Computer Support Forum

Do you know any free software to protect against fileless malware attacks?

Question: Do you know any free software to protect against fileless malware attacks?

I have recently been infected with a fileless malware. I have run a scan with ksc and it reported some memory detection. So,i run a scan with fully updated avast free and emsisoft eek but they didn't find anything. Finally, i have to scan with zemana and only after it detected and removed a fileless malware,ksc was able to give my system a clean sheet. Does kaspersky and zemana the only one to protect against such attacks? I need a free tool to protect my system against such attacks. The detection by zemana was "trojan poweliks: fileless malware". I don't need any whitelisting software and i also sincerely think that even they cannot counter such attacks.

Relevance 100%
Preferred Solution: Do you know any free software to protect against fileless malware attacks?

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Do you know any free software to protect against fileless malware attacks?

avast and bitdefender free are both goof

23 more replies
Relevance 81.59%

Hey!
I am a web designer and I just got permission to work from home for the next week. I am allowed to take my work laptop home for it. I would like some advice regarding the security concerns before I start the work.
I have heard about spyware and malware attacks that can cause severe loss of data. I don't want such things happening to me in my work system. As of now it's clean and no malicious files are present in the system. It's installed with Kaspersky Internet Security and ExpressVPN when connecting to the Internet. Will it help in protection from spyware and malware? I have seen articles mentioning not clicking on emails and installing antivirus softwares will help, but still I have heard a lot about such attacks. What else can I do to ensure nothing harmful will happen?
 

Answer:Will Kaspersky and VPN protect from malware attacks?

It being a work laptop, you shouldn't replace any of the pre-installed software, correct?
 

3 more replies
Relevance 69.7%

Hi, I have a system that is infected with (most likely) a rootkit. It will not allow any scanners or most antimalware programs to run. So far I have successfully run DDS and gotten a log,rkill (iexplore version) which finds and kills 2-3 process' but they get recreated instantly and process names change each time. Renaming other scanner's exe's does not work.

What will not run or gets killed shortly after starting: combofix, mbam, superantispyware, hitman pro, catchme, mbr.

Safe mode produces the same results, no obvious bad files created recently, pulling the hard drive and scanning on another pc with mbam, eset and most of the others above does not find any infected files.

Can you provide any further insight? Much appreciation in advance. Gmer also shuts down after clicking on scan. DDS logs are attached

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Andrea Feigelson at 17:40:15.39 on Wed 03/09/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3327.2582 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
"\\.\globalroot\Device\svchost.exe\... Read more

Answer:Infection attacks anti malware software

I know I'm not supposed to reply to my own thread to keep replies at 0 but its been awhile with 102 views but no replies. Is this a stumper? Or just the pro's havn't gotten to it? I hate giving up and just doing a fresh install, it just feels so...... cheap. One update also, mbam now when scanning the drive from another PC is finding a random named .exe file that gets recreated at boot. Someone else cleared the find so I'm running another to see what mbam thinks its infected with.

7 more replies
Relevance 68.88%

I searched this website (bleepingcomputer.com) with one of the IOC (indicator of compromise) of a click fraud / trojan (depending on which advisory you follow) malware, as there is no thread / article with this information. I'm posting in the interest of the community and reseachers. This seems to be a moderately sophisticated type of attack involving new genre of malware which do not have residual files on the system and hence are termed "Fileless" malware.
 
I found this while helping a friend of mine with his PC. Since I had configured logging for his PC, I saw in logs that msiexec.exe was connecting to soplifan[.]ru ... Doing some research I saw this domain as part of two (maybe one single) campaign involving fileless malware. 
 
 
Read more here:
https://www.nominum.com/tech-blog/detecting-file-less-malware-file-less-detection/
https://gbhackers.com/fileless-malware-wuth-powershell-scripts/
 
 
I personally allow limited executable files internet access. I restrict internet access to msiexec.exe which in most circumstances will contact Microsoft and / or publisher of a software to check for digital signature of the software being installed. I usually compare file checksum or PGP signature and hence don't need msiexec.exe to connect to the internet. 
 
While I haven't completed analysis of my friends machine, what are thoughts of members who have seen this  /  such malware on a proactive fix?
I recommend my friends to... Read more

Answer:Fileless Malware / Click Fraud Malware Campaign

This malware is detected as: Trojan.Multi.GenAutorunReg.a by Kaspersky. It seems to be a generic detection name as I see posts dating back 2015 and hence may not correspond to the fileless malware I've started the thread about. However through the name I have found the article by Kaspersky: 
 
https://media.kaspersky.com/en/business-security/fileless-attacks-against-enterprise-networks.pdf

3 more replies
Relevance 68.88%

Hi, I have a system that is infected with (most likely) a rootkit. It will not allow any scanners or most antimalware programs to run. So far I have successfully run DDS and gotten a log, gmer but it did not specifically identify any threats, rkill (iexplore version) which finds and kills 2-3 process' but they get recreated instantly and process names change each time. Renaming other scanner's exe's does not work.

What will not run or gets killed shortly after starting: combofix, mbam, superantispyware, hitman pro, catchme, mbr.

Safe mode produces the same results, no obvious bad files created recently, pulling the hard drive and scanning on another pc with mbam, eset and most of the others above does not find any infected files.

Can you provide any further insight? Much appreciation in advance.

Answer:Infected system attacks anti-malware software

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

1 more replies
Relevance 68.47%
Question: Fileless Malware ?

https://www.techrepublic.com/articl...re-likely-to-infect-your-machine-than-others/
i dont understand it if its fileless how does it infect and work i guess i didnt understand the article or im not that techie ( add jokes give me hard time here)
 

More replies
Relevance 68.06%

i use my pc with some friends and i dont want them to access my personal files,do anyone know what free software i could use to do this ?

Answer:any free software to protect files with passwords

You Could always make Seperate User accounts for you and your friend and password yours, Or put a Guest Account on and password yours.

9 more replies
Relevance 68.06%

Hi,Is there any free software to password protect folders in XP?I don't mean to encrypt the folder just simply password protect them, e.g. you need to enter a password to get access to the folder.I have searched the internet but have so far not found anything suitable.Thanks.Mod Edit: Topic moved from Windows XP to more appropriate forum~ TMacK

Answer:Free Software To Password Protect Folders

Password protect folder in XPhttp://www.worldstart.com/tips/tips.php/232

2 more replies
Relevance 68.06%

I have owned Acronis for years but with every update it gets less reliable.

I just installed Macrium free edition and went to clone my primary drive (C, OS,) and it warned that the target drive would lose all data on it. Is that really necessary? Wipe the drive before copying over to it.
I dont mean to trash Macrium it seems like a great piece of free software but erasing all the data from my target drive wont work for me.

I need a program that will produce an exact copy that I can access if disaster should strike, I dont need incremental or differential backups, I dont need individual folder backups, I dont need anything but a dependable program that will clone my complete drive. I like that Acronis will do this with an existing drive without disturbing the data on the drive and I also like that I dont need rescue media with it, on startup I just press an F key and it automatically boots into the program. Its just become unreliable.

Is there a better alternative?
I'd even pay for this peace of mind.

Answer:Best free cloning software to protect against disaster

Couple of alternatives that may be suitable:

AOMEI Data Backuper ? free disk imaging and cloning software, backup and recovery for your computer.

Best free backup software. Hard drive backup and recovery, image and clone freeware - EaseUS Todo Backup Free

Free Disk Copy, Drive Clone, Disk Image freeware - EaseUS Disk Copy Home Edition.

Clonezilla live

Paragon Drive Copy - Professional Hard Disk Copy, Disk Cloning and System Migration - deploy new hard drive easily! (free version also available but unknown if it supports cloning)

Drive Image and Hard Disk Backup Software

9 more replies
Relevance 68.06%

Hey guys, I'm looking for a web filtering program that I can set restrictions on internet content by "type" categories, as well as band direct pages from my children.
 
I can't find any, can either of you be of some assistance?

Answer:Looking for Free Software to Protect Kids from bad content

Doig a search of "free parental controls and internet filtering software" will provide you with a host of offerings that apply to family filtering.  I do not know any free programs myself. The one that I have heard the most of is called "Safe Eyes" and for a time was promoted on the Dave Ramsey Radio program  It costs under 50 per year but would be a good investment I think

5 more replies
Relevance 67.65%

Nice article about Fileless Malware
Being Infected with Fileless Malware | The Security Blogger
 

Answer:Being Infected with Fileless Malware

Indeed, to inject a code in a running process requires that before being carried out some actions. Once the code is in memory, it can perform any action allowed to the same user. If the user has an administrator access of the system, the latter can be completely compromised, but if the account has a limited access will require additional steps to attack the system completely.
So another good reason for not using Admin account.
 

3 more replies
Relevance 67.65%

Attackers are determined to circumvent security defenses using increasingly sophisticated techniques. Fileless malware boosts the stealth and effectiveness of an attack, and two of last years major ransomware outbreaks (Petya and WannaCry) used fileless techniques as part of their kill chains.
The idea behind fileless malware is simple: If tools already exist on a device (for example PowerShell.exe or wmic.exe) to fulfill an attackers objectives, then why drop custom tools that could be flagged as malware? If an attacker can take over a process, run code in its memory space, and then use that code to call tools that are already on a device, the attack becomes more difficult to detect.
Successfully using this approach, sometimes called living off the land, is not a walk in the park. Theres another thing that attackers need to deal with: Establishing persistence. Memory is volatile, and with no files on disk, how can attackers get their code to auto-start after a system reboot and retain control of a compromised system?

Misfox: A fileless gateway to victim networks
In April 2016, a customer contacted the Microsoft Incident Response team about a case of cyber-extortion. The attackers had requested a substantial sum of money from the customer in exchange for not releasing their confidential corporate information that the attackers had stolen from the customers compromised computers. In addition, the attackers had threatened to ?flatten? the network if the customer cont... Read more

More replies
Relevance 67.24%

Can anyone recommend any free software available to load onto and Password Protect USB Flash Drives.

