exactly the same problem I am having:

virus.. popup "Malware Wipe" "the spy guard" and alot of commercials like porn poker and more crap..
this is what I get when I start internetexplorer
Recommended Anti-Spyware Software: Pest Trap, Malware Wipe, Spy Guard Internet Security

TOP RATED
Pest Trap
Most popular spyware/adware cleaner software all over the world. Cleans all known viruses and worms.

• Visit Website • Free Scan
Malware Wipe
Became one of the most popular programs very fast. It`s really easy to use and at the same time very effective.

• Visit Website • Free Scan
The Spy Guard
Developed as the most efficient spyware cleaner with realtime protection.

• Visit Website • Free Scan
Brave Sentry
Award-winning spyware removal utility that will help you fighting all kinds of spyware including keyloggers, trojans and password thieves.

• Visit Website • Free Scan
AD Protect
World's leading software application that checks, protects and re-checks spyware and spam vulnerability in your home computer.

• Visit Website • Free Scan
Here is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:40:21 PM, on 6/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.... Read more

Answer:Solved: "Malware Wipe" "the spy guard"

16 more replies
Relevance 91.43%

My work laptop has picked up this virus/malware. What it does is blocks your desktop and all programs with a white screen, and if you are connected to the internet it brings up a bogus FBI warning that says you have to pay a fine. Task Manager is unavailable. I cannot remove it because I cannot get to the BIOS without an admin password, nor can I boot in safe mode w/o this. I do not want to give it to the I.T. of my work place because they will probably just wipe the drive and re-install the programs of my work place. I hate to have that happen because I have installed on this computer several programs I need for my work, and if the drive gets wiped I'll have to spend hours hunting down these programs again and re-installing them. Is there some way around the "admin rights" stuff so that I can run Kaspersky's WindowsUnlocker and be done with it?

Answer:"White Screen", "FBI Warning" Malware!

Really, you should just take it to your IT department to let them deal with it so you don't make it worse.

I work in a corporate IT environment right now, and much prefer a user come to us before they tried to fix it on their own..

Yes, you'll most likely get the drive wiped, however you can tell them to back up your data for you, and possibly even reinstall those programs that you need; especially if its for work, they should have the licenses and/or installers for the software.

3 more replies
Relevance 91.43%

About a month ago Computer Associates' internet security suite (free through my ISP) told me it couldn't update. Tried a couple of things and gave up. Uninstalled CA and installed AVG Free. Same thing. AVG Free can't update. Today I got a message "attention...trojan spm/lx...etc." with a prompt for a web page, but instead I closed the window from the top right corner. Today I also got a background on my desktop that said "your system is infected, system has been stopped due to a serious malfunction".

I started through some of the threads on this site, and was looking at a promising thread (855938-trojan-spm-lx-infection..) that cybertech posted and instructing kramer8886 to run malwarebytes. I installed malwarebytes and it opens but self closes in a matter of seconds (regardless if I hit quick scan or not).

Some additional symptoms:
1. Can't open computer in Safe Mode
2. Can't use "run" from start menu
3. Can't use volume on computer
4. Malware is redirecting my url choice to its own choices

This is the first virus that I can't seem to deal with myself. Any help is appreciated
 

Answer:Malware indicates "trojan spm/lx" and "your system is infected"

Windows XP operating system
It has also disabled my Task Manager and is currently running something in the background
 

2 more replies
Relevance 91.02%

hi constantly getting " windows security alert warning" application cannot br executed message.have windows 7 home and ie 8please HELP

Answer:windows security alert "application cannot be executed" malware problem

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.Save Rkill to your desktop.There are 4 different versions. If one of them won't run then download and try to run the other one. Vista and Win7 users need to right click Rkill and choose Run as Administrator You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.* Rkill.exe* Rkill.com* Rkill.scr* Rkill.pifOnce you've gotten one of them to run then try to immediately run... Read more

1 more replies
Relevance 91.02%

Hi,

I've been having this problem for a few days now. Every time I start up I get this error message Windows - no disk Exception Processing Message c0000013 Parameters 75b6bf9c 4 75b6bf9. Also when I open up task manager the window looks funny i.e. all the tabs disappear and I cannot close it. This thing seems to be slowing down my system.

Please advise. Thanks!

Raphael
 

Answer:Solved: "Windows - No Disk" error message [moved from XP; further malware help may be

8 more replies
Relevance 91.02%

So... my Windows Defender gave me a warning earlier ago. It said I had an infected system file named "hosts". I already removed the file from my computer, but it can still be found on my history. Look:

What is that malware about anyway? I know I already removed it, but I worry a lot about my computer so I want to make sure everything is fine.

So... can someone tell me why I got it? Is it really dangerous?

Answer:Windows Defender gave me a malware warning (file name = "hosts")

First of all the threat has been removed. You are no longer in danger from that particular threat. Malware is used to describe harmful software that has been installed on your computer. It can be very dangerous with the capability of hacking into your system, harvesting passwords, bank accounts, etc. In your case it was a medium threat. It usually means, pop ups, advertisements. Since it has been uninstalled it is no longer a threat.
For the future, download the free Malwarebytes and scan once a week.
Be sure that you have a quality Anti Virus such as Avast.
Stay away from sites that may be dangerous. Those are the ones that you really want to visit.

