Computer Support Forum

Paid Help, Please?? Brand New Virus/malware- Mbam Team Struggling-need Help

Question: Paid Help, Please?? Brand New Virus/malware- Mbam Team Struggling-need Help

Anyone looking for a BRAND NEW challenge??

Hi, I'm Bethy. I'm new but I know just enough about this stuff to probably be dangerous... I literally took my brand new Alienware desktop out of the box four days ago. I have no idea how, but in the process of installing antivirus software I managed to find a first run virus- Virustotal first identified it on March 7th at 8pm.
Have been working with the Mbam team since Sat. to try to remove it but despite writing code scripts for me, we still haven't fixed it. The nasty files appear to be:
C:\WINDOWS\wine.exe
and
C:\Program Files(x86)\standing\minor.exe

Basically, it starts a proxy server that doesn't show up in the regedit and loops back despite all attempts to remove it. I've got 6 FRST logs from various attempts Mbam'ers have tried and innumerable scans with various programs but at this point we know it's a completely new creature and we know mbam, Avira, Hitman Pro, Kaspersky TDSS, MBAR, and Zemana do NOT remove it and only Zemana even detects the proxy server- however deleting and repairing does nothing - it just re-installs within 10 seconds. The net result of this is that I only have internet access for approximately 20-30 seconds at a time and that ALL of my USB ports, optical drive etc- anything to transfer files (EG like to download Respawn and factory reset-if that would even work) is not an option... for some reason, about every 10th attempt I CAN get it to recognize a thumb drive on one port, so please, whatever software programs anyone thinks might help, give them to me all at once... I've got a clean laptop I can install the programs to the thumbdrive from, but the only way to launch anything that requires internet - like mbam- is to run the infected desktop in safe mode... once it's installed, it still has to be run in safe mode or the virus terminates it within 10 seconds. Desktop icons also display an error that the program the shortcut refers to has been corrupted- so there's no install in SM and run in normal boot either...
I know this is long- please bear with me... Let me know all logs you might need to help-I'll reply immediately- my thumb drive is detected now but new downloads will take a while to install from the thumb drive since I have to install it from the clean laptop & can't rely on having the infected desktop recognize the usb... sometimes it requires 10 to 12 restarts or logouts to get lucky...
Is anyone up for a challenge? I know this is a totally volunteer site, but I truly respect the skills everyone here has developed and the time you put into helping others. I would like to offer payment for your help... Especially because working with me- I'm a couple of years behind the tech (although 5 years ago I could have been on the other side of this post- isn't easy and I know it.
My email is (snip)- you can post here and communicate with me via email or whatever the correct protocol is... I hope no one is offended by offering money, that is definitely not my intention... it is only out of respect and a huge desire to get my new rig functioning. Thank you all!!
Bethy

Relevance 100%
Preferred Solution: Paid Help, Please?? Brand New Virus/malware- Mbam Team Struggling-need Help

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Paid Help, Please?? Brand New Virus/malware- Mbam Team Struggling-need Help

Note: While we appreciate that you very likely posted at multiple forums in order to ensure a response, in the future please do not cross-post. Resources that help perform malware removal are very precious and very limited, and cross-posting only serves to tie up the time of multiple helpers who could be using that time to help someone else who also has problems.

In the future - choose one forum and stick with that one until they've resolved your problem.Click to expand...

8 more replies
Relevance 66.83%

Hi all, Just bought my new Acer E5-737G-525G, it's ani5-6200u core, with 8gb of ram, and a 940M card, a tidy piece of kit that shouldn't in theory be subject to any system lag or slowdowns. However, this is the SECOND laptop i recieved after the other one went back due to sluggish initial performance and me assuming that this was due to a drive issue. However, it seems like this one is having the same sort of issues. Consistent spiking for long periods to 100% HDD utilization and it takes an age to start up and the icons "page" in after you've started Windows. Can't say im super satisfied with the performance. I am not sure what i should do, if this is a reach out to Acer affair or just fix it myself.  Both RAM and CPU are hardly being maxed if at all, whilst the drive is usually at 100%ish and i can see visible lag on my performance as a result. Please help! I dont wanna have to buy an SSD quite yet lol

Answer:Brand New E5 Struggling with 100% HDD Utilization

Check in task manager in the "Disk" column. What is causing the 100% disk usage? is it windows defender? If it is, then get rid of it - Turn it off. If its MacAfee, GET RID OF THAT ABSOLUTE PEICE OF JUNK I believe your laptop has a Western Digital WD10JPVX Hard drive, just like my laptop had. Oh, waht a horror McAfee was to that poor hard drive.  

9 more replies
Relevance 66.83%

Hi all, Just bought my new Acer E5-737G-525G, it's ani5-6200u core, with 8gb of ram, and a 940M card, a tidy piece of kit that shouldn't in theory be subject to any system lag or slowdowns. However, this is the SECOND laptop i recieved after the other one went back due to sluggish initial performance and me assuming that this was due to a drive issue. However, it seems like this one is having the same sort of issues. Consistent spiking for long periods to 100% HDD utilization and it takes an age to start up and the icons "page" in after you've started Windows. Can't say im super satisfied with the performance. I am not sure what i should do, if this is a reach out to Acer affair or just fix it myself.  Both RAM and CPU are hardly being maxed if at all, whilst the drive is usually at 100%ish and i can see visible lag on my performance as a result. Please help! I dont wanna have to buy an SSD quite yet lol

Answer:Brand New E5 Struggling with 100% HDD Utilization

Check in task manager in the "Disk" column. What is causing the 100% disk usage? is it windows defender? If it is, then get rid of it - Turn it off. If its MacAfee, GET RID OF THAT ABSOLUTE PEICE OF JUNK I believe your laptop has a Western Digital WD10JPVX Hard drive, just like my laptop had. Oh, waht a horror McAfee was to that poor hard drive.  

9 more replies
Relevance 66.01%

I would like to upgrade my RAM from 2gb to 8gb but I'm having problems.

Answer:Struggling while picking which brand and quantity ...

You must specify what problems you have so people can help.





First, CALM DOWN and look at my profile picture. Calm? Now post your message. If I helped, a Kudos would be great! Marking as solution will help others as well, thank you!

2 more replies
Relevance 63.55%

Can not access the internet (Safemode or otherwise) Can not access Control Panel, Network Connection.
When connecting to the internet IExplorer just Flashes.
I got somethings back after running Combofix.
I get a error when trying to instal SAS (in safemode)that says "Failed to create shortcut, Aborting"
I get an error when trying to install MBam (in safemode)that says "CoCreateInstance Failed; Code 0x80040154"

I googled it and I ran A couple "RKills" till one worked.