Recommendations for Microsoft XP / Vista / Windows 7 operating systems please

Answer:Need Free Software to Password Protect USB Flash Drives

I like TrueCrypt

TrueCrypt - Free Open-Source On-The-Fly Disk Encryption Software for Windows 7/Vista/XP, Mac OS X and Linux

3 more replies
Relevance 67.24%

I've been hunting high a low to find some decent free software or the code to an able me to password protect a website i'm working on.I'm looking for something that enables the user to register first before the Admin grants access and allows the user to gain full access to the site.I've googled but can't seem to find what i'm looking for. Is there anything out there?If not for free, what would be the most suitable paid for software that does the trick? Have used coffeecup, but that does not allow the user to register their details first.Thanks

Answer:Free Software/Code To Password Protect A Website

Anyone?

1 more replies
Relevance 66.83%

Courtesy of our own @cruelsister. In fact,a COMODO banner appeared on my laptop and I clicked.

This is the end result.I think she may receive that bracelet just yet...
 

Answer:COMODO Firewall Vs. Fileless Malware

thanks for posting the video
 

0 more replies
Relevance 66.83%

I have some office data which is very confidential.

I know "WinAbility MySecretFolder" software can do this well. But, it is not a free software.

Could you please suggest me any free software like "WinAbility MySecretFolder".

Answer:Any free software to completely hide and password protect folders?

Nothing better than TrueCrypt IMHO!http://www.truecrypt.org/

2 more replies
Relevance 66.83%

Any free software to completely hide and password protect folders?I have some office data which is very confidential.I know "WinAbility MySecretFolder" software can do this well. But, it is not a free software.Could you please suggest me any free software like "WinAbility MySecretFolder".

Answer:Any free software to completely hide and password protect folders?

Have a look here: http://www.snapfiles.com/downloadfind.php?st=password+protect&action=s&search=Find+itHere are two:http://www.snapfiles.com/reviews/androsa-fileprotector/t_androsafileprotect.htmlhttp://www.snapfiles.com/reviews/SaveIt/saveit.html

4 more replies
Relevance 66.83%

Any free software to completely hide and password protect folders?

I have some office data which is very confidential.

I know "WinAbility MySecretFolder" software can do this well. But, it is not a free software.

Could you please suggest me any free software like "WinAbility MySecretFolder".
 

Answer:Any free software to completely hide and password protect folders?

TrueCrypt
 

3 more replies
Relevance 65.19%

Ransomware may have claimed the lion’s share of media headlines in 2017, but there’s another type of attack that has become increasingly common in recent months – fileless malware.
Deceptive, sneaky and undeniably effective, fileless malware is growing in popularity as cybercriminals trade in brute force for stealth. While some organizations claim traditional antivirus software is all but blind to fileless malware, the truth is that many IT security products are more than up to the challenge.
In addition, there are a few things you can do yourself to minimize the risk of infection and limit the fallout should something happen to slip past your defenses. Read on to find out how you can protect yourself from the ‘invisible’ threat that is fileless malware.
 
What is fileless malware?
 
Fileless malware goes by many names, including ‘non-malware’, ‘memory-based malware’ and ‘living off the land attacks’. Whatever you choose to call it, fileless malware refers to a special type of cyberattack that can infect a system with malware without leaving an executable file on disk. It’s not fileless in the sense that no files are involved whatsoever; rather, the term refers to the fact that – unlike conventional malware – fileless malware can deliver its payload without dropping anything suspicious onto a machine’s hard drive.
So, if fileless malware isn’t stored on your hard drive, w... Read more

More replies
Relevance 65.19%

> I am using sify ISP with limited data tarnsfer package.
>My ISP is showing that i have downloaded 1200 MB which is not true.
>I did'nt turned on the PC on the date prescribed by ISP but it showing i have downloaded 1200 MB and has cut down 20 valid days
>I think some one has hacked my system.
So i am requesting you to tell the best way to protect my system from malware and internet
Thanks in advace.
 

Answer:Best way and best software to protect my system from malware and Internet?

Security is a wide topic. If you browse aound on this forum, you will find recomendations on Anti Virus and Anti Spyware and Firewalls.
If you have Windows XP Professional, MS published an XP Security Guide v2 and tells you how to harden XP Pro. It is available here:

http://www.microsoft.com/technet/security/prodtech/windowsxp/secwinxp/default.mspx#ETE

If you have Vista, there is a Vista version of the Security Guide:

http://www.microsoft.com/downloads/...ed-7f35-4e72-bfb5-b84a526c1565&displaylang=en

Hardening an OS gives the attacker a smaller attack surface by disabling unnecessary features. XP after a fresh install is quite bloated and has a lot of places for an attacker to poke at.

Also you should consider running it daily using a limited user account, as that prevents some malware from working and prevents malware from making system wide changes. In the Unix world, nobody runs a machine daily using the admin account. MS acknowledges that and has made UAC for Vista to achieve the same end.

Here's more details about that:
http://www.mechbgon.com/build/security2.html

Also along the lines of protection and prevention, use Mcafee's Site Advisor, available here:

http://www.siteadvisor.com/

It places a site rating besides every google result and tells you about malware infested sites before you go clicking on them and instantly infecting your machine.
 

3 more replies
Relevance 65.19%

> I am  using sify ISP with limited data tarnsfer package.>My ISP is showing that i have downloaded 1200 MB which is not true.>I did'nt turned  on the PC on the date prescribed by ISP but it showing i have downloaded 1200 MB and has cut down 20 valid days>I think some one has hacked my system.So i am requesting you to tell the best way to protect my system from malware and internetThanks in advace.

Answer:Best way and best software to protect my system from malware and Internet?

Before anyone tells you that,   it may be that someone connected to your internet connection, via wireless?How are you connected to the internet?Because if your computer was off on those dates, even if a hacker got into the system the computer needs a physical connection to the internet, while the computer is off, there is no way of obtaining an internet connection.

3 more replies
Relevance 63.96%

Hello! I was wondering if anyone could give me better tips to protect my PC from things like botnets.

In the case I am particularly looking to expand my security horizon not on accidentally visiting websites that would give me a botnet, but people deliberately attempting to botnet or backend my PC through their own custom tools.

I was also wondering how I could help make Discord far more secure than it is because it uses WebRTC, which isn't secure,if there's any way to make it more secure on my PC.

I have ZoneAlarm firewall and, by default, Windows firewall is on, but I am looking for something stronger that won't give in when people overwhelm it/use powerful cutting-edge tools to bruteforce. In general, I would also appreciate tips, as a site I visited no longer offers its PDF on Windows security and most tips online are pretty garbage, like "well, do you have a password? How about a good antivirus?"

Thanks guys!

More replies
Relevance 63.55%

Hello everyone. I was wondering whats a good program or some good info to prevent people from kicking me out of Yahoo chat rooms or performing Denial of Service flood attacks which come in the form of flooding my system with endless Yahoo chat windows. I can stop the attack by closing out the program but have to reboot in order to get things working correctly. Even though I have a vague idea whos doing it and they don't seem interested in my account as a security measure I changed my Yahoo password anyway just to be on the safe side. I know it's a person in the chat room I go to who hates what I have to say and they only seem to kick me when I get on mic. Is there anyway to block these attacks I have ZA but since the attack is coming through Yahoo Messenger which is cleared to run I cannot block the attack itself I need a new way to prevent such attacks. Some people in chat mention anti hack programs but I wanted to come here first in order to be on the safe side as this is a legitimate support website. And Merry Christmas to all and a Happy New year to all! Otherwise I have no problem with my account. It only happens when I log into the chat room and a have a small list of suspects they do it to annoy me.
 

More replies
Relevance 61.91%

IT Pro Portal said:

Anti-virus products on the market provide zero protection against new, unreported computer viruses and take weeks to update their signatures to handle such security threats, according to an eye-opening new report from Imperva.

The data center security solution provider called the more than 40 anti-virus software products it tracked for a recent study "woefully inadequate" at protecting IT assets from 82 newly created viruses that company researchers unleashed on them.

Imperva also reported that it took "up to a month or longer" for 75 per cent of anti-virus solutions to add those viruses to their signature lists and begin protecting against them.

Consumers and businesses spending big money on such products are only getting an "illusion of security" in return, the company said in its most recent Hacker Intelligence report, which details the findings.

"Enterprise security has drawn an imaginary line with its anti-virus solutions, but the reality is that every single newly created virus subverts these solutions without challenge," Imperva CTO Amichai Shulman said in a statement.

"We cannot continue to invest billions of dollars into anti-virus solutions that provide the illusion of security, especially when freeware solutions outperform paid subscriptions," he added.

In fact, Imperva found that two free anti-virus solutions - Avast and Emsisoft - were on the short list of tested products that "prov... Read more

Answer:Anti-virus products fail to protect against attacks

Interesting.
Zero-Days are really becoming a bigger problem everyday. You need more than just a simple signature AV.
Nice to see Avast and Emsisoft on the short list of provided protection against Zero-Days
But one question, When did Emsisoft become free?
 

19 more replies
Relevance 61.91%

Microsoft SmartScreen, integrated with Microsoft Edge, Internet Explorer, and the Windows operating system, has helped protect users from socially engineered attacks such as phishing and malware downloads since its initial release in Internet Explorer 7. With URL reputation checks and Application Reputation protection, SmartScreen has protected users from billions of web-based attacks in the last 8 years. Over time, SmartScreen has expanded its scope from phishing attacks and socially engineered malware to also include warnings for deceptive advertisements and support scam sites.

Please view the full article for details
Evolving Microsoft SmartScreen to protect you from drive-by attacks
 

More replies
Relevance 61.91%

http://www.av-test.org/en/news/news...epair-performance-test-after-malware-attacks/

Summary: There is software for the morning after

The test results disproved a statement frequently posted in forums, that all you can do is delete your Windows system if it becomes infected with malware.