4 more replies
Relevance 91.02%

"Found some malware. Windows Defender is removing it."


This msg appearing in lower R screen corner (black box w/ blue or purple smaller box in it w/ that wording.) Every few seconds. How to get
rid of????

I ran the Microsoft safety scan (hours) and it said it found no viruses etc.
And as soon as the scan ended, the msg started showing up again every few seconds!
Thx,
 

More replies
Relevance 91.02%

Hi all, just saw this in the bottom right tray a red windows security alert, when I click it on it says Malware protection, windows did not find any anti-virus software. Although I do have super anti spyware loaded on this machine. I have attached a screen shot.

Any help would be appreciated.
 

Answer:Solved: Windows security center message "Malware protection not found"

16 more replies
Relevance 91.02%

I recently removed the "Windows Repair" bug from my computer, while I had it, it somehow hid a bunch of selected folders on me. I went through and checked off the "show hidden files and folders" button, so what was hidden popped up, but now the folders are just shown as a transparency, not like a permanent icon or folder?

Is there any way around this?

Thanks.

Answer:[SOLVED] Recovering from &quot;Windows Repair&quot; (Virus/Malware) ...folders and icons still

Also check show OS files. Might try turning off Aero.

3 more replies
Relevance 90.61%

Any help and advice will be greatly appreciated!

Does the Windows Firewall Warning pop-up indicate that I have multiple malwares on my computer?

Thank you very much in advance!!
 

Answer:Multiple malware? -trouble removing "Ads by Shopping Deals" & Windows Firewall Warning

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

14 more replies
Relevance 90.61%

Hi!

My Sony VAIO laptop computer is not feeling well.

I have Windows Vista 32 bit, which i have (presumably) upgraded to at least SP1.
As for Service Pack 2, i can not install it due to the problems i am about to describe.

When i first log into Windows, i log in as my only user account (named "Lizard"), which is also my administrator account.

Among the very first messages i get is an error from RunDLL stating that "Error loading C:\Users\Lizard\AppData\Local\Temp\ddcAsqpO.dll".

After closing that alert - everything works just fine for between 2 to 20 minutes.

Then, i get another message that says "Host process for Windows services stopped working and was closed.".
After this error message, my beloved laptop goes through a Dr. Jekyll/Mr. Hyde tranformation.
Everything related to Windows Explorer goes in slow motion, if i - for instance, want to save an image i have created - i have to wait for several minutes before the computer unfreezes. That is, if i'm lucky enough to get it back in the first place.
I have tried to get relevant updates for Windows; apart from Service Pack 2 i have also tried to use Windows Update, but i get an error message during the download procedure and then nothing is installed.

The same applies to Spyware Doctor, a program that used to run regular scans of my computer earlier, but now has been paralyzed by something.
Beeing a happy amateur, my investigations have produced very little.

I have, however... Read more

Answer:CMDS malware, blocked Windows Update and "Host process stopped working"

8 more replies
Relevance 90.61%

I get this pop-up every time I load. I cleaned the registries using a commercial program, but this annoying message is still there. Does anyone know how to get rid of it?
 

Answer:"Windows - No Disk" [moved from XP; looks like malware issues]

6 more replies
Relevance 90.61%

Hi!

I got the "Windows XP Restore Virus/Malware" yesterday while I was reading the news online?? I remember exactly when it happened because an "Avira AntiVir" alert was issued that a "Virus" had been detected and it asked me if I wanted to delete it. I clicked "Yes, Delete!" and yet I still got infected??? Very frustrating.

OK, so once "Windows XP Restore Virus/Malware" was somehow installed on my computer I finally made my way to YouTube despite now having "Click Hijacking" in both Firefox & Explorer. Anyway I found a video that had me remove this "Virus/Malware" using "Regedit" but while the program itself is now gone from my (Task Bar) I still have many issues. For example: Click Hijacking in both Firefox & Explorer, Icons are now grayed/transparent, I also get "Access Denied" messages (see below) & the computer as a whole is running slow.

I did everything in the "READ & RUN ME FIRST Malware Removal Guide" including the "Fixing Redirection/Hijacking Problems" section - But there were some issues as follows:

A. The first time I ran ComboFix it stalled at (Output folder: C:\3288R22FWJFW) forever! So I forced closed it and relaunched. Then it said: Error opening file for writing: C:\32788R22FWJFW\iexplore.exe. So I then clicked ignored and it stalled at (Output folder: C:\3288R22FWJFW) again - After many attempts I simply gave up. Therefore no &q... Read more

Answer:"Windows XP Restore Virus/Malware" w/ Many Issues...

Not sure if this helps but here is my GooredFix Log as well.

Thanks again,
Parsec
 

15 more replies
Relevance 90.61%

I entered a page Google yielded as a result for a particular file I was trying to find, when my computer began to slow down considerably and my desktop got louder. I immediately hit the back button on the browser as I suspected something was possibly beginning to infect my computer, and as a Firefox popup appeared, I opened Windows Task Manager and ended firefox.exe. After this, in the tray appeared a yellow triangle with an exclamation point in the middle, and your standard virus popup claiming to be helpful and that your computer is at risk. I ended every unfamiliar process in Task Manager but the yellow triangle (that said Windows Security Alert when I hovered my mouse over it) remained in the tray. I could not find any process that would make any impact on it by being ended. It popped up again & took over when I tried to right click it in the tray (god knows why I did that) and when I tried to open Firefox.

