Computer Support Forum

STOP 24 after removing malware and malware removal apps.

Question: STOP 24 after removing malware and malware removal apps.

Had a machine in riddle with viruses which we duly cleaned up and removed without incident. Uninstalled the applications one at a time, restarting each time it was required and all was good.

After removing the last app (dont ask me which one it was I cant rememebr) the machine no longer starts.

It's boot cycling but once we disable automatic restart on system failure it brings up a STOP 24 error.

Have booted to puppy linux and examined the hard drive (which is SATA btw) and the data seems intact so we can assume, physically at least, that the drive is good.

Booting to an XP CD and attempting to access the recovery console to run chkdsk /r and it appears the drive is either not detected or is empty (the latter we know not to be the case)

Boot to an X CD to attempt a repair install and it tells me there is no hard drive present.

Check the BIOS and the drive is detected properly. swap the hard drive for a SATA CD and it detects the CD without issue which makes me thing the SATA controller must be functioning too.

Now it seems that the this single disk system has some kind of RAID configured on it according to the boot screens. My next step would be to remove the RAID but I'm concerned it might format the drive. Is this likely? It has an ASUS A8R-MX/S motherboard but the info I get from their site is a little vague.

Am I on the right track with the RAID thing or way off base, help me folks its driving me nuts.

More replies
Relevance 100%
Preferred Solution: STOP 24 after removing malware and malware removal apps.

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Relevance 102.91%

Had a machine riddled with viruses. Followed the instructions on here on how to clean it and everything worked fine.

Until I uninstalled the applications.

Now the PC wont start.

I get the following BSOD

STOP: c000021a {Fatal System Error}
The Session Manager Initialization system process terminated unexpectedly with a status of 0xc000022 (0x00000000 0x00000000).
The system has been shut down.

Tried a repair install, no joy.
Tried the side-by-install and registry stuff that MS recommend and when I load the old hive none of the settings they talk about appear.

So once again I'm crying out for help from those who may not have been there and done that but have been here and done this and emerged a tad fraught but smiling nonetheless.
 

Answer:STOP 21a after uninstalling malware removal apps, what now?

you probably could try running the chkdsk /p command in the recovery console:
http://support.microsoft.com/kb/307654
there are directions on how to boot from a windows cd and get to recovery console.
 

1 more replies
Relevance 82.82%

Hi, as an extra Malware remover (I already use AVG free and Malwarebytes) does anyone have an opinion on the merits of "Ad-Aware Free Anti-Malware 8.1.3" and "Spybot - Search & Destroy 1.6.2"? And, which is the best? Thanks.

Answer:Malware removal apps

click here is free, is highly recommended and as an advantage provides real-time protection. Unless you are hitting the pr0n sites with feverish gusto, you should not need more than this and MB.G

2 more replies
Relevance 81.59%

Good day,
I have included a HiJack This log file (below) in hopes that I can get some assistence on my computer problem. Any and all help that you can give would be greatly appreciated.

Thanks

Logfile of HijackThis v1.99.1
Scan saved at 10:02:35 AM, on 12/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\svchosts.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.ex... Read more

Answer:Need Help With Spyware/malware Removal (don't Know Which Apps)

Hello and welcome Please print these instructions out, or write them down, as you can't read them during the fix.Before we get started I need you to disable AdWatch as it might interfere with the fixes.Right-click on the Ad-Watch icon in the system tray.At the bottom of the screen there will be two checkable items called "Active" and "Automatic".Active: This will turn Ad-Watch On\Off without closing itAutomatic: Suspicious activity will be blocked automatically.Uncheck both of those boxes and close Ad-Watch.==1. Please download AVG Anti-Spyware and save that file to your desktop.This is a 30 day trial of the programOnce you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the setup program.Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.If you aren't able to finish the update within AVG Anti-Spyware for a reason or another, you can install the manual updates here.Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.Once in the Settings screen click on "Recommended actions" and then select "Quarantine".Under "Re... Read more

15 more replies
Relevance 81.59%

I'm trying to help out a friend from work. He has an older Dell (2.66 P4, 1 gig, 60 gig, XP Home), Using a mix of Norton AV, the latest ad-aware, and windows firewall, he was infected with a Win32 derivitive that included a dialer and a few other things.

Now I used Kaspersky Rescue disc (updated), and Panda, which removed a bunch of things. We seem to be able to navigate the system now, but it won't let us install either Kaspersky free, Avira, or Malwarebytes. As well as Security Centre is disabled in the Services, and won't enable in anyway. I tried the Avira, Bitdefender, and vba32 rescue discs, but though they appeared to start, they always black-screened while initialising as if a video driver problem.

So did something get disabled that requires re-enabling ? Or is there still some junk that the functional software didn't find ? At this point I said re-format, but he still wants to try to save it !

Any suggestions/experiences ?
 

Answer:After removing Malware/Virus, can't install secuity apps

I suggest that he reformat. His system is a loss at this point.
 

10 more replies
Relevance 80.77%

Hi,

I'm having a problem on W2K with some kind of malware that seems to target the window manager in some way. The symptons are that some programs (putty, realplayer, reflection etc) crash with an empty "warning prompt" with the caption "Program error" and it seems to happen when the window manager is involved.
Anyway, I've tried to set things straight by following your nice step-by-step guides to how to search for malware but my problem is that the same problem is keeping me from installing the recommended software.
They get to the license agreement dialogue and then the Program error prompt appears and the installation crashes. I've managed to install HiJackThis though.
As I haven't been able to find anything else out there that seems to adress this problem I thought it best to go to the finest on malware
This link describes some of the same behavior though but the files mentioned in the thread are not present on my computer:
http://forum.avast.com/index.php?PHPSESSID=f6af982a805692bde432bf5c7e777452&topic=22893.msg189282

Many thanks in advance!
BR
Marianne
 

Answer:Problem with installing Malware-removal apps

What "programs" are you unable to install? Are you unable to run the online scans (Panda and BitDefender)?
Can you not run the ShowNew and the GetRun items?

Please be as comprehensive as possible as to the issues you are having.
 

5 more replies
Relevance 80.77%

I have been trying to clean a clients PC for 5 days straight. I can't run any AV or Malware program because whatever it is detects it and instantly closes it, even in safemode. Furthermore, if I try to reopen a program it closed, I receive a message that says,

"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

I removed the drive and placed it in another PC and ran Kaspersky Internet Security 10 on it and it detected and cleaned 285 files that were infected with virus.win32.virut.ce. I placed the drive back in the original computer and tried to run a scan and the same thing happened to all attempts to clean it. I then Booted the PC with both Ultimate Boot Disk and Hiren's BootCD and ran virus scanners to clean the system. After all that, I rebooted to Safemode and attempted to run a scan and the same thing keeps happening. I again placed the drive in another PC and ran a scan with Kaspersky and it found 43 more infected files but these were infected with an assortment of virii such as Trojan.Win32.Agent2.chxn, Trojan-Downloader.WMA.GetCodec.ae, Backdoor.Win32.Agent.akli, Trojan.Win32.Monder.bzea, Trojan-Downloader.Win32.Agent.bqxc, Trojan.Win32.Agent2.chuf, Trojan-Downloader.Win32.Agent.cosh, Trojan-Downloader.Win32.Delf.vma, and Trojan-Downloader.Win32.Generic.

I don't want to waste anyone's time (or mine) so I will list all the programs I tried:

Adaware Anniversa... Read more

Answer:All AV or Malware removal apps are instantly killed.

See if you can get this to produce a log1. Download Win32kDiag from any of the following locations and save it to your Desktophttp://ad13.geekstogo.com/Win32kDiag.exehttp://download.bleepingcomputer.com/rootr.../Win32kDiag.exe2. Double-click Win32kDiag.exe to run Win32kDiag and let it finish.3. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.4. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

3 more replies
Relevance 79.13%

When using internet explorer search links redirect me to random websites
Windows update does not seem to be working at all, in addition if I attempt to visit windows update webpage I am blocked completely.
Around the same time I experienced these issues google chrome stopped working all together (not the end of the world but I presume was related)

I have ran malwarebytes, ccleaner, EMCO malware removal, tried all of the windows update troubleshooting I could find

I have also poured over my processess and I believe I have some smitfraud stuff that I can't seem to get rid of, and a SLsvc process which I read was supposed to be categorized as a system process and it is listed as network (also when I try to delete it from the computer it tells me I don't have permission?)

any help would be great, thanks for the time and effort

Answer:multiple issues not detected by malware removal/ cleaner apps

Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to try to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

4 more replies
Relevance 78.72%

I have gone through the Windows XP cleaning procedure and removed a bunch of malware that I was not aware I had. I think my problem started around the first of September. I continue to have the same problem which is my DSL connection will be disabled while I am online. I will have to cycle the modem to be able to use email or the internet even though my modem home page reports that my connection is up. I can reestablish function only to lose it again a while later. Also periodically my Realtek DSL installation will be removed the next time I boot the computer.

I am attaching the first of the two logs and would apprerciate help on getting this problem corrected.

Thanks,
Jim
 

Answer:Malware removal-disconecting DSL and removing Realtek DSL connection

Here are my second two files.

Jim
 

4 more replies
Relevance 78.72%

Hi,
 
Referred from this post:
 
http://www.bleepingcomputer.com/forums/t/566610/backdoor-trojan-referred-from-am-i-infected/    Mod Edit:  Closed MRL topic - Hamluis.
 
Which was referred from this post:
 
http://www.bleepingcomputer.com/forums/t/564681/mostly-cleaned-up-after-malware-attack-need-help-to-finish/
 
Windows Update is working fine and is up to date.
 
When i boot up I still get this error:
------------------------------------------------------------------------------------
Microsoft Security Client
An error has occurred in the program during initialization.
If this problem continues please contact your system administrator.
Error Code 0x80070002
------------------------------------------------------------------------------------
 
The reason (I believe) is that Microsoft Security Essentials was partly uninstalled ...
 
It's not accessible or useable or listed as something to uninstall.
 