Among the security suites, the solutions from Malwarebytes, Bitdefender and Kaspersky demonstrated the best performance among all the packages tested. All in all, however, the rest of the field still showed quite solid performance, even though a few active components were left behind.

Among the freeware clean-up tools, the Kaspersky Removal Tool is worth recommending. While the Norton tool, as well as Disinfect2013 from Heise, left behind quite a lot of data garbage, neither failed to detect a single active malware component.

In final analysis: In case an existing security suite ever fails, there are reliable rescue options for having a Windows system cleaned and repaired. The best part of all: in case of emergency, most of the tools can even be used free of Charge.

No comment
 

Answer:[AV-TEST] 17 software packages in a repair performance test after malware attacks

Windows has the best removal tool ever, it is called "install disc"

And if you are still not sure, Dban is your friend ^^

More seriously, i saw lately that Malwarebytes Anti-Malware is quite often mentioned lately... i smell the marketing department behind that.
 

2 more replies
Relevance 61.5%

Google Translate:

From the perspective of ordinary users firewall, of course, is the second largest after the anti-virus protection component of a PC. Unfortunately, sources of information, according to which one could determine which of the firewalls on the market protects better, very little.

Let's first define some terminology and answer the question - what is a firewall? By definition, the Internet standard [RFC3511] (2003), a firewall - a system that implements the filtering of network packets according to specified rules in order to distinguish traffic between network segments.

But with the growth of malicious software and hacker attacks, the source of the problem of firewall is supplemented with new functional modules. Already virtually impossible to complete without a firewall module HIPS (system event monitoring, control, integrity, etc.).

The main task of a modern firewall - to block unauthorized network communication (the attacks), subdivided into internal and external. These include:

External attacks on secure firewall system:
initiated by hackers;
initiated by malicious code.
Unauthorized outgoing network connections:
initiated by untrusted applications (malware);
initiated applications whose network activity is expressly forbidden rules.Click to expand...

Original Link

Translated page with More Information and Results
 

Answer:Test firewalls to protect against internal attacks (September 2011)

Thanks.

Anyone know of ways to make Windows Firewall not... suck?
 

10 more replies
Relevance 61.5%

Does avast protects against malicious driver installations and the attacks that use hooks to infect the system.
Further, how is avast's bb at detecting process hollowing attempts and protecting COM components and important registry keys?
 

Answer:Does avast protect against malicious driver installation and win hooks attacks

I think Yes, Avast does!
 

1 more replies
Relevance 61.5%

I was asked this on a test for the CEH. What would you answer? My own answer is at the bottom.

What defensive measures will you take to protect your network from password brute-force attacks? (Choose all that apply.)

A) Never leave a default password.

B) Never use a password that can be found in a dictionary.

C) Never use a password related to the hostname, domain name, or anything else that can be found with Whois.

D) Never use a password related to your hobbies, pets, relatives, or date of birth.

E) Use a word that has more than 21 characters from a dictionary as the password.

What do you say? For me, if you are strict, the first 4 cannot be true since they would protect specifically from dictionary attacks, not brute force. The last one would surely protect you from a brute force attack, because even when using only lower case letters for the password, it would take TRILLONS of years to compute all the combinations.

But, guess what? The correct answer is to select all the first 4!!! WTF???
The justification is: "A dictionary word can always be broken using brute force"

What do you think?
 

Answer:What defensive measures will you take to protect from password brute-force attacks?

Option E is still a dictionary word. It would be cracked in moments by a brute force attempt. Remember that most brute force programs will go through the dictionary first unless told otherwise.
 

17 more replies
Relevance 60.68%

Poll for COMODO users only. Do you use this tool, bundled with the firewall, to protect while shopping or online banking?
Does it work if one is not using COMODO SecureDNS?

 

More replies
Relevance 58.22%

Hi

What's the best password protect protect software for folders?

Also if the password was forgotten or lost..would there be any way to acceess the file?

Thanks.

More replies
Relevance 57.4%

Everything I have tried requires you to buy it. I have tried using something suggested in another thread but malware is still here. I have also tried avg and avast but nothing. I keep getting redirected to another site when I use a search engine to search and I know I have not changed anything.

This appeared after I installed a chromium browser. I will never install another one after this.

Answer:Any 100% Free Malware Removal Software

ManyBreads said:

Everything I have tried requires you to buy it. I have tried using something suggested in another thread but malware is still here. I have also tried avg and avast but nothing. I keep getting redirected to another site when I use a search engine to search and I know I have not changed anything.
This appeared after I installed a chromium browser. I will never install another one after this.



I'd guess installing Google Chrome also got you Ask.com. As for malware I and many others here use Malwarebytes. It has both a free version and a paid version, difference is the free has to be run manually now and then while the paid runs in the background and updates daily. When doing manual updates of the free version one needs to pay attention to the screens and uncheck the offer for the Trial version of Pro.

10 more replies
Relevance 57.4%

It seems free Anti-Malware programs are as scarce as free Firewalls.
I have been using Malwarebytes Anti-Malware Home (Free) which is probably the best. But I have had enough. When I click Update it takes up to 10 minutes to check for updates at a speed of no more than 50kbps. Then it downloads the updates at 6-8 Mbps. Clearly there's not a problem on my side or with my ISP.
Does anyone have the same issue?
Is IObit Malware Fighter Free as good?
 

Answer:Free Anti-malware Software.

Not having that problem with MalwareBytes free version updates. It varies for me from about 20 seconds to, at worst, about 1-1.5 minutes for it to fully complete. Maybe the issue is current problems with servers geographically.
I do use IoBit Uninstaller but I have to say I am not at all keen on anything else of theirs.
 

19 more replies
Relevance 57.4%

Everything I have tried requires you to buy it. I have tried using something suggested in another thread but malware is still here. I have also tried avg and avast but nothing. I keep getting redirected to another site when I use a search engine to search and I know I have not changed anything.

This appeared after I installed a chromium browser. I will never install another one after this.

Answer:Any 100% Free Malware Removal Software

Originally Posted by ManyBreads


Everything I have tried requires you to buy it. I have tried using something suggested in another thread but malware is still here. I have also tried avg and avast but nothing. I keep getting redirected to another site when I use a search engine to search and I know I have not changed anything.
This appeared after I installed a chromium browser. I will never install another one after this.



I'd guess installing Google Chrome also got you Ask.com. As for malware I and many others here use Malwarebytes. It has both a free version and a paid version, difference is the free has to be run manually now and then while the paid runs in the background and updates daily. When doing manual updates of the free version one needs to pay attention to the screens and uncheck the offer for the Trial version of Pro.

0 more replies
Relevance 57.4%

Folks, I'm currently using sophos antivirus software and it takes a very long time, 6-8 hours, to scan my pc looking for malware. Is there another software (free) that could speed up the process and is deemed reliable?

Bob 0101

Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 10 Pro, 64 bit
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 4028 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family (Microsoft Corporation - WDDM 1.1)
Hard Drives: C: 446 GB (259 GB Free); E: 1862 GB (1656 GB Free);
Motherboard: Dell Inc., 0P792H
Antivirus: Sophos Home, Enabled and Updated
 

Answer:Virus / malware software - free

Yes the included
Windows Defender
Despite all the publicity on some sites it is reliable, free, unobtrusive and regularly updated and will deal with many known malware - viruses
The over riding benefit is it total 100% compatibility with Windows 10 - at all times - not something that can be said for many if indeed any third party programs.

Of course like any other protection if you test it to the limit by careless browsing - torrenting etc it may well fail

Support it with a scan on demand from any of the free AV scan only programs

All that is needed is a quick scan and after the first that will be very quick unless you use third party system cleaners, many of which fool Defender into thinking that every scan is the first scan.
 

1 more replies
Relevance 57.4%

Hello I need some free malware removal programs can u give me the best ones

Answer:Free malware removal software

Hey mate,

Your Built in Defender should work just fine for most things (full fledged antivirus, that). In addition, I would use Malwarebytes Free.
The last one is a manual scan to make sure Defender hasn't left anything behind concerning PUPs, etc.

Really, that is all you need for protection, unless you come across some heavy malware, or discover that you have a lot residing in your system, in which case you might need some heavier tools to help you fight back. Not that Defender doesn't do its job, but if you keep having problems, you may need some serious removal tools

23 more replies
Relevance 57.4%

that it please help
 

Answer:malware removal software for free?

9 more replies
Relevance 57.4%

Anyone know what is the best free malware removal software that's out there?

Answer:Free Malware Removal Software?

Malwarebytes, but it's not a special removal tool.

3 more replies
Relevance 56.99%

I need total control over a Win98 PC over my network [ this is staying in network, not out to the net ]

I need access as if I was standing infront of it, meaning able to install programs and everything.


I was looking at LogMeIn, but I don't know if it is spyware/adware/virii free, and I don't know how well it would work connecting to a Win98 PC from a XP Home PC.



If that won't work, anyone have any suggestions on a way to remote control a Win98SE pc from a XP home PC?


perferably methods that are free?
 

Answer:malware free Remote Desktop software?

vnc, specifically I use tightvnc.
http://www.tightvnc.com/
 

11 more replies
Relevance 56.99%

Can someone please recommend a free (but good) Antivirus / Anti-Malware software?Edit: Moved topic from Windows 10 to the more appropriate forum. ~ Animal

Answer:Free Antivirus / Anti-Malware software

See this topic by our very own Quietman7.Choosing an Anti-Virus ProgramThere is a list of free Antivirus applications there. As well as some good information. The whole thread is good informational reading actually.

1 more replies
Relevance 56.99%

HI

Can Anyone please recommend an effective Anti Mal / Spy ware Software that can be used to get rid of the likes of XP Anti Virus 2008 etc?

I often don't have the time to go through the lengthy procedures of removing these things manually and am looking for something that will do just F*&*ing do it for me in one go.

Thanks.
 