I got frustrated with the lack of an unfamiliar process and closed Task Manager and decided to try and 'refresh' it by opening it again and when I did so, the yellow triangle turned into a red sphere with a white X in the middle. I began to get several little popups from the tray coming from the icon telling me I had numerous critical errors to do with hard drive/RAM. I also received another popup in the form of a '[Cancel] [Try Again] [Continue]'. I was very careful never to click any of these popups; nor could I end them in Task Manager as ag... Read more

Answer:Malware posing as "Windows Security Alert"

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds file to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.

 

1 more replies
Relevance 90.61%

I was running a program that I had just acquired and It pretty much hijacked my browser. Every time I would try to open any folder from any directory, it would open Mozilla Firefox and take me to the URL "http://www.google.com/search?q=Troj/Win&btnG=Search&meta="

So I went around checking my msconfig/startup to see if anything suspicious was added.

Then I used Ad-ware, Spybot S&D, NOD32 Smart Security, Malwarebytes' Malware and SAS. That took about a good 1-2hrs

It looks like it has pretty much fixed/ended the problem after removing some trojans that Malwarebytes/SAS found that some of the other programs did not.

I wouldd like to have my HJT Log double checked to make sure all problems were fixed and that I don't have anymore bugs crawling around

Here is my HJT Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:35:50 PM, on 3/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Universal Shield 4.2\US30... Read more

More replies
Relevance 90.61%

Hey guys I appreciate you reading this, you have no idea how great having forums like this is where we can help each other out.

I have gotten a virus and within minuets it got worst. My antivirus was not updated and the security was low, so when I got the virus I downloaded malware bytes on my desktop, put it on a USB drive and tried to install it on the laptop, I could not add a USB drive. My next step was to hook the HD up to the desktop and add it that way (the problem with that I had to activate the sata port via bios and when that sata port was activated it would boot that port as master everytime, the weird thing is even if I hooked the desktop sata to the second port it would load the laptop drive first everytime it did not matter what port) This is besides the point, because I dont even think this method will work because like I said in the title the HD will not load past the "Starting Windows" screen, and when in safe mode it will not load all the system files, the malware obviously deleted some important files...

The next step I am going to take is inserting the windows 7 cd and trying a system restore... What do you guys think? Am I at the point where I will loose all of my important files, by doing a reinstallation or is there a way to save those files?

Thanks guys
 

More replies
Relevance 90.61%

Hi,

I have AVG 8 Security Suite. I also have a permanent red warning sign in the taskbar from Microsoft saying "AVG Malware reports that it is turned off". It gives me the option to turn it on, but it won't.

Meanwhile, AVG user interface reports that everything is working fine. As if to prove the fact, it told me that I have a rootkit, but the rogue fle was hidden. And that was all. As far as I know, I still have the rootkit. It downloaded with a small program I downloaded from the Internet. There doessn't seem to be any paticularly weird behaviour on the computer, and AVG is now not picking up a rootkit. But I really don't understand it all. I am one of those awful "novices"! Know very little about computers. Can anyone help, please?
Thanks
Angielucee.
 

More replies
Relevance 90.61%

The darn COM Surrogate malware you all seem to know about somehow got on my computer. I haven't been using that box for several months now but need to use it again....

It's an older model computer with VISTA so I'm thinking of just purchasing Windows 7 or 8 and installing that operating system. I don't know if doing only that is enough to remove the malware though. Can you answer that for me? I do not have the original operating system disks or recovery disks or whatever they're called. There are no programs or files on this computer that I need to recover. I just want to clean-sweep it and upgrade the Windows.
 

Answer:Is Upgrading Windows enough to remove "COM Surrogate" malware?

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

11 more replies
Relevance 90.2%

I have 3 symptoms:
(1) Strange rectangles with words like "COPY", "CUT", "EXIT" remains on Windows Screen. The only way to remove it is to re-boot WINDOWS. This happens after I did those (COPY, etc.) actions.
(2) I am not able to use "X" (right top) to exit the program. Then the above rectangle with "EXIT" remain on the screen. The only way to end the program is to use "TASK MANAGER" to end the program. (I prefer not to do this too often.)
(3) When I leave WINDOWS inactive for long time, it stalls. I had to re-boot to start WINDOWS. I decided to turn off "Screen Saver" to see if it is the cause, but it did not help.

I posted at Windows support, but was advised to post here. Possibly, these are results of virus. I run AVG FREE every night. It usually shows several warnings removed. I'm not sure if these 3 symptoms related, but they appeared about the same time (a month ago). My WINDOWS/XP is SP3, maintenance is current. Any help is appreciated.

Answer:Strange rectangles with words like "COPY" remains on Windows screen.

Hi,

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.Disable any script blocking protection
Double click dds to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.
NEXT

Please download aswMBR ( 511KB ) to your desktop.Double click the aswMBR.exe icon to run it
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

3 more replies
Relevance 89.79%

Unfortunately, somehow I was infected by this "windows recovery" virus even though I've been practicing what I understand as safe computing since a malware infection a few months ago. Very frustrating, since I thought I was doing things correctly and safely.