ComboFix installed a recovery that did not work.
Got as fas as asking what I wanted to restore. The only choice was
1. C:windows but I typed in 1 and hit enter and just got a command prompt C:_ blinking
Please Help
Its a friends computer and she has lots of kids it looks like they have been on IMesh and Bearshare.
 

Answer:Virus/Malware SAS/MBam won't instal even in Safemode

Thought I should mention I am running

XP Pro SP3
Version 2003
1Gb Ram

Computer is a HP Pavillion
 

14 more replies
Relevance 62.32%

As stated, I need help regarding this.
I've tried to clean remove MBAM and re-install it but to no avail.
When I run the installer, it states, "CreateFile failed; code 80. The file exists".
And when I tried searching it, I can't find the file.
 
I uninstalled my outdated Avast Antivirus and installed the latest one, and the program won't run either.
 
Can anyone kindly assist me with this? ):
 

Answer:Virus/Malware preventing me from starting MBAM and my Antivirus Software.

Hello haekaru -
Are you stable to run in Safe Mode With Networking ? Ask if you need help.How to start Windows in Safe Mode
 
Download Malwarebytes Chameleon technologies get Malwarebytes Anti-Malware installed and running when blocked by malicious programs.
 
Usage -
Download Chameleon from the link to the right.
Unzip the contents to a folder in a convenient location.
Follow the instructions in the included Chameleon CHM Help File
Or if the help file will not open, simply try to run the files by double-clicking on them one by one until one of them remains open, then follow the onscreen instructions.
 
 
Thank You -
Edited to add Safe Mode link -

2 more replies
Relevance 57.4%

(posted this on the wrong part originally...sorry!)Hi everyone-A few weeks back, I got slammed with some type of trojan. My McAfee caught it initially, but it still infiltrated my system. One of those typical "Your Computer Might be Infected" types of trojans. I managed to run Malware Bytes which I thought caught everything and removed everything safely. However, there have been some strange things that are still happening which I think are due to the attack. My MalwareBytes will no longer update, nor will my McAfee. I have attached my HiJack This log, and I was hoping someone could get their eyes on it. One of the O4 entries (rundll32) seems odd..Any help would be greatly appreciated!Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSR... Read more

Answer:Struggling after malware attack

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

2 more replies
Relevance 57.4%

I am a newbe who is struggling to remove the maleware from my hijacked internet explorer. I would be grateful if anyone could lend me a hand. I attempted to run lavasoftadware, panda active scan and spyboot but I have been unable to remove the files. Thanks - SuzyLogfile of Trend Micro HijackThis v2.0.2Scan saved at 10:15:03 PM, on 10/3/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\SYMANT~1\VPTray.exeC:\Program Files\Common Files\Microsoft Sha... Read more

Answer:Struggling To Remove Malware

Hi suzyq? and Welcome to the Bleeping Computer!Download ComboFix from Here or Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stall

1 more replies
Relevance 56.17%

We are Dell resellers and had placed an order for 43 Laptops - Dell Latitude 3560 with Dell on 13th June, 2016. We delivered them to our customer on Friday 17th June, 2016. On Monday 20th June we discovered that all the Laptops are faulty and are not functioning properly. They have not been able to use a single system due to touchpad issues in the entire lot
We have made innumerable calls Dell to resolve the problem, but the team is unable to identify and rectify the problem. 
We have spoken to our partner account manager, regional account manager, Service Specialist and Escalation Team, requesting them to provide us with a solution at the earliest as their work is getting hampered. Our customer has to deploy the same by 1st July however they do not have any Dell Laptops functioning correctly.  
How do we escalate this to the Dell management and get a replacement ASAP
Regards

Answer:Who do you contact if the DELL India Escalation and Support Team fails to provide support for brand new Laptops

Hopefully one of the Dell rep see your post and be able to help. If no one answer your question then I suggest you contact Technical or Customer Support in the link below.
www.dell.com/.../Contact-Information

1 more replies
Relevance 56.17%

Listing requested logs for this issue. Thanks in advance for your assistance.
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Philip at 2015-06-01 11:10:33
Running from C:\Users\Philip\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================

Administrator (S-1-5-21-733529448-3193121913-2867107617-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-733529448-3193121913-2867107617-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-733529448-3193121913-2867107617-1003 - Limited - Enabled)
Philip (S-1-5-21-733529448-3193121913-2867107617-1001 - Administrator - Enabled) => C:\Users\Philip

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {5FD6C936-849B-5CE2-14BA-709E1D6FD1DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {E4B728D2-A2A1-536C-2E0A-4BEC66E89B67}
FW: Panda Firewall (Disabled) {67ED4813-CEF4-5DBA-3FE5-D9ABE3BC96A1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled man... Read more

Answer:Side bar "crazy score" and browser re-directs immediately after mbam-malware scans removing virus

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Philip at 2015-06-01 11:10:33
Running from C:\Users\Philip\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================

Administrator (S-1-5-21-733529448-3193121913-2867107617-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-733529448-3193121913-2867107617-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-733529448-3193121913-2867107617-1003 - Limited - Enabled)
Philip (S-1-5-21-733529448-3193121913-2867107617-1001 - Administrator - Enabled) => C:\Users\Philip

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {5FD6C936-849B-5CE2-14BA-709E1D6FD1DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {E4B728D2-A2A1-536C-2E0A-4BEC66E89B67}
FW: Panda Firewall (Disabled) {67ED4813-CEF4-5DBA-3FE5-D9ABE3BC96A1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version:... Read more

5 more replies
Relevance 54.94%

My linkI was referred here to this thread by Broni from another thread. He seems to think that there is something hiding that we couldn't find. Please help. Thank You.I included the link to the thread.

Answer:Malware Removal Team PLEASE help.

You need to follow the instructions given here as requested by Broni.

http://www.bleepingcomputer.com/forums/topic34773.html

3 more replies
Relevance 54.94%

Hello,

My name is Elder_Usr, and I would like to join your Malware Team. I do not have any proven experince in other Forums, but would like to show you that I can assist. I do have alot of time on my hands. I am certified through Microsoft, and would just like to help people.

Please let me know.

P.S. I am following this "http://forums.majorgeeks.com/showthread.php?t=182555" guide, and I don't know if this is where I should be posting.

Thanks.
 

Answer:Would like to join the Malware Team.

Unfortunately we are too busy to offer training to anyone who is not already a recognized expert. There are a few websites that provide training rooms. The process can take awhile to complete since there is a lot to learn and the people training you are doing it in their free time. Make sure that you are serious about wanting to spend the time to learn and have the time to perform malware removal this because it takes a strong committment. Check out the below sites:

BootCamp

Geek U!