It's listed as an optional antivirus installed on my computer (though not actually accessible).
 
I need help to remove it.
Thanks!

Answer:Trouble Removing MSE ... referred from " ... and Malware Removal Logs"

Hello there,You can try the steps in here to manually remove Microsoft Security Essentials.Regards,Alex

19 more replies
Relevance 78.72%

all info stated above I think. Appreciate your help.
 

Answer:Removing Edeals (multiple malware removal tools used)

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 75.03%

 
A trojan that's currently doing the rounds in Japan is using Windows itself to try to defeat security software on infected machines.
Trend Micro reports that the BKDR_VAWTRAK malware, which steals credentials used for online banking at some Japanese banks, is using a Windows feature called Software Restriction Policies (SRP) to prevent infected systems from running a wide range of security programs, including anti-virus software from Microsoft, Symantec, and Intel. A total of 53 different programs are blocked by the malware.

http://arstechnica.com/security/2014/06/banking-malware-using-windows-itself-to-block-anti-malware-apps/

Answer:Banking malware using Windows to block anti-malware apps

TrendLabs: Windows Security Feature Abused, Blocks Security SoftwareEdit: Your Trend Micro link initially did not work for me so I reposted it for the benefit of others. Checking a second time the page finally opened.

3 more replies
Relevance 74.62%

Hello,

I have malware that prevents me from running anti-malware programs (unless their names are changed to aliases). It also makes its presence known when I am NOT connected to the Internet. In that instance, a message box informs me that "Generic Host Process for Win32 Services" is not working, and gives me the option of sending or not sending the relevant information.

I attach to this thread the "Attach" output from DDS and the .log file from GMER. Unfortunately, I was unable to save the Scan results from GMER in any format other than .log, and when I tried to use the "Copy" function within GMER, my machine froze.

I have also run (in safe mode) MBAM, SpybotSD, SUPERAntiSpyware and the Windows kb890830 malware-detection apps. The first three DID find infected files, which I removed/quarantined in each of the respective apps. Perhaps not surprisingly, the Windows malware detection scan did not pick up anything.

I apologise for the dreadful formatting of the GMER output; the .log file is (I hope) uploaded.

Kind regards,
Adam

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:58:53, on 04/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Safe mode

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINNT\Explo... Read more

Answer:Infected w/Malware that doesn't let you run anti-malware apps etc.

16 more replies
Relevance 72.98%

I have scanned with AVG with the latest updates. On top of that insidious google redirect I get random pop ups even when I don't already have IE or Firefox running. Also getting sounds in the background like I'm clicking on a link, surfing the net when I'm not. And SYSTEM in task manager is hogging a ton of memory.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:52:42 PM, on 8/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeC:\... Read more

Answer:persistent malware undetected by virus scans and malware removal tools

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

2 more replies
Relevance 72.98%

Hi,

I am the IT manager in my company.

I have a co-worker, his computer has search redirect issue. That means most likely it has malware.
Then i installed some major malware removal: Spybot Search & Destroy, SUPERAntiSpyware, Malwarebytes

After i installed them, i cannot launch them(That definitely means it has some kind of malwares)
I needed to rename their .exe files, after i can run them and scan my computer.

SUPERAntiSpyware, Malwarebytes found something, but didn't solve the problem, search redirect and
blocking malware removal software are still there. Now i am running Spybot Search & Destroy will see what happened.

By the way, i run them in safe mode because when i logon window to normal mode, it is slow (like it takes a long time to explore hard drive, etc). I suspect the malware slow down my pc. hopefully not registry corrupted or something, but works smoothly in safe mode.

So you guys have any suggestions? or you need a log file from combofix?

Please advise,
Tommy

Answer:malware: google yahoo redirect and can't launch malware removal software

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

5 more replies
Relevance 72.57%

I did a hijackthis scan and here's what I got:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:18:17 PM, on 4/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\WINDOWS\System32\00THotkey.exeC:\WINDOWS\system32\TFNF5.exeC:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynT... Read more

Answer:Malware Blocking Acess to Spybot, Microsoft Malicious Removal Tool and other anti-malware programs

Hey guys I solved my own problem. I completely reinstalled windows. (It was about that time anyway)

2 more replies
Relevance 72.57%

Please help me,
I cannot access any internet (wifi & ethernet) after malware removal using GridinSoft Anti Malware. I already updated network drivers, but it's still not working.
 

More replies
Relevance 72.57%

Hi, I'm suddenly having a lot of trouble with malware. My computer seemed to be running okay but I ran Malwarebytes as I occasionally do, and it picked up a fair amount of malware on my system. I deleted it and rebooted, but that's when my problems really began. Upon restarting, my internet connection has become almost unusable. It's extremely slow and generally I can't even open a page that I want after trying to refresh several times. Oddly though, google is working perfectly and a few other sites seem to work too, including this one. I've tried running MBAM again and again, each time it picks up more malware and I remove it, then reboot and the cycle renews. I can't seem to get rid of all of it, every time I scan my system there's just more of it. I've tried ComboFix but it doesn't seem to have done anything. One persistent thing seems to be photo_id.exe, I've got a few messages from MBAM saying it can't be removed and I need to reboot. Also, I've noticed that if I'm trying to reach a webpage, although it won't load there seems to be some redirecting, for example I just tried to reach a wikipedia page and it says &quot;The server at topsearchfeed.com is taking too long to respond&quot; For some reason I can't bloody format this properly no matter how hard I try, so here's an attached HJT log:
 

Answer:Malware removal attempt led to unusable internet, still can't remove all malware

problem has become more serious, now my mother has told me that the internet on her laptop is also extremely slow and essentially unusable, I'm worried that something from my computer has got on to hers via the wireless network we're both connected to. Somebody please help me
 

2 more replies
Relevance 72.57%

Gud day to everyone,

My computer having some malware activity, i have used adware 2008, spyware removal tool, norton anti-virus and other removal tool, but still those malware cannot be deleted.. My Computer icon could not display its properties, instead it appears like a file when you see its properties. It also disabled TCP/IP that why until now i cannot connect to the internet.. I don't have WindowsXP SP2 cd for repair..

Please help me as soon as possible, because it is a server..

Answer:Urgent! My XP SP2 have malware activity!.. cannot remove using malware removal tool

Hello frozenfire03, Welcome to TSF!

I recommend that you read this article… "Having problems with spyware and pop-ups? - First Steps"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.

When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Good Luck with it.

Kind Regards,

7 more replies
Relevance 72.57%

I was surfing the web today and I believe I clicked on a pop up by mistake when I shouldn't have. Avira then blew up with Malware alerts and I knew I had a problem...

I did a virus scan and it removed the detections found but when I did a restart they were back again. Also, the virus seems to move itself around to other .exe files. I found it had infected moviemaker.exe so I manually deleted the file as I don't need it but as soon as I emptied my recycle bin the moviemaker.exe file returned back to its original folder.

I'm afraid something really nasty has infected me. Avira is detecting it as a W32/Infector.Gen2 and Maleware Bytes is detecting 2 Malware.Packer.Gen files.

I went through the Read Me First steps on this site and preformed everything it asked. However, I was unable to uninstall my previous JAVA (ver 19) and was not able to install the newest version of JAVA. Both gave me errors that the installation program wasn't working.

I'm attaching the logs here. Can anyone help me get rid of whatever is infecting my machine? I would really appreciate the help!
 

Answer:HELP-Requested Malware Removal (Infector.Gen2 / Malware Pacger Gen)

Here is the 5th log.
 

6 more replies
Relevance 71.75%

I recently had CheckDisk malware, which I removed by deleting the registry keys and files that a website directed me to do (I have a number of websites in my history from my research and can't remember which one I finally acted on). At the same time, I started to get random Google redirects and audio ads playing from time to time. I deleted those registry keys and files as well, but, a few days later, the redirects have begun, if only intermittently. Obviously I missed something and would like some help figuring out how to clean my computer of this malware.

As instructed, I've attached the attach.txt and ark.txt logs. The DDS.txt log follows below.

Thanks so much!
DDS (Ver_10-11-10.01) - NTFSx86
Run by Owner at 12:51:11.03 on Tue 11/23/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.72 [GMT 0:00]

AV: Trend Micro AntiVirus *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Tr... Read more

Answer:Redirect malware after removing checkdisk malware

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that... Read more

9 more replies
Relevance 71.75%

Hi. I am trying to diagnose a problematic laptop for a friend. I don't know the details of what happened to cause the problems. The main problem I can detect is that the laptop is EXTREMELY slow. It seems like anything I try has a delayed response (even a simple mouse click). I followed the Malware Removal Guide, but was only able to run two of the five suggested tools as follows:

1) SUPERAntiSpyware - I ran this after manually updating the definition files on the version already installed and the scan found nothing.

2) Malwarebytes Anti-Malware - I was not able to update the definition files for the current version installed. After several attempts to uninstall this (via the Control Panel), I was able to do it via CCleaner. However, I was not able to re-install a more recent version due to problems with the Windows Installer service. After uninstalling an outdated version of Java (Update 14) via the Control Panel, I have not been able to install/uninstall any more programs.

2) combofix.exe - not compatible with 64-bit OS

3) RootRepeal - did not run on 64-bit OS

4) MGtools - did run; kept getting errors, but continued to completion

Attached are the SUPERAntiSpyware and MGTools logs:
 

Answer:Possible Malware preventing me from running malware removal tools

I am not seeing any malware in those logs. I do not know why MalwareBytes would not run, are you able to run it in safe mode? How does the PC behave when you use safe mode?

More than likely I think I will be sending you off to the software forum.

We can do this:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:



O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsM... Read more

5 more replies
Relevance 71.75%

Four steps that will keep your PC happy, healthy, and crap-free

Malware sucks. In the best-case scenario, it craps up your system with unwanted files and occasionally makes itself known in the form of a persistent pop-up window or annoying browser-based toolbar. In the worst-case scenario, malware completely takes over your desktop or laptop and ruins your life.