Answer:Effective Free Anti Malware Software

Welcome to Major Geeks!

The most complete way to remove this infection and also be sure that nothing else came along with it is to follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide

If something does not run, write down the info to explain to us later but keep on going.

Do not assume that because one step does not work that they all will not.
Notes:
If you run into problems trying to run theREAD & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

 

1 more replies
Relevance 56.99%

Deamon Tools Lite, Acohol, Gizmo-Drive, Magic Disk, Virtual Clone Drive.. and any other free mounting tool I can think of, all open up backdoors and toolbars, homepage redirects etc.. Basically they are ALL full of crap.

I need an image mounting tool for XP, but does such a thing exist?

The state of software today is depressing
 

Answer:Is there any free disk mounting software WITHOUT malware? I mean seriously!

I used Magic Disk for a long time, but I never had to install toolbars for it to work. I actually stopped using it in favor of HaoZip, which is a great archiver and also has a CD mounting function. I switched because Magic Disk couldn't mount one disk I needed and HaoZip nailed it, and has been working great since I started using it.

http://www.haozip.com/Eng/index_en.htm
http://www.magiciso.com/tutorials/miso-magicdisc-overview.htm

Be sure to download from the company's website, that's always safer as some software download websites bundle the programs you download with other potentially unwanted programs.
 

12 more replies
Relevance 56.17%

I've looked through the FREE Great Programs for Windows 7 [2] and Free Native 64-bit programs threads, but they were created years ago. I just want to know what are the free software that I should put on a Windows 7 64 bit installation to keep it clean and secure. I've tried all sorts, but I've had trouble with some in the past.

Answer:Essential free virus/malware software for 64bit W7?

Hi.

Here's a good list FREE Great Programs for Windows 7

For your system security you can also use this Good and Free system security combination.

3 more replies
Relevance 56.17%

Hey friends, I want to do some malware analysis for educational purposes,but as you know it involves running malware on the system.
I don't have the resources to use a vm (installing a vm results in unusable real and vm system) nor does i have the resources to buy anything like shadow defender.
So, i want a free software or maybe some giveaway of a software that could reliably protect from all sorts of malware,as i will also test ransomwares.
 

Answer:Need a free software like shadow defender for malware analysis

Toolwiz Timefreeze and Reboot Restore Rx are two alternatives to SD. The provisions of Reboot Restore look more appealing from a security point of view, with MBR protection and recovery from unbootable Windows in case. No such specifics are mentioned in the description or FAQs of Timefreeze, though TF makes running multiple real/virtual OS simultaneously possible.
Reboot Restore Rx free:
I would recommend the latter to be tried out first.
 

0 more replies
Relevance 56.17%

Was just wondering what everyone's opinion is on what are currently the best free antivirus/malware and firewall programs? Please only discuss FREE applications in this thread. No trials or whatnot. Looking for 100% free.

Here is a list of the ones that have already been mentioned in this thread (in alphameric order):
Advanced SystemCare Free
avast! Free Antivirus
AVG
Avira Free Antivirus
Commodo Internet Security
Malwarebytes
Microsoft Security Essentials
Panda Cloud Antivirus
Spybot-S&D
 

Answer:Best FREE Antivirus/Malware/Firewall Software (2011)

I still think that Microsoft's Security Essentials is excellent as an antivirus & malware on day to day use since I rarely get anything horrible.

I use the default Windows 7 Firewall until someone can recommend better here though...
 

35 more replies
Relevance 56.17%

If you use UltraReach / UltraSurf proxy software, the recommendation at the following link is to delete it by scanning with VBA32 antivirus (a Windows MSI link).

-- Tom
 

More replies
Relevance 56.17%

I have been using Ad Aware free for my Anti spyware software for a while. Thing is I don't really like, yeah it does on access scanning but it just seems very heavy and is a hog. After its installed I notice a marked increase in bootup time on my computer. Are there any other free spyware programs that have on access scanning that don't use so many resources?
 

Answer:Solved: Anti Malware software aside from Ad Aware free?

12 more replies
Relevance 55.76%

Windows Update won't initiate. I've tried to start the process from the system processes toolkit but it's absent. It's also absent from the registry under its typical file-tree. Plz send help.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-06-2016
Ran by Peter (administrator) on PETER2-PC (11-06-2016 19:35:27)
Running from C:\Users\Peter\Downloads
Loaded Profiles: Peter (Available Profiles: Peter)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.ex... Read more

Answer:Malware? Find out more about free software from (null). Click here for details.

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file. start
CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(BitTorrent Inc.) C:\Users\Peter\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
(BitTorrent Inc.) C:\Users\Peter\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => No File
CHR Plugin: (Java Platform SE 7 U15) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files ... Read more

0 more replies
Relevance 55.76%

EMCO Malware Destroyer is yet another free second-opinion antivirus with a high-speed scan engine. It helps you to organize personal malware protection and effectively find and destroy various threats. Unique malware scan engine allows you to spend only 10 seconds for complete PC analysis of over 10,000 real threat definitions, including viruses, trojans, worms and other malware types. Up-to-date malware database includes virus information provided by leading virus labs and thousands of users.
You can download it from here.

Answer:EMCO Malware Destroyer: Free second-opinion antivirus software

Originally Posted by HappyAndyK EMCO Malware Destroyer is yet another free second-opinion antivirus with a high-speed scan engine. If you want a second opinion scanner then get one with a good detectionrate....
Emsisoft AntiMalware (EAM) has got excellent results in tests of antimalware-programs.
The free version uses the same two (2! ) scanner engines (Emsisoft & Bitdefender) as the paid version,
the only difference is that the free version has no realtime protection.
More info: Emsisoft Anti-Malware - Best antivirus and firewall to protect from viruses, bots, spyware, keyloggers, trojans, scareware and rootkits
Directlink to EAM: Emsisoft Anti-Malware for best protection - Free removal of Viruses, Bots, Spyware, Keyloggers, Trojans and Rootkits

2 more replies
Relevance 55.76%

I saw it this very morning, for the first time. Sent to me, in a regular newsletter from 'Instant Fundas'. At the end of the day the choice is yours, but unless you know about something you can't make that choice. I personaly am going to give it a try.
This is my source: Kingsoft PC Doctor Review: CLICK HERE
If you'd prefer to go straight to the download page then: CLICK HERE
Kingsoft PC Doctor Review:

Answer:Check this out - New Free Anti-Malware Software - Kingsoft PC Doctor

The download site gives a McAfee SiteAdvisor RED warning.

4 more replies
Relevance 54.94%

While the Internet is an amazing resource in terms of the information you can find and things you can do today, it?s important to also be smart about how you browse. A browser can be a great tool in helping you stay safe when you go online.
Most online attacks fall into one of the three situations:
1. Malware that relies on social engineering to spread
2. Attacks directed against your browser or your operating system
3. Attacks directed towards the websites you visit
Learn how Internet Explorer can help protect you from each of these types of attacks.
Read: Security and Internet Explorer

More replies
Relevance 54.53%

Hi everyone!

I was advised earlier on this thread:: Need a new Backup & Storage program

....that Macrium (and AOMEI) are good to use to backup my Laptop HDD to an external drive.

Larger 2TB, external drive purchased, and is on its way...

Now I'd like to get the Free Backup program Macrium.

One problem still remains:

I've stopped using CNET Downloads since myself (and others as experienced in this Google search), have been seriously harmed by CNET downloads


There have been problems with reported with the CNET site since 2008, check Google page:

https://www.google.com/search?client...UTF-8&oe=UTF-8

I got hit by their malware/adware/toolbars so I refuse to use them as you can't remove them!!!! (On XP computer so I won't bother asking you here about them).

This is for a Laptop running Windows 7 Professional, so I don't want anything to go wrong (not mine, its a relatives' computer).

This thread from another (not Windows Seven Forum) website : http://www.thewindowsclub.com/safe-s...download-sites

....mentioned that "all" sites have a "direct link" so you don't have to use CNET Downloads,

Well.. I've looked high and low and even clicked on the paid versions of Macrium.... all seem to FORCE you to use the CNET download (with their CNET "installer" of course you must agree to install in order to get their "free" download (sorry for using so many quote marks, I'm using these words sarcastica... Read more

Answer:Macrium etc Free Software--How to avoid CNET Virus/Adware/malware prog

You can download Macrium from MajorGeeks

Download Macrium Reflect FREE Edition - MajorGeeks

9 more replies
Relevance 53.71%

The add-in works by adding a button to the Outlook ribbon UI. Users are supposed to select emails from their Outlook client, which they suspect might be part of a phishing attack, or just coming from spammers that they want banned on the company's email server.
Pressing the PhishReporter button will forward the selected emails as attachments to a specially set up email address. Here, the security and IR staff can analyze the email, and if found to be malicious in nature, they can blacklist the domain in the company's spam blocker.

 

The PhishReporter Outlook Add-In is the preferred way of reporting phishing emails because it automates the process of forwarding suspicious emails "as attachments," and by doing so preserving important email header information.
This operation is essential for security and IR staff because employees usually just forward the email, rewriting the original headers with their own.
The original phishing email header isn't lost since it remains in the user's client email, but IR teams usually have to contact the employee and teach him how to properly forward the email so they can analyze it. This makes security teams lose precious time, which is crucial since most phishing campaigns are most effective during their first hours.
The PhishReporter Outlook Add-In is available on GitHub. The project has no ties to an yet unreleased project of the same name developed by KnowBe4.
 

 
Source : http://news.softpedia.com/news/phishreporter-a-fre... Read more

More replies
Relevance 53.3%
Question: malware attacks

Hey all

I need some help with removing a couple of trojan viruses from my pc.

PSW.lineage.CEY
PSW.generic8.OCZ

Would really appreciate some help.I tried removing them with avg, trojanhunter, etc.

This is the result of my Hijack this scan:

*Edited by dr.moriarty: Inline log removed - READ & RUN ME FIRST. Malware Removal Guide not followed.
 