What the Tech Classroom
 

8 more replies
Relevance 54.53%

>>Disclaimer #1: I do not work for Malwarebytes, so please do not shoot the messenger.<<

>>Disclaimer #2: Please submit your feedback directly to the Malwarebytes Team Members in the links provided below, rather than here in this thread (I cannot guarantee that they will see your comments and suggestions here).>>

Having said that, surveys are now open, until February 8, 2016, to submit the following, via the pinned threads at Malwarebytes Forum:

We Want Your Feedback - BugfixesAND, SEPARATELYWe want your feedback - New Features and Improvements

This is a great opportunity for all users to submit their suggestions and requests.
Cheers,

P.S. To the forum mod/Admin team: please feel free to move this post to the "MBAM Latest Version" thread, as you see fit.

Answer:MBAM Team seeks "Bugfixes" and "Features" for new version

Thanks for the information.

I just posted in both of those.

Jim

1 more replies
Relevance 54.53%

>>Disclaimer #1: I do not work for Malwarebytes, so please do not shoot the messenger.<<

>>Disclaimer #2: Please submit your feedback directly to the Malwarebytes Team Members in the links provided below, rather than here in this thread (I cannot guarantee that they will see your comments and suggestions here).>>

Having said that, surveys are now open, until February 8, 2016, to submit the following, via the pinned threads at Malwarebytes Forum:
We Want Your Feedback - Bugfixes
AND, SEPARATELY
We want your feedback - New Features and Improvements
This is a great opportunity for all users to submit their suggested bugfixes and "RFFs".
Cheers,
MM

P.S. To the forum mod/Admin team: please feel free to move this post to the "MBAM Latest Version Thread", as you see fit.

More replies
Relevance 54.53%

>>Disclaimer #1: I do not work for Malwarebytes, so please do not shoot the messenger.<<

>>Disclaimer #2: Please submit your feedback directly to the Malwarebytes Team Members in the links provided below, rather than here in this thread (I cannot guarantee that they will see your comments and suggestions here).>>

Having said that, surveys are now open, until February 8, 2016, to submit the following, via the pinned threads at Malwarebytes Forum:

We Want Your Feedback - BugfixesAND, SEPARATELYWe want your feedback - New Features and Improvements

This is a great opportunity for all users to submit their suggestions and requests.
Cheers,

P.S. To the forum mod/Admin team: please feel free to move this post to the "MBAM Latest Version" thread, as you see fit.

Answer:MBAM Team seeks "Bugfixes" and "Features" for new version

Thanks for the information.

I just posted in both of those.

Jim

0 more replies
Relevance 53.71%

Having trouble removing SpywareQuake virus from my computer. I've tried, Norton Antivirus, Microsoft AntiSpyWare, Spybot S&D, and Ad-ware with no success. If you can help I would appreciate it.

Here is my HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:02:05 PM, on 8/20/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Smtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\CURITY~1\cmd.exe
C:\Documents and Settings\Bill Towers\My Documents\?racle\ping.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\KODAK\Kodak EasyShare soft... Read more

Answer:Struggling with SpywareQuake virus

16 more replies
Relevance 53.71%

Hi all, new user here. I am running XP Pro and have been struggling with this virus for the past week or so. I have run Malwarebytes several times both as Admin and in safe mode and it found and deleted some trojan/virus. Then I also ran ccleaner. It still really ran slow and had ie redirects. Ran Adaware and cleaned. Still issues. While doing virus scans, I noticed thousands of IE temp files in a users directory I was not familiar with (not a user). I couldn't see that directory in Explorer, even with show hidden files checked. I was able to get to it in dos, so I deleted all the IE temp files there. I still have issues with IE. I ran Process Explorer and found the svchost process that was eating cpu. When drilling down in that process, I was able to see a TCP/IP tab that showed several foreign ip addresses being connected/disconnnected. So I am really paranoid. I have run the HJT log and am awaiting your directions. Thanks in advance..

Answer:Struggling with Virus/Trojan

Please follow these instructions:Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

2 more replies
Relevance 53.71%

MOD note - Split from this topic: http://www.bleepingcomputer.com/forums/topic384640.htmlHere is the DDS Log. I didn't see an option to attach the attach.txt and GRE logs to this email. Should I just paste them?.DDS (Ver_11-03-05.01) - NTFSx86 Run by Administrator at 14:16:02.90 on Sun 03/13/2011Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.64 [GMT -5:00].AV: Trend Micro Client-Server Security Agent AntiVirus *Enabled/Outdated* {E190D864-52CF-4319-B4EA-BFD07FFE2B7E}AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}FW: Trend Micro Client-Server Security Agent Firewall *Disabled* .============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\avgagent.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Kaseya\Agent\AgentMon.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Trend Micro\Cl... Read more

Answer:Struggling with Virus/Trojan

Hi, Welcome to Bleeping Computer.My name is Shannon and I will be working with you to remove the malware that is on your machine.I apologize for the delay in replying to your post, but this forum is extremely busy.Please Track this topic - On the top right on this tread, click on the Option button, and, in the drop-down list, click on 'Track this topic'. Under Subscription Information, click on 'Immediate Email Notification' and then click on the Proceed button at the bottom.Do Not make any changes on your own to the infected computer.Please set your system to show all files.Click Start, open My Computer, select the Tools menu and click Folder Options.Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.Uncheck: Hide file extensions for known file typesUncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Now, let's look more thoroughly at the infected computer -We need to see some information about what is happening in your machine. Please perform the following scan:We need to create an OTL Report
Please download OTL from here:Main MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Change the "Extra Registry" option to "Use SafeList"Push the button.Two reports will open, copy and paste them into your reply:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedPlease note: ... Read more

9 more replies
Relevance 53.71%

Hi there,

I'd like to start by saying thanks to anyone who can help. I've been trying to remove this virus for a few days now with little success.

Please bear this in mind: The virus actually took control of my computer and I restored it. The logs that I share FIRST are taken from before the original time.

Also, I have no GMER logs. Originally the laptop crashed before it had finished and I never managed to recover before I restored (system restore). I now can't open/copy or do anything with GMER.exe without admin permissions. Funny thing is I have admin permissions but i won't let me do anything with the file.

AVG 2011 Free picked up the virus and it claimed to successfully remove it although it needed to reboot. For some reason explorer.exe and itunes.exe seemed to be corrupted and were being treated as infected files.

OS: Vista Home Premium x32

This is what happens when you log in:
1. "WMIServi Application stopped working and was closed"
2. Every executable that isn't part of windows is blocked by the firewall.
3. Acer eNet Management tells me to "Check the status of the Acer eNet service"

When browsing the internet sometimes searches redirect to famoussearchsystem.com. Also, I left the laptop on all day and came back to see it had opened 16 windows on the same page (famoussearchsystem.com).