Your system slows to a crawl. You can’t even boot into Windows in the time it takes you to walk to the kitchen and back. Your data gets sent off to a faraway Internet land or, worse, your actual keystrokes are recorded for some unsavory individual to see. Malware locks down your browser, making you unable to actually do any browsing without being carted off to some bogus domain. You can barely run a program in Windows without getting bombarded by fake advertisements, programs, and dancing people on your desktop.

We can’t make this stuff up.

So what’s a computer enthusiast to do? Step zero: Read this guide, because we’re going to walk you through all the key details you need to know to both rid your computer of this junk and keep it free of downloaded nasties forevermore.



Read more at:
Maximum PC | Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Answer:Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Most excellent reading, thanks for posting for all to see, I , myself, use most all of these myself, the only paid program i have is malwarebytes, the rest are free add ons or are free programs . Thanks.

5 more replies
Relevance 71.75%

Please find attached the logs from the scans in the Windows XP Cleaning Procedures. I followed the Cleaning Procedures but still have a problem. The problems can be pinpointed to yesterday when I surfed to a web site without having an up-to-date Anti-Virus definition files. Before I knew it, I had an infected machine.
There seems to be 2 problems.

(1) After restarting the computer, Windows File Protection gives following message.

Windows File Protection
Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. Insert your Windows XP Profession CD2 now.

I have Dell OEM Windows XP Media Center 2005 installed on my Dell Dimension 5150/E510. Problem is, Dell has a Windows XP re-installation CD but Dell states there is no 'CD2'.

(2) I keep getting pop ups every time Internet Explorer is open. The pop ups occur on their own.

Hopeful you can help me to fix the problem. :confused
Thanks,
Ankur

p.s. Please note, the AVG Anti-spyware log is not attached because it was not generated by the tool. I scanned my computer using Trend Micro (after updating virus definition files) and I can provide the logs if you need.
 

Answer:Malware problem not fixed with Malware Removal instructions

Welcome to Major Geeks!

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
Java 2 Runtime Environment, SE v1.4.2_03

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F3 - REG:win.ini: load=C:\WINDOWS\system32\mlljg.exe
O2 - BHO: (no name) - {3F7BDD0B-0462-4F19-8B87-54D83601B87C} - C:\WINDOWS\system32\mlljg.dll
O2 - BHO: (no name) - {B8AFD866-6B8B-490E-DA2E-39E671810F96} - C:\WINDOWS\system32\mknamps.dll (file missing)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime

After clicking Fix, exit HJT.


Now download The Avenger by Swandog46, and save it to your Desktop.

Extract avenger.exe from the Zip file and save it to your desktop
Run avenger.exe by double-clicking on it.
Check the 'Input script manually' box.
Click on the magnifying glass icon.
Copy everything in the Quote box below, and paste it in the box that opens:




Files to delete:
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\mlljg.exe
C:\WINDOWS\system3... Read more

9 more replies
Relevance 71.75%

Dell m1330 Vista home premium. I have malware isses, frequent memory dumps, google redirection and something is preventing me from running or installing anti-malware programs. I had to install malwarebytes using the rename method, but the program will not run in safe mode or normal. I had spybot previously installed but I was also prevented from opening, so I tried reinstalling, but before it can complete the installation I get the blue screen of death memory dump! Before reading the procedure I ran coolweb, kill2me, windows defender and windows malicious software tool. None of the programs found anything. I also perfomed a couple system restores, but both failed.

Should I continue with the cleaning procedure (combofix), or does anyone know how I can get malwarebytes and spybot to run?
 

Answer:Trying to follow malware removal procedure, but malware is preventing me?

Here's my MGtools log, it was the only program that worked.
 

4 more replies
Relevance 71.75%

Hi, i got infected because i was triying to run malwarebytes and it skip the part of analising the files, it ended in arount 1 minute in a full scan, and i tried to download dr web cure it, and it dont allow me, the computer seems fine, but those things are very strange, and when i was running the scan i was in safe mode...
 
thanks for the help

Answer:Malware infected, malware removal tools useless

Greetings samidelcueva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

0 more replies
Relevance 70.52%

Hiya

Im running XP, avg detected trojans, the first one it got rid of, the second one Generic13.ATHP it could only remove it partially, apparently located in in c:\windows\system32\svchost.exe

Started the Malware Removal Process as recommended, SuperAntiSpyware wouldnt install, so I changed the filename, and it has installed but when I attempt to run it I get an error message -

SUPERAntiSpyware Free Edition has encountered a problem and needs to close. We are sorry for the inconvenience

The same happens with any other malware/spyware removal program, Spybot S&D, Malwarebytes etc...

Is there anything I can do to fix this?

Thankyou!
 

Answer:malware halps/malware removal not running

Hi again,

also tried doing this (as seen in another thread)

Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

* Scroll down to ?Non-plug and Play Drivers? and click the plus icon to open those drivers.
* Then search for TDSSserv.sys
* Let me know if you find this or not.
* If you do find it, right click on it, and select Disable. Do not try to uninstall it.
* Also if this is found and you disable it, then reboot and see if you can run the cleaning procedure and attach the requested logs.


but the device mentioned is not present (although there are a few that have error "!" things next to them, but 30 or so others.

:confused have no idea if any of this will help you lovely helper person, but i guess im just trying...
 

2 more replies
Relevance 70.52%

Hi all, 
 
Recently on Chrome browsing on a site a received a web site popup saying "Your browser contains MALWARE. You have to install Chrome Malware Removal Tool". Confirming with OK opens an extension page:
 
https://chrome.google.com/webstore/detail/chrome-malware-removal-to/mbdoonnjlifcmakklcaembokjhjikank
 
I have a strong suspect this is a malware!!!
 
What I'm trying to understand if what kind of malware infected the web site I visited. Some technical specs could be useful . The web site is of a my friend and I'd like to help them to identify the malware infected their web site...
 
 

More replies
Relevance 70.52%

Hi. Thanks for this. I need to first tell you that I don't even know how to generate the logs everyone posts here for troubleshooting. I'm sorry. Maybe someone could tell me how, then I will.

Because my laptop wouldn't even boot to the O/S last week, DELL's tech support helped me move files, reformat and reinstall the OS. I reinstalled McAfee. A security tool warning popped up. I knew it was rogue; I came here and got rid of using mbam and process explorer - very easy. Or I thought I did. On my daughter's desktop this morning, there were 3 porn shortcut links ON HER DESKTOP!!!! There was also a link to "Active Security" - trying to figure out wtf this was it turns out it was another rogue. Awesome. It at least had an uninstall on Add/Remove programs... but obviously it is not gone, if that is even the cause of all this... Thinking MBAM would be a logical quick fix, I figured I would try that. My Mbam won't load - I have reinstalled and it - it reinstalls and then when I try to quicksccan it says I don't have permissions and then I can't even open it again. I can reinstall, then it is hijacked when I try to scan. My McAfee won't scan either so both are being hijacked and I also am having the same browser redirects as others when clicking on sites from search results. McAfee can't even fix itself. In safemode, McAfee tells me the truth at least that it is not working (in regular mode it poses like everything is... Read more

Answer:Ugh - Malware Removal Tools Disbled by Malware

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Relevance 70.52%

Have got a strange one, where have attempted to remove XP antispyware 2009 using malware antimalwarebytes. Looks to have been partly successful - but have got something else interfering. Frequently have pages on IE as "not found".

Have posted HJThis log and Malware Antimalwarebytes log below. Thanks for any assistance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:58, on 08/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdjserv.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologi... Read more

Answer:Malware - blocking removal by malware antimalwarebytes

16 more replies
Relevance 70.52%

About a week ago, I noticed that when running Internet Explorer www.google.com that clicking on a website would take me to an add instead of the website. If I clicked back and clicked on the website again, it would correctly go to the website.

A day or two before noticing this issue I had upgraded to AVG 8.0 Free and had installed the latest Firefox version.

I am running a Windows XP Professional SP2, Intel Pentium 2.8 GHz.

I ran the instructions at forums.majorgeeks.com/showthread.php?t=35407 and am still experiencing the same issue as described above.

Any help would be greatly appreciated! This is the first forum I've ever posted to so be patient!

Thanks,
Deb
 

Answer:Malware - Exists after running MalWare Removal

This is the last of the Malware log files.

Thanks again!
Deb
 

2 more replies
Relevance 68.06%

When I try to run a scan from usind AVG anti-virus, Avira, Windows Defender, or SuperAntiSpyware; when the scan gets to a certain point, Windows shuts computer down with a blue window. It says Kernel_Stack_ Inpage_ Error plus some standard verbage about if you recently installed sortware/hardware,see administrator, etc. At bottom it says: STOP: 0x00000077 (0x00000001, 0x00000000, 0x00000000, 0xF79B1D24). I could sometimes run AVG scan in "select drives/folders" mode but recently it quit allowing that after I upgrade to AVG 9 (free). I uninstalled AVG and went to Avira but with same results. Scanning with Windows defender did the same. I recently installed and ran SuperAntiSpyware and was able to pinpoint problem to " System Volume Information" directory. I am unable to open to see contents as Windows shows no files in it. When I ask Ariva to scan it, Ariva says no files also but if I use AntiSpyware to scan, it shows many files during it's scan but will get to a certain point and computer will shut down. I can almost see file that shuts it down but it happens too fast to catch it. I was able to run "RootRepeal" and log is below. I was not able to run "DDS.scr".

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/30 13:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepe... Read more

Answer:Unknown malware/virus won't let any anti-virus/windows defender/malware removal progran to complete scans

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

23 more replies
Relevance 67.24%

Hi,

I have a dell xps 8300. It started acting up about 1 week ago (freezing while working online, freezing while trying to boot). Today i got the Blue screen asking me to restart if this was the first time I had received a blue screen.
I restarted it was fine for 30 minutes and everything froze.
I restarted it and I received error beeps ( 4 beeps)
I looked that up on dell support and they said it was RAM problems.
I opened up the computer vacuumed a bit, took out ram cards and reinstalled them.
It had been working o.k.for about 1 hour and only froze once more.
I decided to try the malware removal guide and here are the logs
Malware bytes did not find anything
TDSSKiller did not find anything
MGtools ran but as soon as it was done the window closed. i don't know how to find the log
Your help will be greatly appreciated
 

Answer:malware removal - have followed malware removal guide

I still want to see the log from Malware Bytes please.