Answer:malware attacks

What is the file path of the threats being found?

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.


After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot... Read more

3 more replies
Relevance 53.3%

Hi all,
 
I believe I have some malware that I cant get out of my computer.
 
I have gone though the steps of what to do to check for maleware (ran Avast and Malwarebytes) and they both came up with nothing. Since its affecting my speed of computer and also my internet connection...I ran disk clean up along with Auslogics disk defrag as well.
 
Same problem.
 
 
Any help would be greatly appreated!
 
 
 
D

Answer:When Malware Attacks...

Hello Darkwater Is your connection dropping? Please run and post these logs. Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.   Please Download TDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan results.   Please download AdwCleaner by Xplode onto your desktop.•Close all open programs and internet browsers.•Double click on adwcleaner.exe to run the tool.•Click on Delete.•Confirm each time with Ok.•You will be prompted to restart your computer. A text file will open after the restart.•Please post the contents of that logfile with your next reply.•You can find the logfile at C:\AdwCleaner[S1].txt as well.>>>>Now I'd like us to scan your machine with ESET OnlineScanHold down Control and click on this link to open ESET OnlineScan in a new window.Clic... Read more

11 more replies
Relevance 53.3%

Please help me. I have had malware/virus problems before and been able to fix them, but not this time! I've been working on this computer for 9 hours today. I have major problems with trojans and popups, mainly from Aurora and Winfixer.

I have done scans/fixes with Adaware, Spybot S&D, TrojanHunter, Security Task Manager, and Norton Antivirus. I have even edited the registry, removing entries from malicious programs that I identified with the above programs. It seems like the fixed files and registry entries keep resurrecting themselves, or creating new problems.

Can someone please take a look at my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:24:56 PM, on 8/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wqjhsna.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\TrojanHunter 4.2\TrojanHunter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\eZula\mmod.exe
C:\PROGRA~1\WEBOFF~1\wo.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\... Read more

Answer:Malware Attacks! Help!

Okay, I have been working on the problems the last several hours, and have managed to get things looking much better! However, I am still getting some pop ups coming through, mainly from Winfixer or other alleged malware removal websites.

I followed the procedures listed in the reply to this post, entitled aurora - part of the abi network (hijack this log): http://www.techsupportforum.com/showthread.php?t=65147

I ran another Hijackthis log, and ran it through the Hijackthis Analyzer. Here are my latest results:

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Trend Micro\P... Read more

14 more replies
Relevance 52.89%

Hello, I inadvertantly installed a "real video codex" on my computer. So far it has tried to shuffle my home page, search page, windows background, run outlook (which I never used, so it had no accounts), and hit some blocked websites invisibly. I have tried Spy Sweeper, AVG's spyware, Spyware doctor, Combofix, McAfee anti-virus, McAfee Stinger, Panda AV..... and a few more. Most of the symptoms were cured, but it still eats memory and and tries to access Outlook and various strange websites. Here is my combofix log :ComboFix 07-12-17.1 - Owner 2007-12-17 18:58:30.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.390 [GMT -7:00]Running from: C:\Documents and Settings\Owner.YOUR-F8C4439DFA\Desktop\ComboFix.exe * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\rs.txtD:\Autorun.inf.((((((((((((((((((((((((( Files Created from 2007-11-18 to 2007-12-18 ))))))))))))))))))))))))))))))).2007-12-13 19:44 . 2007-12-13 19:40 77,824 --a------ C:\WINDOWS\system32\IEDFix.exe2007-12-13 19:29 . 2007-12-13 19:29 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\DivX2007-12-13 17:58 . 2007-12-13 17:58 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-F8C4439DFA\Application Data\DivX2007-12-13 17:56 . 2007-11-29 15:30 129,784 -----... Read more

Answer:Multiple Attacks From Malware

Welcome to the BleepingComputer HijackThis Logs and Analysis forum skyler517My name is Richie and i'll be helping you to fix your problems.Please disable Spybot S&D?s protection,or it will interfere.You can enable it after you're clean.Open Spybot and click on 'Mode' and check 'Advanced Mode'.Click on 'Tools' in bottom left hand corner.Click on the 'System Startup' icon.Uncheck 'Teatimer' box and/or uncheck 'Resident'.Click the 'Allow Change' box.Then, check next to the computer clock to see if the icon for Spybot is still there.If it is, right click it and choose 'exit Spybot-S&D Resident'.Restart the computer.If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:http://www.russelltexas.com/malware/teatimer.htmClick on Start>Run and type Services.msc then hit Ok.Scroll down and find the service called:Active Common ServiceWhen you find it, double-click on it.In the next window that opens, click the 'Stop' button. Then change the 'Startup Type:' to 'Disabled'. Now press Apply and then Ok and close any open windows. Click Start>Run and type regedit then click OK.Navigate to HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>ServicesScroll down the left pane,locate the service name:Active Common ServiceRight click on it 'Delete'. Then restart your pc.Download ATF Cleaner by Atribune:http://www.atribune.org/ccount/click.php?id=1Do not run it just yet.Download\install 'SuperAntiSpyware Home Edition Free Ver... Read more

5 more replies
Relevance 52.89%

Custom built PC – ASUS MBO, AMD Athlon 64 CPUWindows XP Professional, w/SP3Internet Explorer 8Mozilla FirefoxGoogle Chrome (new installation)Nvidia firewallMcAfee security (AOL version)This problem has three parts where this PC (my wife’s) is under duress from an unknown source and current tools aren’t stopping it:A. Recent outbreaks of Malware taking over systemB. An event in Jan 2011, has resulted in McAfee thrashing with incidentsC. Residual damage: redirected search outcomesIn the last week have had 3 major incidents with Malware. Following the first attack I installed Malwarebytes. Descriptions of each attack and the Malwarebytes logs follow:1. Friday, 6/24/11, approx. 8.45 pm. My wife was watching a scrapbooking video when attack occurred. Trojan: Fake alert: Pop-up windows for product named “XP Security 2012”, damaged/took-over file associations, clicking on most shortcuts would result in a pop-up window, open IE window and connect to site to purchase this product. Found file named “ggn.exe”.Malwarebytes' Anti-Malware 1.51.0.1200www.malwarebytes.orgDatabase version: 6949Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187026/26/2011 12:56:10 AMmbam-log-2011-06-26 (00-56-10).txtScan type: Full scan (C:\|D:\|)Objects scanned: 314522Time elapsed: 4 hour(s), 59 minute(s), 55 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 66Registry Values Infected: 1Registry Dat... Read more

Answer:Multiple Malware Attacks

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. Please take note: If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the '... Read more

2 more replies
Relevance 52.89%

Hello, I am using a different computer to post this thread. I use Windows XP
Anyways, yesterday, a pop-up appeared saying "We Hope You Enjoyed Our Content" after days of what I thought to be ad-ware. After the pop-up, the screen turned to something saying "Windows has detected spyware. Click here to download spyware protection" or something around that. I downloaded SpyBot and found out that I got many viruses and trojans including:
-WebHance
-SpyWareKnight
-Perfect Keylogger
-AdwareFinder
-Zlob virus
-SpyWare Sheriff
-GAIN.gator

And many more. I want to remove all of these viruses from my computer but I don't want to have to reboot it because I have many files I need to keep. How can I remove them?

Oh ya, task manager has been disabled

Answer:Malware And Trojan Attacks

Hello and welcome first run thisPlease download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, cl... Read more

16 more replies
Relevance 52.89%

Hello everyone,

Lately we hear more and more often speak of advanced malware attacks and in this thread I gathered the main characteristics of these attacks.

Traditional security measures, for instance based on signatures and such as firewall, antivirus, no longer enough. Work against less sophisticated attacks but cannot do much against new cyber criminals, who often (70-90% of cases) use malware not known, obfuscated, masked to be unrecognizable!

Here is a brief description of these very dangerous techniques, some recent others less.
Polymorphism: is the ability of a malware to change continuously, to make digital signatures based systems ineffective at detection.

Binary Retraining: same goal of tactics above, reached by modifying the binary structure of the object while maintaining unchanged the malicious functionality.

Recoding with Masking: the malicious executable object is hidden within commonly used file types, to push the unsuspecting user to run the malicious code. These are file types, for example, PDF or Microsoft Office files.

Malware Encapsulation : the malicious code is hidden by extending to legitimate files, commonly used by users. For example, a new version of a popular text editor or a game may hide dangers.

Multi-Flow Attacks: attack is fragmented across multiple flows of information, so as to confound even the tools of modern sandboxing but perform individually analysis objects. These items will be labeled as harmless, because they are only a par... Read more

Answer:Advanced Malware Attacks

Detection based antiviruses cannot even protect you form Polymorphism Thank you for the descriptions
 

21 more replies
Relevance 52.89%

I have been searching the forums for days looking for answers. On startup, Windows XP pops up a not connected to the internet window. Then Ultimate Cleaner ads pop up, Now it is opening IE and Firefox windows at random with ads...Here's my registry

(I have tried smitfraud, combofix, fixwareout, spyware doctor...)

Here's my registry log from HijackThis..Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:27:30 PM, on 2/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\DellSupport\brkrsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32... Read more

Answer:Malware, attacks IE and Firefox

Really wondering if anyone has any ideas for me...I can't even do anything on my computer now...The adware opens 100 windows each of IE and Mozilla.