Currently I'm posting from an old computer, not the one that's infected. I'm holding off from trying to remove the malware from the infected computer until I hear from someone here.

The infected computer boots up and automatically goes to the windows recovery screen and runs its fake scan. It does not allow me to access email, my one antivirus, my internet connection, etc. So, I don't know where to begin.

Thanks for any possible help.

More replies
Relevance 89.79%

The System Fix Virus & Privacy Protection Virus hijacked and infected my system: WinXP (64-bit). They've caused my default web browser to change frequently (each time I reboot my PC). So I've been having trouble getting rid of all of this malware/viruses from my system, since I use Windows XP x64.

ComboFix.exe and TDSSKiller.exe are not compatible with my Windows XP 64-bit system. So how do I get rid of the malware/viruses from this computer without those apps that were made to get rid of the following problems on other Windows OS's?:

:cry: The latest version(s) of ComboFix and TDSSKiller don't work on the 64-bit version of Windows XP, but they are compatible with the 64-bit versions of Windows 98, XP, VISTA, 2000, 2003, 2008 and Windows 7!

1. System Fix Virus (the first virus that affected my Windows system, 2 days ago.)
2. Privacy Protection Virus (behaves almost exactly like the aforementioned virus)
3. Google-Redirect Malware (redirects all my searches to this site: 63.209.69.107)

Thanks in advance to the MajorGeeks.com users for helping me and others with this malware/virus problem: I understand and read the previous pinned-thread about the revelant malware/virus issue that Windows-users solved with the programs I've been unable to install on my system. The aforementioned malware/viruses began to infect my PC on December 14, 2011 (since that day, I haven't found a single anti-virus program that can detect the Google-redirect malware/... Read more

Answer:Infected WinXP 64-bit with "System Fix Virus" & "Privacy Protection Virus" (Malware)

Re: Infected WinXP 64-bit with "System Fix Virus" & "Privacy Protection Virus" (Malwa

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Please follow the instructions in the below link. Just skip the part with ComboFix.

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.
After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but ... Read more

1 more replies
Relevance 89.79%

The System Fix Virus & Privacy Protection Virus hijacked and infected my system: WinXP (64-bit). They've caused my default web browser to change frequently (each time I reboot my PC). So I've been having trouble getting rid of all of this malware/viruses from my system, since I use Windows XP x64.

ComboFix.exe and TDSSKiller.exe are not compatible with my Windows XP 64-bit system. So how do I get rid of the malware/viruses from this computer without those apps that were made to get rid of the following problems on other Windows OS's?:

The latest version(s) of ComboFix and TDSSKiller don't work on the 64-bit version of Windows XP, but they are compatible with other versions of Windows: 98, XP, VISTA, 2000, 2003, 2008 and Windows 7!

1. System Fix Virus (the first virus that affected my Windows system, 2 days ago.)
2. Privacy Protection Virus (behaves almost exactly like the aforementioned virus)
3. Google-Redirect Malware (redirects all my searches to this site: 63.209.69.107)

Thanks in advance to ANY users for helping me and others with this malware/virus problem: I understand and read the previous pinned-thread about the revelant malware/virus issue that Windows-users solved with the programs I've been unable to install on my system. The aforementioned malware/viruses began to infect my PC on December 14, 2011 (since that day, I haven't found a single anti-virus program that can detect the Google-redirect malware/virus on my system).
&nbs... Read more

More replies
Relevance 89.79%

please help! ive tried a few "fixes" ive found online but have had no luck - im still getting the annoying phishing scam "windows security" bubbles on reboot, and im being told by mcafee that windows\system32\spoolvs.exe is infected by the "new malware.j" trojan and cannot be cleansed.

Can anyone help?

I've posted my hijackthis log in this thread, i really dont know much about that but im gathering that thats a good spot to start getting help smile.gif Ive also downloaded smitfraudfix (which was something i noticed in another thread) and have a log from that i can post as well. i was hesitant to use the fix mode on it until getting advice from those who may no more than me on this topic - rsvp and thanks much!

____________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:01 PM, on 4/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\All Users\Application Data\zudchujm\bmpevyfq.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShi... Read more

Answer:trojan that fakes windows security messages. malware / "windows antivirus"

Hi, Welcome to TSG!!
Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of SDFix and make sure you are disconnected from the Internet after downloading the program but before extracting the files.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
Instead of Windows loading as normal, the Advanced Options Menu should appear
Select the first option, to run Windows in Safe Mode, then press Enter
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Serv... Read more

1 more replies
Relevance 89.38%

I've got a pretty specific problem. I travel some, and some of the applications I use need to believe I am in the USA even when I'm not. On Windows 7, "Hide My IP" did the job perfectly. However,under Windows 10, nothing that I do seems to stop my local (Taiwan) IP from being recognized.

I've downloaded the latest version of "Hide My IP",but it didn't help. Is there a Windows 10 setting that I am overlooking, or don't know about, that will allow "Hide My IP" to "tunnel"?

I've had to revert to Windows 7 (temporarily) on one of my machines because of this, so I'd really like to know about a solution, setting, workaround or alternate app.

Thanks for any assistance anyone can provide!

Answer:Can't get "Hide My IP" VPN to work in Windows 10 - IP remains local.