Using Malwarebytes Anti-Malware I found a number of corrupted files but the same happened as with AVG Free. It informs me to reboot but a... Read more

Answer:Struggling to Remove Virus

Sorry I cannot edit my first post but I thought this might be important. AVG was at the stage where it should have uninstalled but failed so I ran an AVG removal tool which rebooted the computer. I've had WiFi off since posting and on reboot a message popped up:


Quote:




VC.exe - Entry Point Not Found

The procedure entry point WSARecvEx could not be located in the dynamic link library MSWSOCK.dll.

1 more replies
Relevance 53.71%

Computer hangs. Long load times shut down times. Runs fine in safe mode with networking.
I downloaded adwcleaner, (from reading up on forums) and removed some threats there, but am worried i might still have more..
 
I am using windows 7 64 bit.
HP Pavillion dv7.
 
Any info you need on my part i will be glad to submitt it. I have ran tdsskiller and there is a possible tdss that might be bad but not sure..

 
 

Answer:Been Struggling for 2 Weeks with a possible virus

A quick update.
Here is a link i posted a few days back where i been getting a little help with my computer... Ill link it here so anyone helping me can read up on it and see where i am at.
 
http://www.sevenforums.com/general-discussion/302452-heat-damage-virus.html

1 more replies
Relevance 53.71%

HiI use Avira Anti-Virus software, and today it displayed an error and shut down. When I tried to re-open it, it said something about the initialisation of the modules and CRC or something. I didn't write it down. I downloaded the latest .exe file from their site and re-installed, when it scanned, it found the W32/Virut.Gen virus, and then things went downhill.I did a full scan with Avira, Malwarebytes and Spybot Search & Destroy. When they'd all finished and done their thing, I rebooted as they said some files would be removed upon reboot.Now when it boots up I get my desktop background, but nothing else. I can access Task Manager, but there's no C:Windows/explorer.exe file so I can't get the taskbar back.I've opened up Spybot and am re-running that, but am getting the annoying system beep that Avira uses when it detects something dodgy. This is going off every 2 seconds, literally. Needless to say, I've left Spybot to do it's thing.There's no process showing in task manager that has anything like "W32/Virut.Gen" as some of the forums have said to end this process. If anyone could shed any light or point me in the right direction to sort this out, I'd be massively thankful. I really don't want to have to re-format the hard drive again, as I only did it a few months back.Thanks in advance.CheersChris

Answer:W32/Virut.Gen Virus - Really struggling with this.

It's a start, have a look here. click here

7 more replies
Relevance 53.71%

It seems pretty inexpensive.

Anyone been using it? Thoughts?

Answer:The paid version of malware bytes

Have heard the real time protection is pretty good. But can generate some pop-ups that may be confusing to some. It acts as a bit of a firewall too. It will show blocked intrusion attempts from known questionable IP`s, possibly whole Domains.This is going on second hand info from people I know who use the paid version.Hoping someone will chime in who use`s the full version.

14 more replies
Relevance 53.71%

I am in need of a Malware removal service that can solve difficult issues on demand.  What is your opinion of the BEST!

Answer:BEST Pro PAID Service for Malware Removal?

There is no universal "one size fits all" solution that works for everyone and there is no single best anti-virus. Every vendor's virus lab and program scanning engine is different. Each has has its own strengths and weaknesses and they often use a mix of technologies to detect and remove malware. In many cases choosing an anti-virus is a matter of personal preference and what works best on a particular system. You may need to experiment and find the one most suitable for your needs.Please read:Choosing an Anti-Virus ProgramSANS Institute Choosing Your Anti-virus SoftwareMy personal choice is ESET NOD32 Anti-Virus if choosing a paid for program as it leaves a small footprint...meaning it is not intrusive and does not utilize a lot of system resources. Emsisoft Anti-Malware is also a good choice if looking for a paid for program and so is Kaspersky Anti-virus.

6 more replies
Relevance 53.3%

Right now we have two groups that manage our outside domains and outside DNS - The Windows admins and the Web Admins as they are the ones that require the most changes. Some recent SNAFUs with email MX record and our entire primary domain getting deleted has brought into question who should manage this stuff. The Web admins never really wanted the responsibility and are eager to pass it to someone else.

The Windows server team says they should control the external domains and external DNS because they already manage the internal DNS and DHCP via AD. To them managing the external DNS and domain is a natural extension of what they do.

The network team says they should manage it because they're the ones that'll have to poke the holes in the firewall and DNS is a network function anyway. Their main argument is by having the network team manage the external DNS it forces the Server and Web teams to go to them to make changes which adds dual control to the equasion.

The network team is also saying they should manage the internal DNS and possibly the DHCP servers as well since those servers provide network functions.

There is a battle royal brewing over this and I'm caught in the middle.

What do your organizations do and how are these responsibilites structured? I could really use some input here before the blood starts to flow.
 

Answer:Team Network VS Team Server for control of DNS....... FIGHT!

You can have it.
 

9 more replies
Relevance 53.3%

This is my first post. Apologies in advance if I'm breaking the rules.
I've tried to get rid of the Windows Repair Virus and am having no luck.
Plan was to run rkill, run MBAM and MSE, and Tweaknow or CC cleaner.
OS is XP
Installed Malwarebytes and MSE on the infected machine 3 weeks ago, but
I think this virus was there before that time.

Spybot Resident is enabled at startup.
MSE real time is enabled at startup.
I can't see any files (desktop, My Documents, etc)

Downloaded all 6 rkill files a and MBAM setup (with original and fake name)
to a flash drive.
Rkill won't run in normal mode.
It appears something is knocking it out.
I can't modify the Spybot settings to turn off Resident. (access denied)

I was able to get rkill to run in SafeMode. It only killed one process. (below)

C:\Windows\System32\verclsid.exe

MSE full scan ran, but found no threats. (yeah......)

Tried installing MBAM from the flash, but it hangs at "Saving uninstall information"
I am also getting Setup dialog box stating "Access is denied" , but it could be fake.

I chose Safemode with Networking, but it appears I can't get online.

Answer:Struggling with Windows Repair Virus

I think I'm good.

Finally got rkill to run. I think the key was doing it quickly after
startup. After that, everything went according to Windows Repair Uninstall Guide.

Thanks Grinler.

Now...I need to figure out how to close this discussion.

2 more replies
Relevance 53.3%

Not long a go my PC started playing up a bit. My firewall kept popping up more regularly than often with applications I didn't recognise. My PC then started to react very slowly, it took about 10 mins to restart.