MGtools ran but as soon as it was done the window closed. i don't know how to find the logClick to expand...

Should be directly on C:\ if that's where you boot Windows from. If you really cannot find the log, you'll have to run MGTools.exe again in order to produce a MGlogs.zip. Thanks.
 

20 more replies
Relevance 67.24%

I have run the malware removal intructions and when through each programs as they did remove some of the malware and virus. The issue that I am having is that when I open the computer under seperate user and try to run the malware removal programs via internet or through USB drive, I keep seeing a window which pops up asking me which program I want to use to open the program. I have run the computer under the adminstrator and do not seem to have problems running the

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log



View attachment hijackthis.log

malware removal steps and have attached the reports from the intructions.

Even when I try to open add or remove programs under control panel- I get the following message: "C\windoesn\system32\rundll32.exe- application not found. I am thinking that It is something to do with AVG and have removed the program with the step.

Please help....

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log
 

Answer:Help with malware removal- have run malware removal instructions

ssmehta007 said:



....try to run the malware removal programs via internet or through USB driveClick to expand...

Specific download and installation instructions are in our R&R ME FIRST guide :
ComboFix
Running from: l:\combifix\ComboFix.exe <--- belongs on your desktop

RootRepeal
Save it to your Desktop

SAS & MBAM
Installed to the Default Location - "C:/Program Files", as we suggest that you keep them after malware removal.

MGTools.zip
Download this file to the root folder of the drive where you have installed Windows (Typically this would be C:\ and thus you would have a C:\MGtools.exe file after downloading). ​
Please make those corrections and attach the missing RRlog.txt (from RootRepeal) and MGlogs.zip - normally it is C:\MGlogs.zip . Please tell me any problems you still have.
 

18 more replies
Relevance 66.83%

My computer recently became infected. At first, my taskmanager and regedit were locked. Next, my desktop background was locked. I fixed these problems, but continue to be bombarded with malware in my running processes which regenerate upon rebooting. Eventually, I could not startup Windows. Once the Windows loading page was finished, my computer would restart. I upgraded to XP Pro, can now log on, but still have malware. Please help! Thanks for your time!
 

Answer:completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have malware

Re: completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have mal

Here is my MGTools.zip log. Thanks in advance for your help. Any addition info needed please let me know. Take care.
 

4 more replies
Relevance 66.83%

I have followed recommended protocols to suceessfully remove the "Trovi" malware from my computer.
But have one minor problem.
The virus removal programs successfully removed the malware programs, as the program no longer runs on my computer.
But the malware appears to have left code in the windows startup directing the computer to run files which are now no longer present on my computer.
Problem is that this causes the following Windows Popup box "Run DLL" to come up , before any other windows startup programs run.

The Pop up box contains the following wording"

" There was a problem starting
C:\Users\LESTER\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
The specified module could not be found."

Does anyone have any suggestions on how to get rid of the code lines in start up that lead to the popup box, so that it will no longer occur at computer start up.

Thanks.
Lester
 

Answer:Trovi Malware - "Run DLL" pop up box remains on windows startup after malware removal

Follow this thread and attach requested reports

http://malwaretips.com/threads/malware-removal-assistance-how-to-get-help.20334/
 

1 more replies
Relevance 65.6%

I ran the steps in the Malware removal guide, i haven't seen any new pop-ups, but i noticed that there were a few problems that bitdefender could not fix, and my laptop is still running slow.

I am running windows XP, and will attach all logs.

Thank you in advance for all you assistance.
 

Answer:ran all the steps in "Read & Run Me First malware removal guide," still have malware

Re: ran all the steps in "Read & Run Me First malware removal guide," still have malw

Here are the last three logs.
 

10 more replies
Relevance 63.55%

Staff Advisory: This post needs to remain here until one of the malware team advise that it can be moved. This member cannot access our malware forums due to their infection. ~ Animal----------------------------------------------------------------------------------------------------------------------Hello, I got some help from some nice people in the live chat. I have made a log with your hijackprogram and am posting it at the bottom. It created two .txt files so there are two reports. I am unable to open ANY link that has the words anti-spyware anywhere on the page or in the address bar so unfortunately I cannot post this in the malware removal forum because the internet window closes every time. I am in dire need of some help! I have a subscription to spy sweeper and it is keeping things out but I was infected with Antivirus xp 2008 and possibly some viruses because the computer was un-protected for about a month while I was in the hospital..I run with Windows XP and a wireless connection. If someone could take the time to look at this for me I would be so incredibly thankful! I offer my services as a photographer/graphic artist/professional gift shopper/myspace designer/beginner web designer. You can see what I do at www.perfectionpictures.com and contact me if you need anything at all!Current Symptoms (in the order of appearance)Random Total system crash then restart then blue screen then back to windows. msvcp71.exe is missing so a program is being prevented ... Read more

Answer:Antivirus Xp 2008 Removal Help/am I Infected? Can't Open Malware Removal Forum

Hi & welcome,I would like to try a couple things before we go much further so I have a bit better picture of what is happening and can take the needed cautions.1.) click start> run> type msconfig and hit enter.click "boot.ini" tabCheckmark /bootlogClick "apply" and "close"Reboot when askedLocate and delete this file:C:\windows\ntbtlog.txt (in case your extensions don't show it looks like a notepad)RebootLocate & post:C:\windows\ntbtlog.txt2.) Click start> run> type: cmd.exe and hit enter.type the following commands exactly as you see em & hit enter after each one:cd c:\windows\system32dir userinit.exeNote the file size please & report that back to me. Leave cmd open a sec.Back at the cmd window...Type:cd dllcachedir userinit.exedir spoolsv.exeNote file sizes & report that back to me.Type exit in the CMD window & hit enter. (this closes it)3.) Can you see also if you can get this program installed please:http://download.bleepingcomputer.com/hijac.../HJTInstall.exeSave file> run it> follow prompts to install excepting defaults.Allow it to "launch" hijackthis.Click the "Do a System Scan and Save a Log File" optionSave the log file and then it should open with NotepadGo to Edit, Select All and then Edit, Paste to paste the contents of the log hereLet me know if you had any problems with the above please.I advise keeping the system offline as much as possib... Read more

3 more replies
Relevance 63.55%

Apologies, but i'm a bit of a novice. my computer did a scan when i started it and came up with some trojans. when i tried to delete them, a malware removal programme tried to install itself so i closed the download dialog box. unfortunately, i cannot remember the name of the software that was trying to install itself. please would you review my log below and help me clean my computer?

many thanks
---------------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by 0 at 19:57:35.67 on 02/01/2010
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.3000.1826 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows&... Read more

Answer:attempted removal of trojans try to install "malware removal software

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 62.73%

Hi,I have tried many ways to get rid of some Malware that has only recently infected my PV. I hope someone can help me as this is my work PC and I need to plug back into my office network in a few days, but think this would be a bad idea at the moment.The problem first showed itself by insisting I had many viruses etc, and I should install Internet Security 2010. I have installed Malware Bytes removal tool, and installed as instructed. It found the above, said it was removed, but still it appears to exist, although the name of the infection has changed a few times, and is currently redirecting my brower to a similar page to the above malware. A popup now shows that I should install Cyber Security to remove the infections. This is obviously another malicious antivirus/malware program.I have McAfee Enterprise installed (which I can't seem to disable)I have also run SuperAntiSpywarePlus, which did the trick removing a similar problem about a year ago on a different PC. However, although this program also finds problems, and supposedly removes t5hem, the problem is still there.Please help. I have shown Hijackthis log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:58:42 PM, on 29/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\... Read more

Answer:Cyber Security removal; Malware removal not working

Hi,I have tried everything I know of to remove this pesky piece of malware. It seems to keep changing names, starting out as Internet Security 2010, and redirecting me on a google search to a webpage trying to convince I was riddled with viruii and malware, and then trying to sell me thier software, which is really just a scam. I ended up here after a few days of tearing my hair out, almost beaten. I went through the tutorials, but unfortunately that was before I fired off a post in desperation. Please delete my previous post, as I have now followed the suggested path, and run the utilities to help diagnose my problems. The resulting files are attached.Please help. I hope the files uploaded can provide an insight into whats happening.Apologies for jumping right in and posting a Hijackthis log before I had read the tutorials.ntents belowDDS.txt contents pasted belowDDS (Ver_09-12-01.01) - NTFSx86 Run by Greg.Middleton at 15:30:23.26 on Tue 29/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.3063.2330 [GMT 9.5:30]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\windows\Syst... Read more

3 more replies
Relevance 61.5%

Since the ComboFix will not run on Vista or Windows 7 64-bit, I have to look for new malware/virus removal apps... It was good while it lasted. So what tools do people use for Vista these days when the computer says: "WARNING! YOURS COMPUTER IS AN INFECTED BY HARMFUL VIRUS!!!!"

Answer:64-Bit Virus Removal & Malware Removal Tools?

64-bit Anti-Virus:List of 64-bit Anti-Virus For VistaAnti-virus protection in 64-bit environmentsFree Anti-virus:avast! Free Antivirus Avira AntiVir Personal - Free AntivirusAVG Anti-Virus Free Edition 8.5Microsoft Security EssentialsPanda Cloud AntivirusKingsoft Free Antivirus (Cloud Scan)Paid for Anti-virus:NOD32 Anti-Virus PersonalMcAfee AntiVirus PlusTrend Micro AntiVirus plus AntiSpywareNorman Antivirus & AntispywareCA Anti-Virus Plus Anti-Spyware64-bit Anti-Malware tools:Malwarebytes Anti-MalwareSUPERAntiSpywareKaspersky Virus Removal Tool - How to install and use documentationSpyware TerminatorWindows Defender (64-bit)PrevxSpybot S&DAd-AwareNorman Malware CleanerSunbelt Counterspy (free Trial)Comodo BOClean Anti-MalwareSophos Anti-rootkitSanityCheck Advanced Rootkit and Malware DetectorESET Online Antiivirus ScannerESET SysInspectorAnVir Task Manager FreeWinPatrolStart with these:How to use Malwarebytes' Anti-Malware to scan and remove malware from your computerHow to use SUPERAntiSpyware to scan and remove malware from your computer

3 more replies
Relevance 61.5%

Hello!
In reading more of these threads I can see Im not the only one with the iexplore issue.
Glad to know it can be corrected!!!!