Help
 

1 more replies
Relevance 52.89%

This new attack isn't circulating extensively at this point and folks should stay up-to-date on AV protection plus watch for any unusual activity in Internet usage or in their free email services. Hotlan Trojan defeats captchahttp://news.zdnet.co.uk/security/0,1000000...39287905,00.htmA new Trojan horse that sends spam through Hotmail and Yahoo email accounts has antivirus companies worried that the commonly used "captcha" system, used to prove new members are real people, may have been compromised. Captcha systems typically use a selection of alphanumeric characters that have been distorted and presented in a graphic with other elements designed to confuse character-recognition software. The idea is that, as only a person can read it and type in the correct sequence, spam bots and other malware can be stopped from automatically setting up accounts. The new threat was highlighted on Thursday by BitDefender Labs, which has dubbed it Trojan.Spammer.HotLan.A.McAfee - Spam-HotLan (DAT 5070 offers detection/protection)http://vil.nai.com/vil/content/v_142646.htmThis is a spam trojan which downloads a remote script to log into various free webmail accounts, in order to send spam. The script then tries to contact a second site, which contains details about the spam emails to send. At the time of writing, this second site returned nothing. This trojan does not install itself to the local system - once a system is rebooted, it will not restart itself.BitDefender - Troja... Read more

More replies
Relevance 52.48%

I thought it would be a good idea in keeping with the overall goal of this site to start a thread to give people a list of legal and secure sites for downloading free or dirt-cheap movies, music and software/games.
I believe this would helpful in terms of not just telling people not to visit/support pirating websites,
but to also give them other alternatives so that there wouldn't be a temptation to go there anyway
(And also for people like me that Don't want to steal, but also don't want to pay more than I have to)
 
Master list of sites for free/dirt cheap movies, music and free/free to try software:
 
Music
 
Open Music Archive
LEGAL NOTICE:
Contains music with expired copyright according to UK copyright law, which states that the copyright expires 70 years after the author's death.
As such, some of the music may be considered "pirated" in countries with longer copyright periods.
For example, The longest copyright period I know of is Mexico (100 years after the author's death).
 INCOMPETECH
This guy composes his own music and gives it away for free!
 
Movies and/or TV
Hulu 
Movies and tv free with ads, or (for cost of membership) watchable without ads.
 
http://www.epixhd.com/ 
Free for Dishnetwork users?
 
Netflix
Not completely free, but VERY low price!
 
 
Software
WARNING! As stated by Quietman, Many free Software Sites contain ads  or link to sites containing ads with misleading down... Read more

Answer:Good source sites for secure & legal free movies and free/free to try software?

That is a good question.
When I think about it Hulu does have movies.
I use Netflix.
I can use http://www.epixhd.com/ as I have Dishnetwork and can use that to be able to watch. Yup, just tested works good.
Many of the Movies channels can be watched that way.
 
Cheers
Roger

10 more replies
Relevance 52.48%

Ok this is weird. I run Ntl netguard, and Spyware Doctor. A few days ago, SpyDoc refused to auto update. Nothing strange thought I, site must be down.

Well its been four days now. Then I noticed I couldn't connect to Microsoft to do updates either. On further investigation, I found I can't connect to ANY legit malware sites. I have run Spybot, Ntl netguard, Malware Byte's anti malware, and Norton AV, none found anything wrong.

However, I tried setting up a proxy within Firefox, and CAN connect to the sites I couldn't otherwise. (albeit incredibly slowly).

As things stand, I can't update any malware software, and assume my poor PC must have caught something new and nasty.

Please help

Hi jack this follows:-

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:08, on 19/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterSer... Read more

Answer:Help Pls! Can't update Malware Protect or Visit Any Malware Sites

sorry, bump
 

2 more replies
Relevance 52.07%

As the title says I haven't seen this one before, of course I've seen infections (whether they are trojans or viruses or just simply malware) attack browsers by creating popups saying that your PC is infected or your browser is not safe, etc.

I got a call to remove an infection and I won't say that I haven't seen this before, just the behavior I haven't seen where the browser developer tools shows up and then it flashes like crazy as if someone was task switching the dickens out of it. I recognize the software, I don't recognize the behavior and when this happens it prevents the user from being able to do anything in the browser such as type URLs or manipulate searches on webpages in the search box on webpages that have them.

I suggested we try Chrome, and guess what? It attacked Chrome since the customer normally uses IE (and while I won't rail a user about using IE, its my number one product I jab at because its so deplorably broken and slow IMO) HOWEVER if it is what the customer wants to use then I don't stick my opinion out like a sore thumb but I do at least recommend Chrome or Firefox at least once in my discussion with them only if they are interested.

So because it also affected Google Chrome, it again made it impossible to use the browser, and I know its not a localized problem as I first thought it was an IE only related problem, I've tried rkill, mbam, ccleaner (haven't tried combofix) and I steer away from hijackthis because its a rather complex prog... Read more

Answer:A hijack or malware that attacks ALL browsers?

Sounds like malware. Have you tried starting it in safe mode with networking and p[en the browser there? If so, you could just run malware bytes and it should take care of your problem.

6 more replies
Relevance 52.07%

I'm curious about this because of a recent article that I just read ("Internet Security Fail").
This is what disturbs me the most in the article:
"The truth is, consumer-grade antivirus products can’t protect against targeted malware created by well-resourced nation-states with bulging budgets. They can protect you against run-of-the-mill malware: banking trojans, keystroke loggers and e-mail worms. But targeted attacks like these go to great lengths to avoid antivirus products on purpose. And the zero-day exploits used in these attacks are unknown to antivirus companies by definition. As far as we can tell, before releasing their malicious codes to attack victims, the attackers tested them against all of the relevant antivirus products on the market to make sure that the malware wouldn’t be detected. They have unlimited time to perfect their attacks. It’s not a fair war between the attackers and the defenders when the attackers have access to our weapons."
So, the operative word here is "targeted malware". It's one thing to exploit anti-virus software, but another to actually get inside a computer's security perimeter. The majority of infections are caused by an unsuspected payload getting onto a computer and then eventually being executed, or somebody clicking on a website icon/link and accepting the invitation to execute. The anti-virus software is the last line of defense (discounting other intrinsic protections like ... Read more

Answer:How vulnerable are we to direct malware attacks?

The hardest thing to bdo is a direct hack into a computer. Is it impossible? no, but its difficult and time consuming enough that the average user isn't worth the effort.

Now if theres something a hacker wants, its pretty much theirs, but just to steal bank info, theres alot easy ways, i.e. comprimised websites, bad d/l's etc.

You may want to unplug your connection, just to keep your computer from d/l unknowing things like updates, plus you know if someones hacked your wifi.

6 more replies
Relevance 52.07%

Hi all,
First, let me say thank you for being available to help people you've never met, because I'm sure there are a lot of us out here.

I recently downloaded a sketchy file which infected my computer. I scanned it with several programs before opening it, and it came up clean, but alarms went off as soon as it ran. I immediately deleted the file but it was too late. When I started running removal programs to clean up, each one crashed and wouldn't open again. I googled for the symptoms and came up with the msa.exe virus/malware. I followed some removal steps I found and seem to have deleted the file from my windows directory, but I don't know if it's gone. I also found process a.exe running which seems to be associated with the monopod virus, but I don't know this for sure either. I have tried running Spybot, Adaware, SUPERAntiSpyware, AVG Antispyware, Windows Defender, and have also since tried to install and run WinPatrol without success. Most of these programs will start up once, but crash during scans and after that will not open. I'm often told I don't have privileges when trying to run them again or even re-install.

As for my log files, I can't seem to run DDS, so I don't have the log for it. I don't have any script blockers that I know of to disable. The GMER file is attached as instructed. Also, I am running WinXP Home, SP2 (I didn't realize there was a SP3 until recently or I would have updated). I DO NOT have the CD or boot disk however; it cam... Read more

Answer:Malware that attacks removal programs

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.


Please download Rkill from any one of these links and save it to your desktop.

Rkill.com
Rkill.scr
Rkill.pif


Now double click on Rkill to run it. Do not reboot.



Combofix
Download ComboFix from one of these locations:

Link 1
Link 2


and rename it to glasgow.exe before saving it to your desktop.

Double click on the renamed ComboFix.exe & follow the prompt... Read more

19 more replies
Relevance 52.07%

The article is still developing here: https://www.windowscentral.com/new-ransomware-attack-appears-be-making-its-way-across-europe?utm_medium=slider&utm_campaign=navigation&utm_source=wp
But I thought governments, institutions would have learned their lessons after the last major malware attack
So how does this happen? Not for the same companies obviously as that would be just plain ridiculousness but for the new companies that got attacked
You would think they would have learned their lessons and made strides in updating all their systems and tightening their security systems
And why are the attacks predominantly in Europe? Is it because the online network and systems are more in depth or there's a way these scammers and malware creators can target specific regions or systems?

More replies
Relevance 52.07%

First things first, I'm running Windows XP, 32-bit, SP3. Almost forgot this little detail!

OK, a few days ago my brother tells me that my Norton 2012 identified an attack coming into it. I check it out, it says it was blocked, no further action required. So far so good. Only it keeps happening. It's not one kind of attack either, here are the logs of some of the most recent ones:

2012-06-04 18:17:56,High,An intrusion attempt by 204.152.214.173 was blocked.,Blocked,No Action Required,Fake App Attack: Fake AV Redirect 21,No Action Required,No Action Required,"204.152.214.173, 80",verifyanalysisav.in/78dee9e271084cb2/50/,"COMPUTER (192.168.1.2, 4058)",204.152.214.173,"TCP, www-http",
2012-06-04 18:01:14,High,An intrusion attempt by 37.59.188.165 was blocked.,Blocked,No Action Required,Web Attack: Blackhole Toolkit Website 14,No Action Required,No Action Required,"37.59.188.165, 80",biztreeentr.firm.in/dasdasaseq.php?page=fe54e51dd1a5ae58,"COMPUTER (192.168.1.2, 4798)",37.59.188.165,"TCP, www-http",
2012-06-03 21:38:39,High,An intrusion attempt by COMPUTER was blocked.,Blocked,No Action Required,Web Attack: Malicious Toolkit Website 25,No Action Required,No Action Required,"COMPUTER (192.168.1.2, 2159)",sixkzz.in/index2.php?src=55&gpr=16&tkr=06040138820273254&tkri=4350aed7bb1b1bb6f49deb9d15ece3dc&tkrb=d1bf8b457b7f4183592500667d8565b8&inframe=1,"205.134.160.134, 80",192.... Read more

Answer:Malware attacks and svchost over 1.5 million K

16 more replies
Relevance 52.07%

Malware purveyors are exploiting web vulnerabilities in appleinsider.com, lawyer.com, news.com.au and a dozen other sites to foist rogue anti-virus on unsuspecting netizens.
The ongoing attacks are notable because they use exploits based on XSS, or cross-site scripting, to hide malware links inside the URLs of trusted sites. That's something application security expert Mike Geide doesn't see often. As a result, people who expect to visit sites they know and trust are connected to a page that tries to trick them into thinking their computer is infected.