Assuming it's some kind of firewall issue, try temporarily disabling Windows firewall (I'm assuming you're not running some other internet security software) and retest your connection. If it works, probably have to add the vpn software to your list of allowed programs

4 more replies
Relevance 89.38%

I've got a pretty specific problem. I travel some, and some of the applications I use need to believe I am in the USA even when I'm not. On Windows 7, "Hide My IP" did the job perfectly. However,under Windows 10, nothing that I do seems to stop my local (Taiwan) IP from being recognized.

I've downloaded the latest version of "Hide My IP",but it didn't help. Is there a Windows 10 setting that I am overlooking, or don't know about, that will allow "Hide My IP" to "tunnel"?

I've had to revert to Windows 7 (temporarily) on one of my machines because of this, so I'd really like to know about a solution, setting, workaround or alternate app.

Thanks for any assistance anyone can provide!

Answer:Can't get "Hide My IP" VPN to work in Windows 10 - IP remains local.

Assuming it's some kind of firewall issue, try temporarily disabling Windows firewall (I'm assuming you're not running some other internet security software) and retest your connection. If it works, probably have to add the vpn software to your list of allowed programs

3 more replies
Relevance 88.97%

I am stuck on "Start Windows normally" and "Launch startup repair"
When I choose "Start Windows Normally",it gives me blue screen with the following error:Unmountable_Boot_Volume.On "Launch startup repair" I am stuck on the Windows 7 wallpaper with cursor and can't even open Cmd trough Shift+F10.I've tried re-installing windows from USB stick and I am also stuck on "Setup is Starting".Any help please,and how much I am screwed?
P.S-On Advanced boot options I can't use Safe Mode,Safe Mode with Networking,Safe Mode with Command prompt and Last Known Good Configuration,it gets me back to "Start Windows Normally" and "Launch startup repair".

Answer:Stuck on "Start Windows normally" and "Launch startup repair"

Time to boot to an external testing/repair environment, such as a Win7 Repair disk or a hard drive test disk.

5 more replies
Relevance 88.56%

Hello everyone,

Please help me!!! I recently came across a virus/malware that was recognized by my Avast Pro Anti Virus. When my windows Xp loads, my Anti Virus (Avast) runs a check, it immediately reminds me of this virus found.

" C:\a.bat contains VBS:Malware.gen'! " I've tried removing it within Avast, and it keeps coming back after the reboot of the Windows XP. It is definitely a malware, and it's really stubborn. I need someone' who is diligent enough to REMOVE this permanently from my machine.

I've tried HIJack This, CCleaner, and AntiSpyware (Free Edition), but it still keeps coming back.

Please help help help!!!
 

Answer:I Got a Virus/Malware - "C:\a.bat contains VBS:Malware.gen'!" - PLEASE REMOVE!!!

Welcome to Majorgeeks!


Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide

So logs that you will get to attach are:

MGlogs.zip (which has 5 logs inside it, including Hijackthis, just attach the whole Zip )
MalwareBytes log
Superantispyware log

plus a guide on how to attach the logs HOW TO: Attach Items To Your Post
 

4 more replies
Relevance 88.15%

In Windows XP, fully updated, I have several folders full of mp3's and want to see the bit rate and duration. I right click on a column heading and select "Bit rate". I then click on "More..." so I can get to "Duration", and I select that one too.

But all the figures in the "Duration" column appear to be in "hours" and "minutes", so I see "00:04" or "00:03", but what I want is "minutes" and "seconds".

Any thoughts as to how to change this?
 

Answer:Solved: Windows Explorer "Duration" Column - no "Seconds", just "Hours" and "Minutes"

16 more replies
Relevance 88.15%

Hello folks. I'm hoping I can get some direction here to fix this nasty program that has set up residence on my pc. http://www.2-viruses.com/remove-windows-repair is a site I found that correctly describes the malware and has suggestions to eliminate the program. I've read other sites as well and am a bit confused as to the correct action, seeing that four or five sites give as many suggestions for repair. With that said I'll now share the required info to see if any of you gurus can help with my problem. I thank you for taking the time to look at my situation and offer your help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:23:28 PM, on 4/2/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\M8BAB3G1\HiJackThis[1].exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iex... Read more

Answer:"Windows Repair" malware

Ok, I've downloaded Malwarebytes and deleted two viruses; a trojan and one with Hijack in the name. I had turned off System Restore when I went into safe mode to do the changes. But when I turned System restore back on and rebooted in normal mode, I was missing my desktop icons and all program files from Start button (except Malwarebytes). I found that I cannot do a System Restore, as all previous checkpoints are gone. Well I found the show hidden files switch and my desktop icons are back, but all (except Malwarebytes) are at what is best described as half brightness. Same goes for any files I try to access from an explore window. Even my .jpg files are half brightness (viewing thumbnails), until I double click on them and it opens in Windows Picture and Fax viewer. All my files viewed from Local Disk C:\ are this transparent, half brightness. I don't have my original Windows XP disc, so that route is not an option. I also cannot set a desktop background pic, as the Display Properties > Desktop tab wont let me browse for a pic, but I can change desktop color.
I ran HijackThis again and here's the info I believe you need. Let me know what you think. Thanks.