I have multiple pop-ups and my computer is as slow as dirt.
When I get home at 3:30 Calif time I will do the HJTInstall.exe thing and post the results.
Would the results of one that was done two days ago help? Yes I was having the issue then and another company did one and told me to email it to someone, which I did but I havent heard anything back and my computer is close to useless at this point.
Can MFDnNC or anyone else help?
Thanks!!!!
Ginny
 

Answer:malware removal/popup/iexplore removal

16 more replies
Relevance 61.5%

I posted the software forum yesterday and was instructed to complete the malware removal steps and repost here. I have a new computer running Windows 8.1. When I say new, I mean I started having problems within a couple of hours after turning it on!

I have McAfee antivirus protection and downloaded and installed my MSOffice 2013 Home and Student. All seemed to be fine. The MSOffice was up and running and McAfee said I was protected. Suddenly and I don't remember what I was doing...it said Microsoft something (sounded like an antivirus or firewall something) had detected several problems and I needed to "clean my computer". Oh so ignorant of all that was going on with learning Windows 8.1 after using XP for years I told it to clean. Somewhere in there it suggested I do a system restore. All seemed OK until I realized MSOffice was no longer there. I tried to download it again and reload, but with no luck. It occurred to me it had something to do with the system restore so I tried to undo the restore. That of course didn't help. I'm also now getting messages from McAfee that I am covered and safe but that my firewall is turned off and needs to be turned on. However I can get McAfee to do nothing. I can open a screen, but nothing I do makes it do anything. I tried downloading their "Virtual Technician" before I started the process you recommended and it acted like it was downloading, but 20 minutes later it was still "spin... Read more

Answer:malware removal help - removal instructions attempted

Can you try running the tools that were not working before including Hitman, in safe mode please. Let me know how you get on.
 

16 more replies
Relevance 61.5%

I read and followed precisely "Vista and Win 7 Malware Removal/Cleaning Procedure"

My issue: I was informed my my isp the following: "Mail Log Parsed from Feb 15, 2013 19:47:04 to Feb 16, 2013 19:47:04 User sent approximately 141,801 messages to 136,591 unique recipients. There were 2598 bounces received in this period, 1 percent of the emails sent. "

I have AVG, running constantly. ISP changed my password to stop the mail. I ran AVG in safe mode. Still not sure trojan erradicated. ISP referred me to your site.

I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.

Please advise if you believe my system is clean, or what further I should do. Since I haven't seemed to find anything, it's hard for me to be comfortable that it's clean.

Thank you emmensely!!

Mike Sieber
 

Answer:Help with malware removal--have performed removal instructions

Welcome to Major Geeks!




mike sieber said:





I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.Click to expand...

Not problems. It is just junk from AVG. All of your logs are clean. Many times when something like this happens, it is not an infection. It is due to a spammer/spammers getting your email login and password and they use it from other PCs to send out their spam. There are cases of infections that can cause spamming ( like some master boot record or partition infections ) but you show no signs of these.


If you are not having any other malware problems, it is time to do our final steps:
We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to ... Read more

3 more replies
Relevance 61.09%

Win7/64bit/IE8/McAfee Anti-virus PlusI installed and ran Malware Bytes. It seemed to play nice with McAfee, a pleasant surprise. Are there any other malware/adware apps I can run with McAfee installed? How about Spybot? Would it be enough to disable McAfee so I can run another malware app?Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

Answer:Using multiple malware apps on the same PC?

Golden rule...Running in real time - 1 firewall, 1 antivirus, 1 antimalwareYou can run as many other scanners as you want as long as they're on demand scanners (not running in real time).As for Spybot see here: http://www.bleepingcomputer.com/forums/topic472023.html/page__p__2871660#entry2871660

2 more replies
Relevance 61.09%

I've been reading about malware in a few different forums, and a lot of people recommend installing several anti-malware apps. But if you do that, don't you have to make sure they're not all in the Start menu, so they don't run all at once and collide?
 

Answer:several anti-malware apps at once

You may wish to read this:

How to Protect yourself from malware!

Plus we recommend you install and keep SuperAnti-spyware and MalwareBytes Anti-malware, both of which are free and only run when you choose to do so.
 

3 more replies
Relevance 60.68%

I need some help removing some malware. I've had problems for a week or more now and have had to regain acces to Task manager as well as fix corrurpted Winsocks and TCP/IP files.

It seems I still have adspy/Isearch.d.2 as well as trojan.peacom.

I tried to run bitdefender but the scan said it was going to take 5+ hours.
 

Answer:Help removing malware

here is the information from the last two counterspy scans

the second one was done in safe mode
 

21 more replies
Relevance 60.68%

I am new to this and to this site. I know that I got good network connection, but something prevents the computer from accessing IE. (When I run Safe Mode with Networking, I can get to IE.) It used to be the case that I would get Cannot Access page only when I tried to get to a secure site or a sign on page, but now never. I've run AVG, Kaspersky, and ewido to no avail.

I ran HijackThis and the logfile is below:


Edit by bjgarrick: Inline log removed
I would appreciate some help from who know way more than me. At this point, I am ready to reinstall the operating system!
 

Answer:help removing malware

Welcome to MajorGeeks.com, please follow our standard cleaning procedures:

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support


Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around..
In your next post, please make sure you attach the following logs and that you have run these scans in the following order:

CounterSpy - ONLY IF you were not able to run Windows Defender
Bitdefender - from step 6
Panda Scan - from step 6
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat
HijackThis
NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
 

8 more replies
Relevance 60.68%
Question: Removing Malware

Good day.
I am trying to remove suspected malware from my computer.
Following the suggestion of a friend, I downloaded, installed, & ran ComboFix this evening, and the program created a log.

What should I do next?

More replies
Relevance 60.68%

got the windows security virus...cant go online to download malwarebytes...any ideas?

Answer:Need help removing malware

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. *********************************************************SUPERAntiSpywareIf you already have SUPERAntiSpyware be sure to check for updates before scanning!Download SuperAntispyware Free Edition ... Read more

1 more replies
Relevance 60.68%

well i oso having this problem...
adware doesnt cure it..i dunno y...

here is my hijack log...can someone help me...see which 1 shouldnt be there..thanks a lot

Logfile of HijackThis v1.97.7
Scan saved at 4:12:36 PM, on 6/29/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Efficient Networks\SpeedStream DSL\SPDSTRM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\program files\altnet\points manager\points manager.exe
E:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\system32\javaes.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
E:\PROGRA~1\Altnet\DOWNLO~1\ASM.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\mfcvw.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\applications\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eddjm.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://eddjm.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://eddjm.dll/index.html#9667... Read more

Answer:Need Help Removing Malware

Do not run any scans or re-boot your machine yet!

Please download this tool called About Buster from:
http://www.atribune.org/downloads/AboutBuster.zip
Created by RubberDucky
Unzip it to your desktop but don't run it yet.

Now start Hijackthis and tick the boxes next to these items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eddjm.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://eddjm.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://eddjm.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\eddjm.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://eddjm.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\eddjm.dll/sp.html#96676
O2 - BHO: (no name) - {13C08856-1AE8-AF1C-4339-768E4CAE67AE} - C:\WINDOWS\system32\mfcds.dll
O4 - HKLM\..\Run: [Microsoft Update] sscbqls.exe
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [xkvqmbzfmgmu] C:\WINDOWS\System32\egggig.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [javaes.exe] C:\WINDOWS\system32\javaes.exe
O4 ... Read more

2 more replies
Relevance 60.68%

Hi, I've recently found out about Malware and found out that my comp is littered with it, I've tried using Adware but the malware stuff seems to always come back. I went on google and found a forum that directed me here, they told me to post the log of Hijackthis and you guys could help. I also get this home search thing, and I can't change the settings in the internet options. I would greatly appericate it if you guys could help me. Thanks!
Logfile of HijackThis v1.97.7
Scan saved at 2:37:15 AM, on 6/19/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\iecd.exe
C:\WINDOWS\ntig32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Advanced Browser\browser.exe
C:\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thesearchmall.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dnuub.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://dnuub.dll/index.htm... Read more

Answer:Need Help Removing Malware

16 more replies
Relevance 60.68%

I am working on a computer that has some malware and I need help removing it. MG Tools would not run properly- it gave me a message saying 'access denied'. Rogue Killer won't let me upload the log file in this post, so I will upload it in a separate post. Thank you in advance to anyone who can help!
 

Answer:Help with removing malware

I am still getting an error message with the RK logfile saying it exceeds the forums limits for this filetype. What should I do?
 

10 more replies
Relevance 60.68%

okay i have done many of the steps in the post of the list to remove malware. (read me&run)

nothing so far helps.

i have some questions before I do go any further.

Some information on my malware:

when i first got it task manager was disabled by administrator, solved.

i did my anti virus scan, found and removed all the bad stuff and then i had to restart my computer.

Now i noticed many things new, atually plenty of things:

whenever i turn on my computer CMD on start runs for 0.5 seconds and then disappears, something to do with my malware, i would like to know why.

i remember that the malware file that i double clicked (stupid...) had a picture icon of a angry grey dog on it, not sure if this helps at all but perhaps may identify something.

After restarting my computer as required after scanning+removing "all" of the malware detected by my anti virus, when i turned my computer on it took longer than usual followed by that CMD pop up for half a second.

i commenced with a second computer scan just to be sure, for some reason my scan took X3 the amount of time longer than it used to, i am very angry as my performance has been hindered.

as far as i know, my computer has still been tampered with even though my anti virus tells me there is nothing there.