The malicious links are blasted out on web forums and typically look something like: Code: hxxp://lawyers.com/find_a_lawyer/content_search/results.php?sCHRISTINA%AGUILERA%20ANOREXIC%20PICS%3C%2F%74%69%74%6C%65%3E%3C%69%66%72%61%6D%65%20%73%72%63%3D%2F%2F%61%73%6B%35%2E%65%75%3E Source: Attacks spread malware with help from AppleInsider ? The Register
Firefox users may install NoScript add on by Giorgio Maone to prevent XSS attacks.

Answer:Attacks spread malware with help from AppleInsider

Thanks for the useful article.

2 more replies
Relevance 52.07%

 I seem to be getting a lot of attacks since my job involves opening and dealing with  emails all day long and I am tired of having to clean and repair my pc. I just upgraded to Win7 and want to start off right by having good protection so i would like to ask if you can recommend the best options for me please? I am thinking to use the no.1 rate virus software which is Bitdfender and also use SAS, this way I cover the 2 most attacks I seem to be getting all the time, do you think this is best or is there something else you can recommend which will give me the best chances not to get Malware on my pc please?
 

Answer:Best options to prevent Malware attacks?

Bitdefender is good, you can use it, the best way not to infected with malware is to caution when you open your email, see your attachments before open it, is it trustable? Is it secure? You can upload it to virustotal.com to test before open it.
 
Thank you.

26 more replies
Relevance 51.66%

http://www.disk-utilities.com/time-freeze/ this program is free and will keep your pc worry free, enjoy it indeed,
 

Answer:Protect your pc free

7 more replies
Relevance 51.66%

here are some free programs to protect your pc.

mozilla firefox with wot (web of trust) add on

Firefox Browser | Faster & Safer Internet | Free Download

MSE ( microsoft sercurity essentials) anti-virus

http://www.microsoft.com/Security_Essentials/

pctools firewall plus

PC Tools Firewall Plus - Free Firewall Download

this is what i use and i have not got a any viruses feel free to post what free programs you use.

Answer:protect your pc for free!

Include Malware Byte Anti-Malware.
Malwarebytes.org

2 more replies
Relevance 51.66%

free.grisoft.com <-- AVG Anti-Virus - small footprint, fast automatic updates.

www.download.com <--- Search "MalwareBytes Anti-Malware" - same, small, easy to update, free and very powerful.

www.download.com <--- Search "SuperAntiSpyware" - additional protection - cause Spyware sucks.


All these applications I've used for several years now, they're all free, and they're all you need (as long as you've already gotten a firewall or use WF) to safeguard your machine. The only thing the free version of AVG lacks is a real time residential shield which you can achieve by installing the AVG toolbar (although I never have - I just run scans on my machine on a regular basis).

A lot of people will argue different applications and there are LOTS of them, but these are the ones I've used over and over again in my 10 year tenature in the computer field - they're the one's I have installed right now, and the ones I'll continue to utilize in the future.

If you have any questions getting ahold of this software, let me know and I can post direct links from download.com.

Stop paying for garbage that conflicts with your system.

*coughcoughNORTONomfgcoughcough*

Good luck and happy computing!

- BeefonBun

Answer:Protect yourself for FREE!!!! Here's how:

I switched from AVG to Avira ( http://www.avira.com/en/pages/index.php ) as the new version of AVG (8+) has become bloated and a resource hog.

I also still use AdAware SE - http://www.lavasoft.com/
and

Spybot Search & Destory - http://www.safer-networking.org/index2.html

2 more replies
Relevance 51.66%

After Spybot scan, I think that program have removed any malware from my friend's computer. Just to make sure, can you please have a look at this HijackThis log??Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:21:57 PM, on 9/23/2007Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\System32\svchost.exeC:\PROGRA~1\Navnt\navapsvc.exeC:\PROGRA~1\Navnt\npssvc.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\system32\stisvc.exeC:\WINNT\System32\mspmspsv.exeC:\WINNT\system32\svchost.exeC:\PROGRA~1\Navnt\alertsvc.exeC:\WINNT\Explorer.EXEC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\SpeedUpMyPC3\SpeedUpMyPC.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Navnt\navapw32.exeC:\Program Files\eyeQ\ARLaunch.exeC:\Program Files\HijackThis\HijackThis.exeC:\WINNT\System32\WBEM\WinMgmt.exeR1 - HKLM\Software&#... Read more

Answer:Am I Clean From Malware Attacks After System Scans?

Hi eternal,

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience.

9 more replies
Relevance 51.66%

AV Vendors Detect On Average 19% Of Malware Attacks.

That detection rate increases only to 61.7% after 30 days. Even after 30 days, many AV vendors cannot detect known attacks.

-- Tom
 

More replies
Relevance 51.66%

2016 saw attackers holding data for ransom at an alarming rate; but in conjunction with the rise of ransomware and the continued ubiquity of mass malware, attackers are increasingly utilizing non-malware attacks in an attempt to remain undetected and persistent in organizations? networks.

According to Carbon Black data, these non-malware attacks are capable of gaining control of computers without downloading any files and are using trusted, native operating system tools (such as PowerShell) and exploiting running applications (such as web browsers and Office applications) to conduct malicious behavior.

In its end-of-year threat report, Carbon Black found that instances of severe non-malware attacks grew throughout 2016. And in any given 90-day period, about one-third of organizations are likely to encounter at least one severe, non-malware attack.

Instances of non-malware attacks leveraging PowerShell and Windows Management Instrumentation (WMI) grew throughout 2016. Such attacks spiked by more than 90% in the second quarter of this year (93.2%) and have stayed at escalated levels since. And, some leading attack campaigns in 2016, including PowerWare and the hack against the Democratic National Committee (DNC) leveraged non-malware attack vectors to carry out nefarious actions.

Meanwhile, the research also found that ransomware, which is on track to be an $850 million business in 2016 according to FBI data, has emerged as the fastest-growing malware across all industrie... Read more

More replies
Relevance 51.66%

Short on details but sounds interesting!!!
Article:
Washington, Nov 4 : Researchers from North Carolina State University have devised a novel way to block rootkits, one of the most insidious types of malware, preventing them from taking over computer systems.
"Hackers can use rootkits to install and hide spyware or other programs. When you start your machine, everything seems normal but, unfortunately, you've been compromised," said Dr. Xuxian Jiang, assistant professor of computer science at NC State and a co-author of the research.
"Our research leads to a new way that can protect all the hooks in an efficient way, by moving them to a centralized place and thus making them easier to manage and harder to subvert," said Jiang.
Jiang revealed that by placing all of the hooks in one place, researchers were able to simply leverage hardware-based memory protection, which is now commonplace, to prevent hooks from being hijacked.
Whole Article: How to block stealthy malware attacks

Answer:Article: How to block stealthy malware attacks

Thanks for sharing, very interesting article.

6 more replies
Relevance 51.66%

Very interesting piece on Mac security.... nothing is 100% bullet proof after all...
 
See full article at: http://www.businessinsider.com/there-are-more-mac-malware-attacks-in-2015-than-last-five-years-combi...
 
Mod Edit:  Deleted unnecessary excerpt from link - Hamluis.

Answer:There have been more malware attacks on Macs this year than the last five years

See BC News article here: http://www.bleepingcomputer.com/news/apple/2015-was-the-worst-in-history-for-osx-malware/
 
Closing topic as this is redundant.
 
~ OB

1 more replies
Relevance 51.66%

Dear all!

First off, I want to tell you guys that I am so thankful that you are here and helping people. This is one amazing, amazing forum.

My computer got infected with Outerinfo/Yazzle adware monstrosity yesterday morning. They disguise their executibles in the "close" buttons in popups that look exactly like system windows - and I just "closed" one, and now..... It's been pure hell.

I am in the middle of a critical project that requires web access, and suddenly my computer is basically exploding with popups, and is barely crawling. It was flying before, and I was loving it. Now it's slow and nastily infected. We tried to uninstall, reboot, actually reinstalled the OS, but it seeded itself in the kernel somewhere and is still there, the evil thing.

Trying to get security upgrades isn't working, simply isn't allowing them to install. It's weird. This thing is protecting itself. Please, please help!

Here is my HiJackThis log. I sooooo very much appreciate your help. So much. Thank you!!!!!!!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:31 AM, on 1/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\s... Read more

Answer:Outerinfo Malware attacks XP, popups, here's my HiJackThis log, please,please help!

hello & welcome to TSF


what you need to do is post your log in the HJTLog Help forum here at this site , we are not allowed to help you for it take trained techs to read those logs and to explain how to remove the infection

sorry but those are the forum rules

Mike

1 more replies
Relevance 51.66%

Microsoft bracing for malware attacks from embedded fonts
VULNERABILITIES

Security researchers say it?s only a matter of time ? days not weeks ? before malicious hackers start exploiting one of the vulnerabilities via booby-trapped Web pages or Office (Word or PowerPoint) documents. The specific vulnerability ? in the font parsing subsystem of the win32.sys driver ? provides an entry point for hackers to take complete control of an unpatched machine without any user action beyond normal browsing or opening a rigged document file. ? Microsoft?s MS09-065 bulletin says an exploit was already publicly available before the update was ready on Patch Tuesday, meaning that malware authors have gotten a long head start researching entry points for attacks.