I feel I have decent security on my PC with NOD32 virus scanner, and anti-spyware programs such as Spyware Blaster, Spybot - Search & Destroy & Ad-Aware SE Pro. I also clear any left over junk from my PC with CCleaner.

NOD32 has found a few threats. Here's a print screen of one.

Problem.jpg - ImageHost.org
---------------------------------------------------------------------------------------
NOD32 deleted a few nasty files and after running a scan with Spybot - Search & Destroy it found a fair bit of malware & trojans! I fixed the problems but I did another scan to see if any were left behind..turned out that they all were! Every entrie back again.

Here's a screen shot from the second scan: Trojans_Malware.jpg - ImageHost.org
---------------------------------------------------------------------------------------

Since Spybot - Search & Destory didn't seem to do the job, I download and installed Malwarebytes' Anti-Malware. I did a full scan and here are the results.

Malwarebytes_Anti-Malware_Scan_Results.jpg - ImageHost.org
---------------------------------------------------------------------------------------

I tried to remove the 21 infections most of them I hope were deleted but I got this message:

ImageShack - Image Hosting :: damndv... Read more

Answer:Struggling to remove Virus/Torjans(s)

Log looks clean.

Run Malwarebytes and combofix in my guide

2 more replies
Relevance 53.3%

Is it worth it? I have the free version, but would love that real-time protection. Is it better than Windows Defender for Windows 7??

ty.

Answer:Malwarebytes Anti-Malware Paid Version

I recommend taking advantage of the Malwarebytes Anti-Malware Protection Module which uses advanced heuristic scanning technology to monitor your system and provide real-time protection to prevent the installation of most new malware. This technology monitors every process and stops malicious processes before they can infect your computer. Enabling the Protection Module feature requires reqistration and purchase of a license key that includes free lifetime upgrades and support. After activation, Malwarebytes can be set to update itself and schedule scans automatically on a daily basis. The Protection Module is not intrusive as it utilizes few system resources and should not conflict with other scanners or anti-virus programs.

3 more replies
Relevance 53.3%

I have a paid subscription to ESET NOD 32.  I don't understand why you have a separate program for malware too?  I do use Malwarebytes, and check with it every few days as well.  If the Chinese hackers, or other type of hacker uses malware on drive by internet browsing, and they also can get into government systems.  If they aren't protected fully, how can I expect to be?  Thoughts would be welcome.  I already pay for the av, and Carbonite.  Thoughts?Edit: Moved topic from Windows 8 to the more appropriate forum. ~ Animal

Answer:why doesn't paid av programs take care of malware too?

Not all anti-virus companies have every computer infection in their definitions. Therefore its always good to get a second opinion with another security product. As anti-malware products are typically less resource intensive than a full-fledged AV program, it makes sense to utilize one of those along with an av product in order to cover all your bases.

12 more replies
Relevance 52.89%

Surveillance software maker Hacking Team has provided its government customers with the ability to infect the low-level firmware found in laptops and other computers that they wanted to spy on.
 
The company developed a tool that can be used to modify a computer’s UEFI (Unified Extensible Firmware Interface) so that it silently reinstalls its surveillance tool even if the hard drive is wiped clean or replaced.
 
UEFI is a replacement for the traditional BIOS (Basic Input/Output System) and is meant to standardize modern computer firmware through a reference specification. But there are multiple companies that develop UEFI firmware, and there can be significant differences between the implementations used by PC manufactures.
 
Hacking Team developed a method for infecting the UEFI firmware developed by Insyde Software, a Taiwanese company that counts Hewlett-Packard, Dell, Lenovo, Acer and Toshiba among its customers, according to security researchers from antivirus vendor Trend Micro.
 

Article

Answer:Hacking Team's malware uses UEFI rootkit to survive OS reinstalls

A Hacking Team slideshow presentation suggests that installing the UEFI rootkit requires physical access to the target computer, but remote installation can’t be ruled out, the Trend Micro researchers said.The fact that is can installed remotely is indeed scary. If it requires physical access then it's something else. Maybe a payload could infect a USB connected to a system and the malware could be installed during the restart or else.To prevent such infections, Trend Micro advises users to enable the UEFI SecureFlash option, to set up a BIOS/UEFI password and to update the firmware to its latest version so that it has the latest security patches. UEFI/BIOS updates are usually distributed by computer manufacturers through their support websites and some of them do fix issues identified by security researchers.This should be done as soon as possible for everyone. I'll do that tonight on my desktop computer and my laptop.

8 more replies
Relevance 52.89%

Source: http://www.neowin.net/news/microsofts-anti-malware-team-to-have-new-adware-rules-july-1

When people surf the Internet on their web browsers, it's just a matter of time when they hit a page that has an online ad which then tries to install something on their computer. This week, the Microsoft Malware Protection Center team announced it will have some new criteria to define when such activity crosses over into the annoying. and sometimes malicious, adware side.

Pop-up online ads have to have a working close window, according to Microsoft's new adware policies.

In a blog post, Microsoft stated that online ads start to cross over into adware territory if they run programs on a user's PC and create "notifications promoting goods or services in programs other than itself." If that occurs, Microsoft states there must be a clear way to close such an ad, like a prominent "X" or a close button in, for example, pop-up ads.

Ads that show messages such as "Your PC performance is poor" must also clearly mention they are ads and not suggest they are in fact warnings generated by a PC, under the new rules. Finally, if a program is installed via an online ad on a computer, there must be a clear way to uninstall it. Also, the name of the program in the uninstall listing must exactly match the name that's shown in the ad.

The new adware policies will go into effect on July 1, in order to give online ad companies time to change the... Read more

Answer:Microsoft's anti-malware team to have new adware rules July 1

Seems interesting.
 

11 more replies
Relevance 52.48%

1. Malwarebytes' Anti-Malware Professional
Malwarebytes tops the list once again with the professional edition of their flagship product. Unlike the free edition, the professional edition offers all the great things included in the free edition plus more. It offers real-time protection against malware and malicious websites known to the Malwarebytes database as well as automatic updating and scanning. When a executable file accesses memory, it is scanned by Malwarebytes. If malware is detected, execution is suspended and the user is alerted. The web blocking feature scans both inbound and outbound connections for known malicious IP addresses. If one is detected, Malwarebytes automatically terminates the connection and alerts the user with a simple bubble in the task bar. Incremental updates keeps Malwarebytes up-to-date quicker, allowing it to detect more malicious software. These great features are complimented by its great price. This is one of the main reasons Malwarebytes tops the list. The user pays a one time fee and recieves updates for life. This is a great compliment to any antivirus, even if you are using a free one. The only down side is that Malwarebytes can be little heavy on system resources and is not designed to run by itself.