ตTorrent
4Media iPod to PC Transfer
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Adobe Shockwave Player 11.5
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control ... Read more

2 more replies
Relevance 88.15%

Hi, my computer has been taken over by malware which now opens a "Windows Repair" module during start up that proceeds to tell me via various pop ups and task bar messages that I've got hard disk critical errors, that the computer has detected a problem with one or more IDE/SATA drives, and that I have damaged hard drive clusters. I also get "Delayed Write Filed (sic)" messages saying "windows was unable to save all the data for the file \\System32\\496A8300. The data has been lost. May be due to a failure of your computer hardware."

Of course, Windows Repair offers to repair all of this if I click and buy their repair module.

It also has hidden most icons on the desktop, switched the background to a black screen, won't let me access the programs from the start menu, and has disabled the task manager. I can access the various files by using the view hidden folders command, however it will periodically rehide everything.

I am running Win XP (SP3 I think). HP Pavillion a1654n.

I've run DDS and GMER as requested. I do not have a boot/installation cd readily at hand. I would greatly appreciate your help in clearing this from my pc. Thanks in advance.


Ark and Attach files have been zipped and attached. Here is the DDS text:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by HP_Administrator at 7:27:45.21 on 31/03/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.... Read more

Answer:"Windows Repair" Malware

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

A guide and tutorial on using ComboFix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

19 more replies
Relevance 88.15%

Hi, i am a Windows XP Pro user. my laptop is infected with malware. it
cant run any programs. my friend says he had the same thing and advised
that i got it from the school server.

the symptom is while starting up, a window will pop saying "Installing
Windows..." as though I installed an update (but I did not). Then another
window will appear, saying the same thing. So there's 2 of them there.
When I click on Cancel on both windows, they make me wait for
minutes and then resume their installing nevertheless. They stay that way
forever!

I cant run any programs. I get the application error message "The application failed to initialize properly (0xc000009a). Click on OK to terminate the operation." If i get lucky, i can access the taskmgr.exe once, and i notice it says 100% cpu usage. there's not even a task out there! i cant run it for da second time.

My friend tells me to go to safe mode and delete something in the registry.
but i couldnt find the ones he enumerated:

Bron-Spizaetus="%Windows%\ShellNew\sempalong.exe"
Tok-Cirrhatus="%UserProfile%\Local Settings\Application Data\smss.exe"
etc..

I guess my friend and i don't have the same kind of attack.
Please help meeee! Thanks in advance!

windows pro xp
pentium m
512 ram
1.7 ghz
60 gig<---i still have 25 gig free!

cris
 

Answer:malware says: "Installing Windows..."

Hi

As you can boot into Safe Mode, then run through our guide posted below as most of the steps are run in Safe Mode, apart from a Hijackthis log which does need to be run from Normal Mode to give us the full picture, but running the Malware Cleaning steps outligned may find and remove alot of whats infecting you, enough to hopefully allow you to boot into Normal Mode.



- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.





- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
Click to expand...


After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis


When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
Bitdefender
Panda Scan
HijackThis
.
 

1 more replies
Relevance 88.15%

Hi,
my computer has been taken over by a malware, same way as 'zerosleeps' posted before me (03-31-2011)

I'm running Windows Vista Home Premium (32-bit) and, before any intervent, system has started a system recovery. After that only one thing changed: no more pop-ups by the fictious "windows repair"; the other problems still remain.

Before giving you details, I tried to run dds.scr as requested, but when i run it my browser (firefox) opens and starts a "open file" module, appearently from a file in my TEMP folder. If I close firefox it reappears, and dds seems to be blocked.

Any suggestions?
Thanks in advance.

Answer:"Windows Repair" Malware

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: A guide and tutorial on using ComboFix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.

How to : Disable Anti-virus and Fir... Read more

10 more replies
Relevance 88.15%

Hi all,

Earlier today I followed what I know know to be a dodgy link (I think it was some page on mozillalinks.org but I'm not sure as I opened several tabs at the same time) and got a message from Microsoft Security Essentials saying a threat had been detected, and I clicked "Clean Computer" to clean it. Another error message (this time not associated with any program) then popped up in the centre of the screen saying it had detected a problem with one of my IDE/SATA drives and recommneded I restart. I clicked OK and it went away. The another MSE threat message came up.

A third MSE dialog came up which asked to restart my computer to finish the cleanup. Upon restarting the quick launch icons on my taskbar were replaced by a blank space, the "all programs" section of my start menu was empty and the rest of the screen was black, with a window titled "Windows XP Recovery" in the centre. This told me I had several hard drive problems and had a button to click to fix them. I suspected this was some sort of virus at that point and didn't touch the window. More MSE dialog boxes showed up and I followed the same procedure. Upon restarting again, sevreral of my desktop icons were missing and the rest were hidden (I have it set to show hidden files so they were faded). The same was going on in My Documents and My Computer.

I was probably wrong in trying a System Restore before virus scanning but I restored my computer to a point last week entitled &quo... Read more

Answer:"Windows XP Recovery" and other malware

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

Print out these instructions as we may need to close every window that is open later in the fix.

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Using the infected computer or the method above download... Read more

9 more replies
Relevance 88.15%

I need help. A worm/virus/malware has invaded my Dell E520 Windows XP OS computer. It appears on the monitor as a small 2" X 3" popup which miniaturizes randomly on the page after logging in to the net.