SO THESE ARE MY QUESTIONS THAT I WOULD LIKE TO BE ANSWERED PRETTY PLEASE:

why do i get a CMD pop up at the start of turning on my computer after logging in?
 

Answer:I need some help removing my malware.

okay i have done many of the steps in the post of the list to remove malware. (read me&run)Click to expand...

Many of the steps? Which ones? Can you attach logs for me then please as I cannot answer your questions without seeing those.
 

18 more replies
Relevance 60.68%

Hi Majorgeeks,

I could use some help getting rid of a number of viruses on a Windows 7 PC. Attached are the requested logs except from Hitman Pro. I'm not able to save a log from Hitman Pro. Every time I try to save the log I get a Windows Program has stopped responding and must be shut down.

I've done screen captures to a Word document for Hitman but it doesn't appear I'm able to upload a Word Doc.

Thanks in advance for you help with this. This is a great service you offer.
 

Answer:Need Help Removing Malware

I'm not seeing any major issues in your logs. Are you actually having any problems?
 

3 more replies
Relevance 60.68%
Question: Removing Malware

Hi,
Ive attached the logs below. The computer is badly infected, usually the screen looks incredibly blurry and cant really be used at all. This happens at startup. Also, I noticed that user settings automatically changed from off to on during a few of the scans. Nothing was found after the malwarebytes and tdss scans. Thanks in advance.
 

Answer:Removing Malware

The computer is badly infected, usually the screen looks incredibly blurry and cant really be used at allClick to expand...

I am not seeing any signs of malware at all. Is it just the screen which is the problem?
 

7 more replies
Relevance 60.68%

My taskbar currently has a flashing X and ? in a blue circle in it. A mouseover reads "Critical System Error" and clicking it directs me to virusburst.com.

I've also noticed under software explorer in Windows Defender two isamonitor.exe running in startup. Then isamonitor.exe and isamini.exe currently running. Both paths lead to a VideoKeyCodec.

I did follow the Read & Run me instructions to no avail. I've attached the necessary logs. Thanks in advance for the help.
 

Answer:Need help removing malware please

Crap I keep waiting for a reposnse from the site for the attachments. I did post previously, however it has been almost 9 hours since my initial posts. Was hoping to get some reply, help and peace of mind before I shut down for the night.
 

2 more replies
Relevance 60.68%

Hi,

I was somehow infected by malware that is restricting my use of wifi network. Whenever I try to connect to the internet using this feature I receive a message asking me to enter my comcast account number. I've called comcast and they insisted this isn't a feature of their system. I have another laptop that connects to the same network using wifi without any programs. Every broswer I try to use forces me to the comcast activation screen asking for the account number. I am able to connect to the internet using a wired connection and don't receive the message. I have noticed that I see a pitch fork on my wifi indicator window now. I've tried searching for a virus or malware that causes this with no luck. I have reformated my computer and the problem still exists. Help please!
DDS (Ver_10-11-03.01) - NTFS_AMD64
Run by IMXELITE at 17:14:47.97 on Wed 11/03/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2830 [GMT -4:00]
============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Window... Read more

Answer:Need help removing Malware

Can you please close this topic I figured out the issue. It was a problem at the ISP level and it has been corrected.

2 more replies
Relevance 60.68%
Question: Removing malware

Hello!!!

First of all I would like to chaslang, I followed your malware removal guide and most of the pop ups have gone.

Recently I had lots of spyware problems, like antivirus XP 2010 popping up and porn links being put on my desktop. I followed the guide and here are the log files, thank you.
 

Answer:Removing malware

Sorry for the double post, heres the last files.
 

2 more replies
Relevance 60.68%

Hi. I was having a adware/malware issue that wasn't appearing to be malicious, just annoying. So I googled a few words related to the issue, browsed some forums, and ended up here. I was reading a thread that involved a guy having the exact same issue I had. He was given instructions by "Gringo" and I attempted to replicate these instructions. I ran ComboFix, and now am regretting doing so without simply posting my own thread first.

The adware issue was occaisionally getting redirected to ad sites as well as having this little in-browser pop-up on the bottom right hand corner of both IE and Firefox that would sometimes resemble an iPhone and would typically read "Recommended for You".

So I disabled AVG and ran combofix. Oddly, after temporarily disabling AVG, combofix claimed it was still active, but I ran it anyways... Bad choice maybe...

I haven't noticed the adware but the only site I've been to since running the program is this one so I have no idea if it remains. It wasn't constant, it only appeared 20% of the time and the redirects were rare. But now, all three of my browsers (IE, Firefox, and Chrome) as well as the simple my documents buton pinned on the taskbar say that they are tagged for deletion. I haven't tried any other programs... I only got here by finding iexplorer.exe (the 64bit version I think) manually and "running as administrator"...

I dun messed up, help?

Edit: I'm so frantic (this is finals week... Read more

Answer:I tried removing some malware on my own...

Hello and Welcome to Bleeping Computer!!Restart The Computer!!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking ba... Read more

22 more replies
Relevance 60.68%

I have run through the process you have listed in the Read And Run This First section, but I still have malware on my computer that the Panda Scan didn't disinfect. I will post what log files I have for you. Please inform me what I need to do, keeping inmind that I am a complete idiot when it comes to this stuff! Thanks!
 

Answer:Need help removing malware

You must follow ALL steps in the READ ME. This is not the first time this was explained to you. You did not even install HijackThis correctly and you already had that done properly last time. See step 7 of the READ ME.

You did not do step 0 of the READ ME. If you had, the following would not be running:
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

Also you did not complete step 6 (Bitdefender) nor did you attach your CounterSpy log.

You are also running MSconfig. Again see step 7 of the READ ME.

Also one of the last times you were here (see http://forums.majorgeeks.com/showthread.php?t=77846 ) I gave you a link to the How to Protect yourself from malware! thread and you were having problems updating Windows. It appears that you never updated. You will always have problems until you get updated. It would seem to me that perhaps your copy of Windows XP is not valid and you need to purchase a valid license.

You also have no antivirus, no antispyware, and no firewall applications installed. You cannot safely run a PC like this. You must complete all steps in the How to protect thread and leave these protections in place.
 

5 more replies
Relevance 60.68%

I am working on a family members computer. They have been experiencing a pop-up on their desktop for about 1.5 weeks. That message is:

"Failed to connect to the System Event Notification Service service. This problem prevents standard users from logging on to the system."

I have looked in the MMS Console and everything is running that should be that is related to this. I have tried the following DOS command but it failed also. "netsh winsock reset". I have done extensive research on the internet, but have not been able to find a resolution to this. Also, important to note, I cannot get any programs to run. I cannot get a browser to launch. Everything is slow.

Here are the specs for this Gateway DX4300-11 computer:

OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD Phenom(tm) II X4 805 Processor, AMD64 Family 16 Model 4 Stepping 2
Processor Count: 4
RAM: 8191 Mb
Graphics Card: NVIDIA GeForce 210, 1024 Mb
Hard Drives: C: 916 GB (116 GB Free); K: 931 GB (566 GB Free);
Motherboard: Gateway, RS780
Antivirus: Kaspersky Total Security, Enabled and Updated

I have come to the conclusion that the computer has some kind of virus and I am going to need your expertise in removing it. I have run the scans per your "Malware Removal/Cleaning Procedure" guide. Also, please note that these scans were completed in Safe Mode. They would not run otherwise. Attached are the logs except for Hitman Pro. I ran this three t... Read more

Answer:Need Help Removing Malware

Please remove everything that all three scans found. Reboot and see if you can run the scans in normal mode. If so, attack the new logs. If not, try again in safe mode and attach the new logs.
 

1 more replies
Relevance 60.68%

Hello!

I have been infected by Antivirus System Pro....NASTY NASTY!! Before I found this forum, I have been following removal instructions offered by http://www.bleepingcomputer.com/viru...rus-system-pro. Here is what I have done so far:
- McAfee full scan (found nothing!)
- Manually deleted the offending file (knibsysguard.exe)
- Full scan with the MBAM software (it found and deleted trojans, etc.)
- Run McAfee Stinger program (found nothing)

My PC is running better but is still hosed in that it is extremely slow, I keep getting a BTTray error, my McAffee software keeps getting hijacked so that each time I power up I get messages that my computer is not fully protected and I have to "fix" the problem. I click on the fix button; it gets fixed and is good for a little while and then it happens all over again. Also, my wireless printer is sometimes recognized and when I can actully print something, the print goes into never neverland and may print sometime in the future just out of the blue.

I have followed your first steps instructions with one exception. When I double click on GMER.exe it runs automatically so I have saved the log from that run and included it. I have tried to run the scan as you instructed by unchecking the specific boxes and clicking scan. When I do this I get the blue screen of death! I've tried this twice...the first time the error was "kwlyqpow.sys Page_fault_In_NonPaged_Area" . The second error was "PFN_L... Read more

Answer:HELP with removing Malware

BUMP, please

10 more replies
Relevance 60.68%
Question: Removing Malware

Can someone please tell me how to do the following? I am following the instructions but it doesn't tell me how to do the following "23.We now need to delete the C:\Windows\System32\Drivers\etc\HOSTS file." I don't know how to delete this. I am at the command prompt, but cant change directories to get to what it looks like, it stops at"\etc\"

Answer:Removing Malware

See if this is easierTo reset the hosts file automatically,go HERE click the button. Then just follow the promots in the Fix it wizard.ORClick Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.

2 more replies
Relevance 60.68%

Very bad Malware, have done alot, but below are the 5 files you all asked for in your remove malware post. Did everything word for word. this malware didnt get removed during a system restore, will spawn ads in the background and make words in sentences be an ad pop up. It spams the svc windows host to lag my computer and sometimes crash when I try to task manager quit it. Switches my display on my pc to xp sort of. i am running vista, 32 bit. I do not do much other than game and porn(probably the cause) on my pc. But the site I use is quite trusted so...IDK. Somebody please help?
 