2. Emsisoft Anti-Malware
Emsisoft's paid anti-malware product is a fantastic option for someone looking for comprehensive protection without having to buy a full internet security suite. It features both a signature based ant... Read more

Answer:Top 5 Paid Anti-Malware Applications: Beginning of 2012

Any source for this article ?

eXp
 

17 more replies
Relevance 52.48%

Windows Defender along with Vista's UAC do a great job and keeping your computer protected from Spyware. However should you feel the need or if your computer does get infested by spyware which Defender may or may not be able to remove, you may feel the need for an additional 3rd Party Anti-Spy !
WinVistaClub, a Microsoft Featured Community, in association with Emsi Software GmbH is currently offering the PAID Version Of A-Squared Anti Malware absolutely FREE ! If you wish to know the details, click HERE.

More replies
Relevance 52.48%

I have been a fan of Kaspersky for like 5 years now, have their products installed on 4 different devices currently and they have never failed me to date. But, even traditional AV' s cannot detect everything with their behavior-based technology, I was looking for 2 freeware programs to complement my KIS[Kaspersky internet security] on my windows 10 pc. After a lot of poking and snooping around the IOT's , I finally came upon a nice malware remover tool known as SuperAntiSpyware :- https://www.superantispyware.com/ and Zonealarm's free firewall solution :- https://www.zonealarm.com/software/free-firewall/ .I just wanted to know whether using these applications with my traditional AV would bog down my system resources considerably or not, as I currently have 8 gigs of ram, will it be a problem? . I hope I do not sound paranoid, but traditional AV's with their signature-based detection were long touted to be dead against 0 day exploits and what not, I guess practicing safe browsing and tightening your security with multiple applications and browser extensions such as ublock origin,disconnect,noscript,etc is the only way to go
 

Answer:Companion anti-malware+firewall to complement paid AV

Windows 10 can have issues with updates/upgrades when a third-party antivirus app is installed, so I stick with its built-in Windows Defender Antivirus app.

I also use Malwarebytes AdwCleaner and SUPERAntiSpyware (both free) every 7 - 14 days to scan for and remove any threats they may find.

I've never used Kaspersky, so I can't comment on it.

--------------------------------------------------------------
 

1 more replies
Relevance 52.48%

One of the posts said it is a bad HD but this is 2 months old and worked fine and works fine when I load UBUNTU, ZORIN, and even a Microsoft 8.1 ISO but not the 75.00 4 disc recovery and Install discs I paid HP that should of been included in the original purchase. I put disc one in and it goes to 30 percent then I get REDUCERCopy File FailsFrom E:\Preload\BASE5.SWMto  C:\RM|IMAGE|BASE5.SWM Again I can CD load UBUNTU ZORIN or Microsoft 8.1 ISO from Microsoft site BUT I loose all the things I paid HP for such as my Finger Print Reader. I feel like I got FLEECED twice but HP.    Help PLease

More replies
Relevance 52.07%

Hi All,

I'm yet another person who is trying to get the Google redirect virus off of my computer and I've been trying to educate myself on some of the more common fixes to the problem. I am running windows XP on a Dell E510. I discovered the problem yesterday and here are the steps I've taken so far:

1. Spybot deep scan
2. Systemsuite 7 professional deep virus scan
3. Avast antivirus scan
4. Malware byte's Anti-malware scan
5. SUPERanti-spyware scan
6. Regcure registry cleaner
7. Reboots after each scan
I've tried to run the Gooredfix program but all that comes up is a log. I've seen other people say that there should be a menu of some sort where I can press 1 or 2 for different settings but I have not seen that. A small black screen that looks like a DOS prompt comes up for a split second but then it goes away before I am able to type anything in. I'm wondering if I'm doing it right or if the malware is preventing me from running the program.

I'm not sure if I should post any logs so I will wait until I'm instructed to do so. Can anyone help walk me through this?

Thanks!

Answer:Struggling with Google redirect virus and can't get Gooredfix to run properly

Hi,

Just an update. Still can't get Gooredfix to work correctly but I put up a firewall and that seemed to keep the redirects from happening. Browser is still VERY slow and I can't tell if it's because of the virus (which I'm sure I still have) or if it's just because of my firewall settings. I checked my firewall log and I've had TONS of inbound Port Scans detected, all of which are labeled as "major severity" and are coming from a remote host whose IP is either 208.59.247.45 or 208.59.247.46.

So, I've managed to neutralize the redirects for the time being but I'm still concerned about the virus and it's affects on my computer. Does anyone have any ideas of further steps I can take?

Thanks,
Jason

4 more replies
Relevance 52.07%

Hi there... I've used this forum before to diagnose a problem on my own computer.

Now my little sister's laptop is beyond help i think. Whenever she turned it on it would say error messages about memory or something and then if she tried to open ie or firefox or her virus program to run...F-secure i think. it would turn itself off.

I started it in safe mode...f5...and installed malwarebytes. the only thing that worked on my computer when it was down.
I will put the log below...however since running this and getting rid of it all. it is still having problems and when i try to run mbam in normal mode. it finds problems. and still has memory issues. Any Help please much appreciated?

Malwarebytes' Anti-Malware 1.33
Database version: 1739
Windows 5.1.2600 Service Pack 3

09/02/2009 18:27:38
mbam-log-2009-02-09 (18-27-21).txt

Scan type: Full Scan (C:\|)
Objects scanned: 150868
Time elapsed: 41 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 20
Registry Values Infected: 9
Registry Data Items Infected: 6
Folders Infected: 10
Files Infected: 74

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.Fa... Read more

Answer:Laptop turning itself off - virus software and memory struggling

Hello . this scan was run from safe mde correct? I need to know 1) as the remove selected button clicked after the scan and 2 was the machine rebooted after and into normal mode.Can you open IE yet?

21 more replies
Relevance 51.66%

Had a friend look at some unsavoury websites the other day and ever since I've had issues with the computer.I got a DLL missing error - C:\windows\system32\sshnas21.dllI did a quick search on this file and I found it is a virus.McAfee has quarantined these trojan (please see attached).Here is the DDS log-DDS (Ver_09-12-01.01) - NTFSX64 Run by Cecelia at 11:18:00.89 on 27/02/2010Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_18Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.4055.2077 [GMT 0:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\syste "c:\program files (x86)\skype\phone\Skype.exe" /nosplash /minimizeduRun: [CTRegRun] c:\windows\CTRegRun.EXEuRun: [SightSpeed] "c:\program files (x86)\dell video chat\DellVideoChat.exe" -bootmodeuRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [LosAlamos] rundll32.exe c:\windows\system32\sshnas21.dll,AttachConsoleAuRun: [ROUA3O12PW] c:\windows\msa.exemRun: [Microsoft Default Manager] "c:\program files (x86)\microsoft\search enhancement pack\default manager\DefMgr.exe" -resumemRun: [DellSupportCenter] "c:\program files (x86)\dell support center\bin\sprtcmd.exe&qu... Read more

Answer:Need help from the combofix team for a virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

6 more replies
Relevance 51.66%

so i was playing Team Fortress @, that i play a lot. and this cheater joins, never seen one on this server before, but is just messing around, and not causing to much trouble. anyways,, after the first map change, my computer freezes, and my screen gets like TV snow. and now it happens whenever i play any game I've tried so far, and the server is empty, so I'm assuming that this person gave us all this virus or something. I've run superantispyware and am running my other stuff, and haven't found anything yet.
 