When I try to hit delete prompt the malware shuts off my internet connection, then the image re-appears, hopping all over the desktop in replicating multiples. It's proved impossible to identify their web address.

I've run AVG, SuperAntiSpyware and MalwareBytes versions to rid the virus, but this has not been effective.

Can someone help or suggest a cure?

Appreciatively,
Hiram
 

Answer:"Mama Crack" or "Mama Casper" malware/virus invasion

Hiya and welcome to Tech Support Guy.

As you've run MalwareBytes already, can you post the log of what was found, if anything?

Also, can you do the following:

Download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Download RootRepeal from one of the following locations and save it to your desktop:
Link 1
Link 2
Link 3

Double click to start the program
Click on the Report tab at the bottom of the program window
Click the button
In the Select Scan dialog, check:

[*]Drivers
[*]Files
[*]Processes
[*]SSDT
[*]Stealth Objects
[*]Hidden Services
[*]Shadow SSDT

Click the OK button
In the next dialog, select all drives showing
Click OK to start the scan
Note: The scan can take some time. DO NOT run any other programs while the scan is running​
When the scan is complete, click the button and save the report to your Desktop as RootRepeal.txt
Go to File, then Exit to close the program
If the report is not too long... Read more

1 more replies
Relevance 87.74%

Dear all,
recently my computer HP Pavilion G-6 encountered a problem. At first a warning appeared that there is a problem with cooling fan. This was solved.  After there was a black screen after logon without any activity. It was not possible to start process
manager and check what is going on. The only possibility to repair it was to restore to the last Restore Point. But analysis that restore point I discovered this entry "Microsoft Remote Desktop Services (Printer) 06/21/2006 6.1.7601.17514", which
appears in every instance when a new restore point is created. After restoring the computer works for a while. It is possible to turn of the computer and turn on the windows again for several times. But usually the next day the problem appears again. And I
have to restore to the previous point.
I have tried to install a new copy of windows, but I did not delete all the partitions. There were 3 of them: System reserved, C: with Windows; D (Data). After installation this problem appeared again. How? Is it possible that this infection is the lan or
RAM?
I have searched the similar problem on the web, but nobody actually have solved it. 
I have turn of the Remote Desktop and did not helped.
Now I am trying to update, but somehow it is not possible. The system is trying to find updates, but nothing happens.
My computer"
Notebook HP Pavillion G-6 (http://support.hp.com/pl-pl/product/HP-Pavilion-g6-Notebook-PC-series/5046257/model/5091237/drivers... Read more

More replies
Relevance 87.74%

HI! I am confused and need help. I think I have been invaded by a spyware infection trying to sell anti-spyware sanctioned by Microsoft???

First, I used AVG free, CCleaner, and Spybot Search and destroy. They found stuff... asked for it to be corrected ... ran program again... says its clear.

I am getting continuous pop up " Windows antivirus Windows has detected spyware infection! It is recomended to use special antispyware tools to prevent data loss. Windows will now download and install the most up-to-date antispyware for you Click here to protect you computer from spyware!"

and "Warning Potential Spyware Operation Your computer is making unauthorized copys of you system and internet files. Run full scan now to prevent any mallisious access to you files Click here to download spyware removal " They seem to be selling AV Syptom Care.


The pop up is constant.

What if I used the "restore option" for a couple of days ago.

Thank you for you help.

Ladycarr
 

Answer:What is this "Redirect" "Malware" Spyware?

It's not software sanctioned by Microsoft!


Please work thru the below procedure and attach the requested logs when you finish:

Read & RUN ME FIRST Before Asking for Support

 

18 more replies
Relevance 86.92%

I am running Windows XP SP3, fully updated, on an Acer lap top PC.

I have several folders full of .mp3's and want to see the bit rate and duration. To do this I right click on a column heading and select "Bit rate". I then click on "More..." so I can get to "Duration", and I select that one too.

The two new columns appear, but the format of the "Duration" column appears to be "hours:minutes", so I see "00:04" or "00:03" for most .mp3's, when what I want to see is 'hours:minutes:seconds", e.g. "00:03:45".

This also happens for video files (.avi files), e.g. all my episodes of "Heroes" (sad, I know) have a duration of "00:42" instead of "00:42:xx".


Here are two pictures showing the problem with the .mp3's. The first is of Explorer showing the Duration as "Hours:Minutes":




The second picture is of the properties window of the first .mp3 in the list above:




I copied some .mp3 files to another (old) PC on my home network, and it displayed the duration field correctly:




Also, the properties window correctly shows the duration also:





I'm not the only person to have this problem. I received a private message from a member of another forum where I posted about this problem several weeks ago. That person also has the same problem with the duration field.

The tech guys on that forum were unable to find the source... Read more

Answer:Windows Explorer "Duration" Column - no "Seconds", just "Hours" and "Minutes"

* bump *

Tricky, this one!