Answer:Need help removing malware.

I am not finding any malware in your logs.

However, you are running multiple AV programs:
Microsoft Security Essentials
avast! Free Antivirus
Norton AntiVirus

Uninstall all but one!!

Your logs are missing a report, so please run the C:\MGtools\GetRunKey.bat and attach that log.
 

3 more replies
Relevance 60.68%

Hi All,

I'm currently getting my Aunties computer up to speed and have found a number of different Malware issues through running the programs in your steps.

The computer was running unbelievably slow before running Malwarebytes but now runs at an ok speed.

I have never come across a computer this infected, as for her browsing history I suspect her overgrown son has watched a huuuge amount of porn on this.

I have followed the instructions on this forum step by step and attached all the logs. Appreciate the help with this people

Cheers
 

Answer:Help removing Malware

Sorry left out this attachment
 

13 more replies
Relevance 60.68%

I have finally had the chance to complete all the steps in the malware removal guide. My computer seems to be running much better, but I want to make sure that everything is ok. There were viruses found and quarantined. I want to make sure that all viruses and malware are removed. I have attached all the required logs. Thanks for all your help!
 

Answer:Need help removing malware

Here are the other 3 reports requested.
 

15 more replies
Relevance 60.68%

I am new to this website, and would like to ask for assistance in removing viruses/malware from my computer.

I am running Windows XP and using Explorer 6.0.

Please let me know if you can assist me.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:44:52 PM, on 11/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nv... Read more

Answer:Need help removing Malware

I guess that I need to post more information per the post guidelines of this forum.

Well, I can add that my computer is running super slow, and I get an error message in windows upon startup (can't remember it right now). I have used Norton AV and Vundo also consistently comes up as a virus in my system, although when I try to fix it, it asks me to unstall and reinstall NAV, so I think that is infected as well.

Can anyone please help me?
 

2 more replies
Relevance 60.68%

Hi,

I have a Dell XPS M1210 running Windows XP Media Center Edition. Lately AVG has discovered these threat's on my computer:

Virus Name: Trojan horse Vundo.lY
Path To File: C:\Windows\System32\tdlcmd.dll

Virus Name: Win 32/Cryptor
Path To File: C:\windows\system32\config\systemprofile\local settings\temporary internet files\content.IE5\9L0VY9DZ\load-full[1].exe

also found these two viruses in the documents and settings\owner\application data folder:
Virus Name: Trojan horse Generic_c.TSW
Virus Name: Trojan horse Generic_c.TS

For now I left these files in virus vault hoping that I could seek some professional help before deleting any files.
 

Answer:Can Someone Please Help Me Removing This Malware?!?!

Please don't create multiple posts for the same problem.

Continue here:

http://forums.techguy.org/malware-r...82548-need-help-removing-system32-tdlcmd.html
 

1 more replies
Relevance 60.68%

a bunch of irritating popups trying to get me to buy antivirus stuff..etc.
somebody Please help:
------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 3:51:10 PM, on 9/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\mnmsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft S... Read more

Answer:Need help removing malware

Combined

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the c... Read more

3 more replies
Relevance 60.68%
Question: Removing Malware

I've got a problem with the w32.Myzor and ErrorSafe malware. I've downloaded removal instructions from Symantec but can't find any of the registry entries or other files they say to delete.In the meantime, I can't use IE, can't run Symantec's online tool (which only works in IE...).Any other suggestions?Many thanks

Answer:Removing Malware

Download Spyware Doctor click here You can download this from another PC and save to a USB stick then install on your system.

2 more replies
Relevance 60.68%

Dear Major Geeks

My laptop has a weird trojan that I believe is the Zero Access trojan (determined by looking at the logs.) When I try to start some programs I get an error saying that the "security.dll is not a valid Windows file." Research led me to believe that the computer is infected. Log files are attached.

Thanks for your help!
Ed Chappee
 

Answer:Help removing malware, please!

Hello, echappee

Re-run HitmanPro, activate the 30-day trial license and fix these detections:
Malware
Potential Unwanted Programs

Ignore all other detections.
Afterwards, click the Next button.
HitmanPro may want to reboot the PC in order for the changes to take affect, please do so.

After reboot and when you are back in Windows, run another scan with HitmanPro and then attach the latest HitmanPro log

Please re-run RogueKiller and run a scan. After it finishes the scan, select the Registry tab and then select any of the below that exist and then click the Delete button.




[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Found
[PUP] HKEY_USERS\S-1-5-21-2359803680-3802471010-3862095339-1006\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {1E796980-9CC5-11D1-A83F-00C04FC99D61} : -> Found
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Viewpoint Manager Service ("C:\Program Files\Viewpoint\Common\ViewpointService.exe") -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2359803680-3802471010-3862095339-1006\Software\Microsoft\Internet Explorer\Main | Search Bar : -> FoundClick to expand...

Then delete everything shown under the Files tab.
Afterwards immediately reboot your PC.

After reboot, run a new scan with RogueKiller and save a log as in the original instructions and attach the new log.

Please download the latest version of

Farbar Recover... Read more

8 more replies
Relevance 60.68%
Question: malware removing

here is the OTL log files they were too long so i attached them

Answer:malware removing

Hi again,Please go here and have a look how you can disable your security software.Download Combofix from any of the links below but rename it to before saving it to your desktop.Link 1Link 2--------------------------------------------------------------------Double click on the renamed Combofix.exe & follow the prompts.When finished, it will produce a report for you. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.This tool is not a toy and not for everyday use.ComboFix SHOULD NOT be used... Read more

17 more replies
Relevance 60.68%

Hello!

So, recently I've encountered a problem with my laptop... Ever since I started it this morning, I kept on receiving Email Error Pop-Ups from Norton, and I suspected something to be wrong. After long hours of researching what to do, I ended up on the Norton Community Forum.

Before you read this, I'd like to advise you to read my thread at the Norton Community about my problem:
http://community.norton.com/t5/Norton-Internet-Security-Norton/Norton-Email-Error-Pop-ups-Won-t-Stop/m-p/889897#M228955
This contains more of a detailed report with what happened to me.

So I ran MalwareBytes Anti-Malware, and when it was completed, I had 12 hazardous objects... (http://imageshack.us/a/img194/3421/emailerror4.png). I then proceeded to restart my computer (as requested by my MalwareBytes Anti-Malware program), and after that I deleted all 12 of those objects.

Along with this I was given a log file from the MalwareBytes Anti-Malware scan (check it out at my thread at the Norton Community, its one my second post as an attachment, I really think it might help you identify a solution if you read it...). The log told me that some Trojan files were left behind... That's what I wanted help with here (what do I do with them).

Here is the DDS.txt file from the DDS Tool:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2
Run by Joseph at 18:53:37 on 2013-01-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3... Read more

Answer:Need help Removing Malware

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

16 more replies
Relevance 60.68%

hi, i was wondering if anyone could help me with my computer. i was referred to this web site by my father but i am very unfamiliar with how it works. my computer takes forever to boot up and some times it operates quite slow once it has booted up. in many applications that require sound, the sound is choppy and really strange for brief moments. my computer didn't used to behave like this, so i was wondering if someone could walk me through what i have to do to remove any malware that may be causing my computer to behave so slow at times. any help would be greatly appreciated, thanks.
 

Answer:removing malware from my cpu

10 more replies
Relevance 60.68%
Question: Removing Malware

Problem:
Starting a few days ago, i believe my laptop has been infected with malware. every time i open internet explorer, another IE page comes up with some advertisement (sometimes related to a page i open). It also happens every time i go to another page on IE (say from yahoo to google, an IE ad page will pop up). The only time this doesn't work is when i use firefox, but i don't like using it much and also can't get youtube to work on it.

Log:
Logfile of random's system information tool 1.04 (written by random/random)
Run by USER at 2008-11-06 21:07:14
Microsoft Windows XP Professional Service Pack 2
System drive C: has 17 GB (66%) free of 26 GB
Total RAM: 2038 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:07:32 PM, on 11/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\Program Files\Viewpoint\Common\ViewpointService.ex... Read more

Answer:Removing Malware

Bump please

11 more replies
Relevance 60.68%

Please help... some of my internet connections are being blocked (Mozilla, virus definition updates), I can't copy and paste files (paste option is greyed out when I right click), system is really slow to boot up. I've tried running all the virus checkers out there but this malware seems to prevent me from installing or running any online scans. Please see my HJT log below.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:15:06 PM, on 11/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protecti... Read more

Answer:Help removing Malware

Quote:




Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.





Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work: Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------

Please download DDS and save it to your desktop.Disable any script blocking protection
Double click dds.scr to run the tool.
When done, DDS.txt will open.
Click Yes at the next prompt for Optional Scan.
Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Attach the following report to your post by clicking ... Read more

7 more replies
Relevance 60.68%

I am a computer idiot. Can someone please help me?

I have started the process for removing malware via add/remove programs on the READ & RUN ME FIRST and I have a My Way Search Assistant in my programs list but it won't let me delete it. What is the problem? Is there another way to delete it? What do I do!?
 

Answer:Need Help removing Malware Please.

Ok. I have finished step 6. I have logs from all of the programs I downloaded. SAS and MBAM didn't seem to find any infections, but then the combofix found rootkit activity. I don't know what this is. ?????... I am attaching all of the logs. Now what do I do? The My Way Search Assistant is still on my computer.

I am still having problems. When I go onto the internet to search for anything and click on a link I am taken to a link that has nothing to do with what I clicked on. I have to do it twice before I am directed to the right place. I tried to go to bleeping computer yesterday and it took me to yahoo hotjobs.