Date: 12 November 2009

More...........Microsoft bracing for malware attacks from embedded fonts | Zero Day | ZDNet.com

Answer:Microsoft bracing for malware attacks from embedded fon

The Microsoft Security Bullentin says W7 is not affected.

http://www.microsoft.com/technet/sec.../MS09-065.mspx

2 more replies
Relevance 51.66%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:05:01 PM, on 14/4/2009Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16809)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Symantec AntiVirus\VPTray.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Synaptics\SynTP\SynTPStart.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Acer\Empowering Technology\eAudio\eAudio.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files\Launch Manager\LManager.exeC:\Program Files\Windows Live\Family Safety\fsui.exeC:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Microsoft Office Communicator\communicator.exeC:\Users\82043\Program Files\DNA\btdna.exeC:\Users\82043\AppData\Roaming\Google\Google Talk\googletalk.exeC:\Program Files\Common Files\InstallShield\... Read more

Answer:there is still spyware and malware attacks in the forms of advertisements

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Relevance 51.66%

More captcha busting suspected.
Hackers have figured out how to create computer-generated Facebook profiles and are using them to trick unsuspecting users into installing malware, a security researcher warned Thursday.
The fraudulent profiles display the same picture of a blond-haired, blue-eyed woman, but with slightly different names and birthdates, said Roger Thompson, chief of research at security firm AVG Technologies. Each invites visitors to click on what purports to be a video link that ultimately tries to trick viewers into installing rogue anti-virus software.
AVG's LinkScanner product, which monitors webpages in real time to make sure they're not malicious, has encountered "hundreds" of separate pages. But because AVG only sees a page when one of its subscribers tries to click on one, Thompson suspects the total number of fake profiles is in the thousands.



Source -
Automated attacks push malware on Facebook ?€? The Register

More replies
Relevance 51.66%

Dear all!

First off, I want to tell you guys that I am so thankful that you are here and helping people. This is one amazing, amazing forum.

My computer got infected with Outerinfo/Yazzle adware monstrosity yesterday morning. They disguise their executibles in the "close" buttons in popups that look exactly like system windows - and I just "closed" one, and now..... It's been pure hell.

I am in the middle of a critical project that requires web access, and suddenly my computer is basically exploding with popups, and is barely crawling. It was flying before, and I was loving it. Now it's slow and nastily infected. We tried to uninstall, reboot, actually reinstalled the OS, but it seeded itself in the kernel somewhere and is still there, the evil thing.

Trying to get security upgrades isn't working, simply isn't allowing them to install. It's weird. This thing is protecting itself. Please, please help!

Here is my HiJackThis log. I sooooo very much appreciate your help. So much. Thank you!!!!!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:13 AM, on 1/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Pro... Read more

Answer:Outerinfo Malware attacks XP, popups, here's my HiJackThis log, please,please help!

It all looks fixable....


Download SDFix from here and save it to your desktop.


Please then reboot your computer in Safe Mode by doing the following :
Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.

It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.

Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.

Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).

Finally paste the contents of the Report.txt back on the forum.


=========================================

This will help to identify malware on your system.
Please download Combofix fr... Read more

1 more replies
Relevance 51.25%

The National Security Agency and its British counterpart, Government Communications Headquarters, have worked to subvert anti-virus and other security software in order to track users and infiltrate networks, according to documents from NSA whistleblower Edward Snowden.
 
The spy agencies have reverse engineered software products, sometimes under questionable legal authority, and monitored web and email traffic in order to discreetly thwart anti-virus software and obtain intelligence from companies about security software and users of such software. One security software maker repeatedly singled out in the documents is Moscow-based Kaspersky Lab, which has a holding registered in the U.K., claims more than 270,000 corporate clients, and says it protects more than 400 million people with its products.
British spies aimed to thwart Kaspersky software in part through a technique known as software reverse engineering, or SRE, according to a top-secret warrant renewal request. The NSA has also studied Kaspersky Lab’s software for weaknesses, obtaining sensitive customer information by monitoring communications between the software and Kaspersky servers, according to a draft top-secret report. The U.S. spy agency also appears to have examined emails inbound to security software companies flagging new viruses and vulnerabilities.
 

Article

Answer:Popular Security Software Came Under Relentless NSA and GCHQ Attacks

Kaspersky being targetted again. Everyone fears the Russian power when it comes to IT Security or what?

4 more replies
Relevance 51.25%

Is there a way to password-protect AVG 8 free ... or otherwise prevent it from being shut down? There is a person in my house who insists on shutting it down, saying that a firewall (which I also had to password-protect) is more than sufficient, and it's driving me crazy. We've had viruses and trojans aplenty over the years, and that's *with* an antivirus program' but I simply can't argue this person into seeing the value of having one. Help and suggestions welcome!
 

Answer:Password-protect AVG Free?

6 more replies
Relevance 51.25%

My free Webroot Spy Sweeper will expire soon.
I need another free app to notify me about Startup changes and possibly Registry changes.

I have 2 PCs - XP and Windows 7.

My anti-virus for both is AVG free and I do not want to replace it. I am very used to it after so many years.

Any advice.....?

Thanks,
BBDS

Answer:Need free app to protect my Startup.

This little program might be what you are looking for.
Download WinPatrol 25.0.2012.5 - FileHippo.com

7 more replies
Relevance 50.84%

Sophos said:

iFrames and script tags are being used by malicious hackers to serve up drive-by internet attacks, silently and invisibly.

iFrames allow webmasters to embed the content of one webpage into another, seamlessly.

There are legitimate reasons why some websites may want to do that - but what cybercriminals do is exploit the functionality (presumably they have been able to gain write access to the website) to deliver malware such as fake anti-virus or a PDF vulnerability exploit to infect your computer.

What's sneaky is that malicious hackers can make the embedded content invisible to the naked eye, by making the window zero by zero pixels in size. You can't see the threat, but your web browser is still dragging it down.

Read more: http://nakedsecurity.sophos.com/2012/08/16/invisible-iframe-drive-by-malware-attacks-explained-video/Click to expand...
 

Answer:iFrame drive-by malware attacks explained [VIDEO]

Scary :S

I've never been a victim of any Drive-By, then again, I prob have in the past and never knew about it :/
 

11 more replies
Relevance 50.84%

Recently I'm studying about some sophisticated attack techniques used by criminals to break and infect the systems (Home and Enterprise Network).
The goal is always to steal data and remain persistent in the affected system: "fly under the radar".

The attacker wants to infect while remaining invisible, thus avoiding triggering "alarms", leaving traces in the logs, be detected by various solutions such as firewalls, IDS/IPS, Antimalware and HIPS.

This article is focused on some of the techniques used during the attack.

After compromise a machine, it is necessary to maintain persistent access to the network, for this purpose the choice of payload is crucial.

It's often used a reverse http shell

REVERSE HTTPS
REVERSE: the target use firewall with more or less restrictive rules and very often the only configuration is rejecting all incoming connections, especially if the request originated from a computer within the network.Important to the success of the attack, once compromised the remote machine, then get a shell back. The default setting provides for the attackers to connect directly to the shell meeting in this case the firewall block. By setting the reverse option they get to be the compromised machine to act as a client and to contact the C&C (command and control) of the attackers. (It's the same method used by botnets)

WINDOWS: In this case the target machine has the Windows operating system and the exploited process has the... Read more

More replies
Relevance 50.84%

Hello,

Over the past few days I continue to get warning messages from both Malwarebytes and Norton that some malware is trying to attack my computer. I've run full scans using Malwarebytes and Norton with no success. I'm hoping you can walk me through removing whatever it is that is starting these attacks. Not sure if this helps identify what/where it is, but the some of sites that are blocked by Malwarebytes are:

91.212.226.178
91.212.226.59
There are others too sometimes

I've attached a screenshot of the Norton warning details.

Also, whenever I search those #'s on google it triggers another attack. Fortunately, the attacks are blocked.

Finally, I am using Windows XP.

Thanks!
Sean

Answer:Consistent Malware attacks detected by Malwarebytes and Norton

I see no screenshot.

FWIW: Any computer on the Internet...is probably under "attack" by malware constantly, IMO.

Louis

4 more replies
Relevance 50.84%

 

Microsoft warns of increase in Adnel and Tarbir Trojan attacks on Excel and Word users
Microsoft has warned its Microsoft Office users of significant rise in malware attacks through macros in Excel and Word programs.  In a report published on its blog, Microsoft says that there is more than a threefold jump in the malware campaigns spreading two different Trojan downloaders. These Trojan downloaders arrive in emails masquerading as orders or invoices.
The malwares are being spread through spam emails containing following subject lines accordingly to Microsoft
ACH Transaction Report
DOC-file for report is ready
Invoice as requested
Invoice – P97291
Order – Y24383
Payment Details
Remittance Advice from Engineering Solutions Ltd
Your Automated Clearing House Transaction Has Been Put On
And the attachment containing Adnel and Tarbir campaigns is usually named as following :
20140918_122519.doc
813536MY.xls
ACH Transfer 0084.doc
Automated Clearing House transfer 4995.doc
BAC474047MZ.xls
BILLING DETAILS 4905.doc
CAR014 151239.doc
ID_2542Z.xls
Fuel bill.doc
ORDER DETAILS 9650.doc
Payment Advice 593016.doc
SHIPPING DETAILS 1181.doc
SHIP INVOICE 1677.doc
SHIPPING NO.doc
Microsoft Technet blog says that the two Trojan downloaders,  TrojanDownloader:W97M/Adnel and TrojanDownloader:O97M/Tarbir are being spread at a rapid pace through spam emails and phishing campaigns. Worryingly they are targeting both home PC users and enterprise customers and most of the... Read more

Answer:Microsoft warns for new malware attacks with Office documents

So this is an issue with people letting malicious macros run - guess MBAE will not work against it.A good AV solution that scans documents will, though.

7 more replies