8 more replies
Relevance 86.1%

Hi Guys, I need some help please. My computer seems to have been infected with some trojan that does not allow me to run any antivirus/malware software. A windows popup keeps coming up titled "Security Warning," and reads Application cannot be exectured. The file **** is infected. Do you want to activate your antivirus software now?" Also, on the tasktray, a "windows security alert" keeps coming up as well, and it appears that "Antispyware Soft" keeps trying to scan my system and ask me to purchase the program to fix the infected files.I tried doing a google search for other users with similar problems, and saw that all the users posted a .txt log, after running rkill. I tried downloading that to expedite the process for you guys, but was not able to execute the file as it says what is stated in the 1st paragraph above.Please let me know what I have to do to get rid of this virus. Thank you

Answer:Need Help Removal: "windows security alert" popup, "application cannot be execut

http://www.computerhope.com/forum/index.php/topic,46313.0.htmlgo to above , complete , post the 3 logs

6 more replies
Relevance 85.69%

Hi everyone. I'm currently on my mother-in-law's computer and looking for some virus removal help. Her computer definitely has some big problems. Her McAfee virus scanner keeps picking up "Artemis![RANDOMCHARACTERS]" viruses, and quarantining them. I'm using Chrome, and different tabs keep popping up, most offering "virus protection" or "virus removal", but I know they're fake. She knows not to click on them. Her default pages have been changed to "Trovi", and in general, everything is running very slowly. Her virus scan (she runs it every morning) usually takes about an hour, but recently can go on for as long as 4 or 5 hours before finishing.

I'm not exactly sure how to fix all these issues, but hopefully someone here can.

Here's her SysInfo:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoftฎ Windows Vista™ Home Basic, Service Pack 2, 32 bit
Processor: AMD Sempron(tm) Processor LE-1300, x64 Family 15 Model 127 Stepping 2
Processor Count: 1
RAM: 1790 Mb
Graphics Card: ATI Radeon HD 3200 Graphics, 256 Mb
Hard Drives: C: Total - 290204 MB, Free - 244351 MB; D: Total - 14999 MB, Free - 8280 MB;
Motherboard: Dell Inc., 0F896N
Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated and Enabled

And here's a HiJack This log (note: I was "denied access to the host's file". There are directions on how to fix this, but I'm not sure if that's something I wan... Read more

Answer:Virus Help Requested: Artemis!, Trovi, and "general slowness"

16 more replies
Relevance 84.46%

Around a week ago my neighbor gave me her laptop because it was running extremely slow. I assumed she was infested with spyware/trojans/viruses so I installed Malwarebytes Anti-Malware, Spybot Search & Destroy, and AVG Free 2012. After installing, I updated the definitions for all of the programs and then booted into safe mode. After running scans for MBAM and S&D, I was told to reboot to finish the cleaning process. However after rebooting, it never makes it to Windows. It gets to the green progress bar, then reboots, then boots to 'Startup Repair'. From here, the automatic repair fails. I've run a command prompt from here and used bootrec.exe to run /fixboot and /fixmbr to no avail. Can anyone help me? The computer is running Windows Vista x64. Thanks!
 

Answer:Help! Windows boots to 'Startup Repair' after malware removal

Welcome to MajorGeeks, 2stick

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:


Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.
On the System Recovery Options menu you will get the following options:





Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
Click to expand...


Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find... Read more

5 more replies
Relevance 84.05%

Greetings,

I realize that I posted this thread previously, but I see that I had erroneously created it in the inappropriate forum (Windows Vista). However, the user "Macboatmaster" was kind and patient enough to provide me with assistance there, though I am still waiting on his following procedures.

In the meantime, as this is the Windows XP forum (my operating system is Windows XP), I wanted to formally post my dilemma here as well, as I thought that I may acquire more feedback. Here is the problem that I am facing, along with what Macboatmaster already suggested:

-I recently encountered some trouble on my pc (a BENQ) with respect to starting it up. During a recent system restore, a power failure occurred, and ever since I attempted to boot the computer, I receive the following error just before the desktop appears:

"Explorer.EXE - Unable To Locate Component: This application has failed to start because WININET.dll was not found. Re-installing the application may fix the problem."

This error prevents me from accessing anything on my desktop (i.e. task bar, icons, etc.) - only the desktop background appears, and all that I have access to is the Task Manager (Control+Alt+Delete). Control+Escape does not allow me to have access to the Start menu. I receive the same error just before I get into the cmd prompt, but it appears that I am still able to use it.

What has been already attempted (Macboatmaster's suggestion):

Went to Task Manager >New ... Read more

More replies
Relevance 84.05%

My computer has been infected with Trovi, and I want to remove it. Can you give me a step by step guide? Or does one exist that you could direct me to?Edit: Moved topic from Windows 7 to the more appropriate forum.~ Animal

Answer:Want to remove TROVI malware from Windows 7 laptop.

Hello -
Can you please list the browser(s) involved with the Trovi redirect ??
 
The details change with the browser(s) concerned -

8 more replies
Relevance 83.64%

I got my dell few days ago. Installed it with Samsung EVO 850 SSD 500 Gb and Kingston 8GB PC3L - 12800 SODIMM.The Windows 10 Home OEM home is installed on HDD 1TB so I decided to use Samsung Data Migration software to clone the data to SSD. However, the OS crashed and decided to install a fresh Windows 10 Enterprise to SSD and deleted the previous OS on HDD using diskpart.Now after Installing Windows 10 Ent OS files. Every after BIOS run, I got BSOD errors "MEMORY MANAGEMENT" + "Page Fault it non paged area" + "IRQL NOT LESS OR EQUAL" 

More replies