Answer:team fortress 2 virus?

12 more replies
Relevance 51.25%

Hey everyone, I am currently looking for an Internet security suite that best suits the following criteria in order of preference:

1- a very high detection rate
2- real time protection or whatever preventing malware from infecting my system is called.
3- user friendly
4- light on system resources.

I've been trying out NIS 2009 for a while and it's rather pretty nice with a decent detection rate. NIS 2009, KIS 2010 and ESET are the obvious choices from what I have gathered.

Please chip in. Thank you.

Answer:Best Internet Security Suite - Paid or Non Paid

I am biased I suppose, having used Comodo products to safeguard my PC for years now without any major faults found but you won't get better than the latest version of Comodo CIS and it is free. Here are a couple of reviews of it and there has just been an update to the version reviewd which in my view is even better than said version. Good luck.http://www.matousec.com/projects/proactive...roducts-ratingshttp://malwareresearchgroup.com/?p=1115

11 more replies
Relevance 50.84%

Hi, i am looking for the best paid antivirus. I don't really care about the cost as i am willing to pay as much as i need to to protect my computer. I have been on AV-comparatives website and apparently Avira Antivir Premium is the best. Now i want results so please tell me what you think. THX.
 

Answer:Best Paid Anti-virus

why you want to pay when you have the best antivirus in the world and it's FREE---AVAST.for years I work with AVAST and never had a single problem.and it's have this unique feature-boot time scan.so it's up to you.
 

3 more replies
Relevance 50.84%

The best paid anti virus of 2016 ??

Answer:Best paid anti virus

There is no best. However i would recommend either ESET or Kaspersky. You can get a free trial for both.

0 more replies
Relevance 50.43%

Hello all, 
 
Long time lurker and faithful follow of bleeping computer. What a wealth of knowledge and support here which is uncanny. Just as the title states I am heading off to college in a few weeks with my new windows 8.1 computer in hand. In the past I had no fear of remvoing and fixing my PC's especially with the assistance of what I considered to be the best program Combofix. Well it is not supported on windows 8.1 obviously so now my nerves are rising. What program would be near Combofix's abilites if any? Also, what is the must have programs I should use to keep or kill threats so if the time should come I will have the smallest amount of downtime and be able to get back up and running in my dorm. Thanks all !!!  

Answer:Going away to College! What is the dream team of Virus removal?

Hi there,ComboFix is a manual removal tool created for trained malware removal helpers to use - it is not meant to be your daily AV or AM software. Using it incorrectly can break your machine.To answer your main question... There is no "one size fits all" solution, otherwise all other AV vendors would have gone out of business. What you want to use depends mainly on your taste and your hardware specifications.Also the most important factor in security is the end user... if you are not careful with your use then no software will be able to save you from infections.Best Practices for Safe Computing - Prevention of Malware InfectionHow Malware Spreads - How did I get infectedAbout those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs)With that in mind, do you have any particular requirements for your use? Free or paid, low overhead, easy to use etc.?Regards,Alex

14 more replies
Relevance 50.43%

We are a FLL team. A parent donated an old, family laptop to our team, but it is riddled with viruses. We ran Malwarebytes and removed 69 viruses, but there are still occasional alerts that pop-up, warning us that something is trying to call out to malicious websites -- so we don't think Malwarebytes removed everything. Can you help us clean-up the rest?

TSG SysInfo:
=============================================================
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM)2 Duo CPU T7800 @ 2.60GHz, Intel64 Family 6 Model 15 Stepping 11
Processor Count: 2
RAM: 4093 Mb
Graphics Card: NVIDIA Quadro NVS 135M, 128 Mb
Hard Drives: C: Total - 302873 MB, Free - 262148 MB;
Motherboard: Dell Inc.,
Antivirus: Microsoft Security Essentials, Updated and Enabled
 

More replies
Relevance 50.43%

I will explain my problem exactly as I have experienced it. No detail has been omitted.I first spilled a wee bit of water on my touchpad. I do not believe that this is the reason for my problem, but I am mentioning it for completeness' sake. I then downloaded a file which I should not have. Within this was an installation file which I partly began. At this point, my Avast program went amok and I realized something was up, so I shut the installation down, and immediately tried to delete everything I had installed. During this process, weird things started happening: my computer would freeze, I once got the "Windows 10 Crashed :-(" blue page, and my Google front-page changed and ad-blocker disappeared. Also, weird little programs showed up on my desktop, they were games as far as I could tell. I was confused as hell, but I carried on, removing all of the 3-4 programs that had been installed from "Remove programs", incuding something called "search2social", and then just putting the programs that popped up on my desktop into the trash bin.I sighed in relief and thought this s--- was over. But then, shortly after, my touchpad went crazy. I can't quite recall what was happening, but I am sure that the two buttons were not working correctly, and neither could I click by tapping the touchpad. I restarted my computer and this leads me to my current predicament. After the restart, none of my touchpad-buttons will work. This holds true for a wireless mouse as well (this leads me to bel... Read more

More replies
Relevance 50.43%

English ainīt my native language, so please, overlook my shortcomings and lack of politeness. Endless auto-loop on activation, even the boot broke down. Have specified what my needs are without any replay from Microsoft. The, by stationary phone, received activation code, from Ms, only work for 3 days. After that the same deactivating-reactivation mess revitalized by Ms . Ms claim that my hardware has change a lot (during three days!) and therefore a reactivation of Xp-home was a compulsory need. The activation code didnīt activate windows XP-home, not even for 3 more days, instead is seemed rapidly turned outdated and obsolete. To get a new activation code, by mobile phone, have Ms made an impossible task. Ms office in Kista-Stockholm-Sweden have no interest in contact with customer at all that have already once paid for Xp-home. I made a personal visit to them. They were polite, but that was all. I tried real hard to equal return their politeness whit the same. I canīt see any reason why I should have to go through a lot of time- wasting result-less trouble just because Ms are trying to get paid double. Why does not Ms send me the requested files instead? What happened to honesty and Ms own policy rules? Of cause I create a reset point before installing SP3. Copyrights on files, made by me, using rstrui.exe are not by any law property belonging to Ms. Instead the creator of the reset files must be the owner of the legal rights in question. Ms do not respect others immate... Read more