This all started yesterday. I went to facebook and messaged a couple of friends but did not do anything else on there or open anything. I then checked my email and double clicked on 'back to messages' because I was being impatient and an add popped up that I didn't want to go to so I closed it out right away. But, about five minutes later my system locked up. The screen turned green and said I had been infected. A program called Internet Security 2010 popped up a lot of warning boxes that said I need to do something right away, but it seemed odd to me. I could still get online so I looked it up and found out it was false. I used some other website first to get rid of that and it had me download MBAB. It seemed to fix the problem but I had to make sure. When I found this forum is when I found out I did infact still have problems. Thats ... Read more

3 more replies
Relevance 60.68%

I've been working to fix this problem but have been very unsuccessful. I downloaded this malware on Tuesday and since then it has been able to disable my control panel, task manager, registry editing, and has seemed to delete all my windows system restore points as it cannot restore my computer to any restore point that I've tried. I have been able to get my task manager back and registry editing, and I had the control panel back but it's gone once again. I used gpedit so far but have not been able to see any results. Everytime I log on I get "Windows Securite Alert" saying "Warning potential spyware operation! Your computer is making unauthorized copies of your system and internet files. Run full scan now to prevent any unathorised access to you files! Click YES to download spyware remover ..." Using my windows task manager, I checked to see what process this Windows Security Alert is using and it's using csrss.exe. This is a major system file and I'm beginning to get real worried. Can someone please help.

Here is my HijackThis log...


PLEASE HELP ASAP
 

Answer:Help removing malware

Please follow the instructions here before posting any logs ...they should be attached!
READ & RUN ME FIRST. Malware Removal Guide

Pay attention to downloading, installing and renaming HJT!

When you have the requested logs, please attach them to your next posts.
 

11 more replies
Relevance 60.68%

I was using u torrent for downloading and have removed it and all of the downloads associated with it. When i try to run my antivirus it runs for
two seconds and then says trojan and then the screen goes dark and i have to restart the computer which takes a long time to start up again. I'm running windows xp(sorry don't know what version i'm very new at computers) and have tried running in safe mode with my antivirus but it finds no problems. I have problems with surfing the net where almost every site that i try to visit is replaced by an ad or another search engine site. Here is the info that you guys need to tell me what to do to fix this problem. Thanks


DDS (Ver_09-05-14.01) - NTFSx86
Run by admin at 2:34:55.07 on Mon 06/22/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1007.581 [GMT -7:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

F:\WINDOWS\system32\svchost -k DcomLaunch
F:\WINDOWS\system32\svchost -k rpcss
F:\WINDOWS\System32\svchost.exe -k netsvcs
F:\WINDOWS\system32\svchost.exe -k NetworkService
F:\WINDOWS\system32\svchost.exe -k LocalService
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
F:\WINDOWS\system32\svchost.exe -k LocalService
F:\Program Files\McAfee\Common Framework\... Read more

Answer:help with removing malware pop ups

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Note: Please rename combofix.exe to cfix.exe

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

1 more replies
Relevance 60.68%

I've been infected with URL Malware. Every time I open my browser, Avast notifies me that malware has been blocked. Every time I visit a page, Avast notifies me again. Please help, I'm not too good with computers so I don't know how to remove it >.<
 

Answer:Need help removing URL Malware

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).===I need to see the FRST.TXT log that was created when you executed the Farbar tool.Please post the content on you next reply for my review.

9 more replies
Relevance 60.68%

Hi all, i need a bit of help i beleive i have malware and or viruses on my pc here is my hijackthis log to get startedLogfile of Trend Micro HijackThis v2.0.2Scan saved at 5:26:47 PM, on 3/9/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18882)Boot mode: NormalRunning processes:C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\Program Files (x86)\AVG\AVG9\avgtray.exeC:\Program Files (x86)\n52te\n52teHid.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exeC:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exeC:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explor... Read more

Answer:Help removing Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

18 more replies
Relevance 60.68%

I ran through the entire process of removing malware and deleted a ton of viruses and spyware. The minute I logged in normally, though, to run HijackThis Windows Defender prompted me with a trojan virus and asked me to remove it.
Not only this, but whenever I open iTunes or FireFox, and IE browser pops up with annoying ads.
Please offer any help that you can offer.
 

Answer:Help Removing Malware

more files.
 

14 more replies
Relevance 60.68%

Hello this is my first post so I apologize if I am posting in the wrong forum. I followed the directions by saving fixexe.reg and mbam to a cd from another comptuer and installed the programs in the infected computer. After installation I tried to run the program and scan for malware and a security warning says application cannot be executed. The file is infected and asks to activate the antivirus software. I cannot access any programs or files on my computer. I am at a loss. Any suggestions as to what to do know? Any help is greatly appreciated.

Answer:I need help removing malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

3 more replies
Relevance 60.68%

I ran all the programs and created all the logs indicated in the malware removal guide. The problems I was having; 1.Symantec indicated my computer was infected with Backdoor.Tidserv!inf; 2. Whenever I clicked on a search engine link in Firefox a completely unrelated webpage would launch. I attached the logs below. Your help would be greatly appreciated.
 

Answer:Help removing malware

Last Link. Thanks.
 

4 more replies
Relevance 60.68%

This one is a doozy. It makes Firefox crash everytime I try to run it, and it either makes IE freeze up or pop-up then shut down immediately. Furthermore, it completely debilitated my SuperAntiSpyware program as well. The only way I am able to access the Internet now is because I am using Opera.

I tried a system restore, but it said that there was a disk error.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Alex at 13:02:52.66 on Mon 05/04/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_12
Microsoft? Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.1050 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicens... Read more

Answer:Need help removing malware

Hello and Welcome to TSF.

We need to see all 3 logs in order to help you.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

1 more replies
Relevance 60.68%

Google, Facebook, Hotmail, etc werent loading. I got the start page for all of them, but after i logged in or looked something up, it stayed stuck. Besides I didnt get the task bar cause it said it's been disabled by an administrator.

I solved the problem with spybot... also i deleted syggjtae.dll which was causing the problems with google, facebook, etc. but now when windows opens it appears that syggjtae.dll is not found. how can i stop that window from appearing?

And i dont know if it's got something to do with this, but also since then it appears that "a new hardware was found" but its "unknown" and it never gets installed. What should i do?

Apparently i fix the problems with spybot but when i turn the computer on again, somehow they're back and i have to run spybot again. The taskbar problem is fixed but then when i reboot it still persists until i run spybot again.

these are the problems spybot detects:

Microsoft.Windows.Security.InternetExplorer: [SBI $A3433CBF] Configuración (Cambio en el registro, fixed)
HKEY_USERS\S-1-5-21-725345543-117609710-2146778517-1003\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe

Microsoft.WindowsSecurityCenter.TaskManager: [SBI $FD4267D3] Configuración (Cambio en el registro, fixed)
HKEY_USERS\S-1-5-21-725345543-117609710-2146778517-1003\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr

Microsoft.WindowsSec... Read more

Answer:need help removing malware!

Hi cold_blur_20
Welcome to Major Geeks!

You need to go through the instructions in the READ & RUN ME FIRST and attach the requested logs. It sounds like you have malware problems.

abri
 

16 more replies
Relevance 60.68%

I keep getting annoying popups, my security finds the problem and deletes it but it keeps coming back.

I followed all the instruction in the 'Read this First' section.

First I checked Add/Remove Programs nothing showed up that i did not recognise.

I then downloaded and installed all of the programs mentioned in the ReadMe.

I enabled viewing of hidden files, system files and file extensions.

I went into Safe Mode and ran CCleaner, Microsoft Windows Malicious Software Removal Tool, SpyBot S&D with SDHelper function,
Microsoft Windows Malicious Software Removal Tool and SpyBot.

I rebooted and ran CounterSpy, as i couldnt run Windows Defender.

I then ran BitDefender and then Panda.

I will attach first three files and post other three in new post.

Thank in advance for any help.

Also would this type of Malware, reduce my internet speeds.

Rgds

Valerie
 

Answer:Help Removing Malware

next three files.
 

10 more replies
Relevance 60.68%

haha... I have the same results no matter what I use to "remove the hijacker virus or whatever it is" it still seems to be on my computer... I have uninstalled stuff I probably shouldn't have, also reverted back to previous dates and  my computer is a 2010 or 11 I can't recall just know it isn't very old to be having these sort of problems... I get a message that says the browser settings are trying to be changed (I am trying to change them to what I want) but it will let me do so until I start my computer up again... and it's right back to where it was before I changed it... ugh... I have used RKill and Rogue Killer, advanced system care 6 and 7 all IOBIT programs, and now I have an icon on my desktop that has my folders instead of my computer showing my folders... it's ridiculous to have to go through so many steps and still have problems...

Answer:Need Help Removing Malware

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Update Malwarebytes' Ant... Read more

1 more replies
Relevance 60.68%

I've been getting email errors from norton about some spam pharmacy emails and I searched for this error on the internet and it appeared that it may be caused by a malware. Can you help me detect this malware?
 
Edit: No Logs posted, Moved to a more appropriate forum
Roger

Answer:I need help removing malware

Hi AvengerNinja,
 
Could you please run a full system scan with MalwareBytes Anti-Malware and post the results of the scan below?
 
Please download MalwareBytes here.
 
If you need help running the program, please refer to this guide.
 
Also, please use the <> button at the top when pasting scan results.
 
Cheers!
 
-Eric Bennett

2 more replies
Relevance 60.68%
Question: removing malware

Hi Folks
looking for a bit of help with trying to improve the preformance of my PC. I have followed your tutorial on the steps before posting the hijack this file. If you wouldnt mind looking at it and giving your opinion on what should be deleted


thank you
 

Answer:removing malware

kevinspencer23 said:



I have followed your tutorial on the steps before posting the hijack this file.Click to expand...

Hi and Welcome


Sadly I dont know what tutorial you read but you really need to follow the guide below as even your only log attached in the Hijackthis one was installed in the exact place we mention not to and was run without the re-name of the hijackthis.exe file. Also missing were the other requested logs from the guide, to fully locate and remove the malware we will need the steps followed as laid out. This is the first part of the removals process and may not fully remove your malware, which is once the logs have been looked over by one of our experts,they will issue some tailored instructions for you to follow in removing the remaining parts.


Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the ste... Read more

3 more replies