Answer:Ms deactivate virus are made for getting paid twice. No help

It's pointless trying to talk to Microsoft as XP is an old system as far as they are concerned.As long as you haven't formatted the harddrive your files are still there so your first task is to recover those. You need an external drive big enough to hold your data then get a Linux disk - (Ubuntu for example, which can be downloaded as an iso, created using Nero or any other burning tool, and then run it as a Live disk (ie do not install it) ). This will give you access to the file system on your computer and you can then copy your data onto the external harddrive.Once you have done this your best option is to just reinstall XP as long as you have the activation key from the side/base of your system."I've always been mad, I know I've been mad, like the most of us..." Pink Floyd

15 more replies
Relevance 50.43%

I am going to change from Norton to another anti -virus software.
Have gotten responses from forum members recommending AVG, avast.
Looked at avast and they offer a paid software package in addition to their free one.
The paid one has options similar to the norton internet security I already have.
 
Does anyone have an opinion on this? I am willing to pay for the software, I just don't want to get infected like I did with the Norton version. I'm thinking the paid version will help keep me out of trouble.
 
Any thoughts?

Answer:Advantages of paid anti-virus ?

kaspersky internet security 2013 and peace of mind......
its the best i had it paid and i didnt have any problems.
if you want to go free choose comodo firewall and avg
or comodo internet security its also free and it has many great feautures that others free dont.
check this out http://www.comodo.com/home/internet-security/free-internet-security.php?track=1716&key5sk1=a849845bdec660cfc150fcf0baaa791776d01811&key5sk2=&key5sk3=1361919106000&key5sk24=1716&key5sk25=1361675124000&key5sk26=1716&key5sk27=1361919147000&key6sk1=comodo+internet+security+abilities&key6sk2=CH250136497&key6sk3=7&key6sk4=el-gr&key6sk5=GR&key6sk6=0&key6sk7=Google&key6sk8=116602&key6sk9=1366768&key6sk10=true&key6sk11=28e9a5855245579345470f2e21f11013c3f3257b&key6sk12=2034&key7sk1=212314&key1sk1=ors&key1sk2=Google&key1sk3=comodo+internet+security+abilities
its your desicion but if you are going to pay you cant go wrong with kaspersky

3 more replies
Relevance 50.43%

recently assuming that it would be better because i had to pay money for it, i got Norton Security Center. I found the whole package slowed my PC down immensely, aswell as the virus scanner not finding viruses that freely available software did!

Has anyone else had any bad experiences with paid-for software?
 

Answer:Worst Paid-For Virus Software

Far too many posts to qoute any ....that's one of the reasons MG's has the NOrton uninstall tool!!
 

11 more replies
Relevance 50.43%

my anti virus is due to run out in a week,am with kas 7 at the mo,do i buy another year of kaspersky or go for a free one like avg,do u have to have a seperate firewall prog with AVG? also ,do i have to use a removal tool for kaspersky or just delete from add/remove programmes ?

Answer:paid anti virus or free one?

There is absolutely no reason to pay for any AV program with the likes of Avast and AVG being available for free.Yes, you do need a separate firewall with both Avast and AVG.

10 more replies
Relevance 50.43%

And perhaps other security software.

I've been doing some research, and so far it seems TrustPort is the best anti-virus out there. I've tried the trial edition, and its really lightweight (even more then Eset) and according to AV comparatives it has the highest detection rate with a low number of false positives. Only problem is that the website doesn't specify how long the license is, but my pessimist side tells me that it's only for one year which makes this product somewhat pricey.

I'd also like to try a paid spyware removal but so far i haven't found anything i like. Spysweeper seems to be the most popular choice but it was too much of a system hog for me. Superantispyware seemed to work a lot better (despite the ridiculous name), but it tends to slow my computer a lot during boot up or shutdown.

As far as firewall is concerned, right now i'm using Kerio 2.1.5 for outbound, my router for inbound, and geswall for HIPS. This setup works perfectly (and its free too boot!), but you never know, perhaps there is a paid solution out there that works even better.

Any thoughts on all this?
 

Answer:I need recomendations for paid anti-virus

it's all a waste of money.

just use MBAM+hijackthis and microsoft security essentials.

(side note, i've never used AV, and ive never gotten a virus, but i'm just damned careful)
 

28 more replies
Relevance 50.43%

I need to get a good anti-virus program for my new Windows 8 machine. I am currently using AVG free but I am willing to purchase something else if it's better.

Can anyone recommend a good anti-virus program for Windows 8?

Thanks!

Answer:Best (Paid) Anti-Virus Program?

What's wrong with the built-in Windows Defender (which is basically MSE)?

Paid anti-virus software tends to cause more problems than they help, as well as taking up gobs of resources. It's not really necessary to go overblown on security suite apps anyways.

21 more replies
Relevance 50.02%

New Text Document.txt

2.txt

Answer:I ran MBAM for suspected Malware now what do I do

Also this is from adwcleaner

9 more replies
Relevance 50.02%

Okay I have gotten malware and crap a few times, and I got rid of them all no problem. I used the classic RKILL.exe and MalwareBytes method. Each time I got rid of them. I got infected with AntiVirus.NET and System Tool 2011, a couple days ago, and I used RKILL which didn't really terminate anything except userint.exe. And I did it in Safe Mode and normal mode right when the desktop loaded up. Earlier today I used MBAM and it found 7 infected objects, all Trojans and crap. It quarantined and removed all of it. All good right? NOPE. I restart the compy and it's got the fake ass bg saying "WARNING YOUR COMP IS INFECTED" with a bunch of binary code and stuff, you know that old chestnut. And I got Sytem Tool and stuff just chilling being all "Problem, Bro?" and a bunch of pop ups trying to "help" me. I followed all the malware steps like I'm supposed to like I have a million times, but it's not working for some reason.

Answer:MBam not fixing the malware.

Hello TheKeeper. My name is Baabiouz and I'm glad to help you.Can you run DDS and post the logs in this topic.http://www.bleepingcomputer.com/forums/topic34773.htmlStep 7->

7 more replies
Relevance 50.02%

HI I am running in safe mode and really need some help, the following is my hijack log:
DDS (Ver_09-07-30.01) - NTFSx86 NETWORK
Run by Administrator at 17:34:46.90 on 11/08/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.222.103 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GXQVK9E3\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=presario&pf=desktop
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q106&bd=presario&pf=desktop
u... Read more

Answer:malware mbam will not run [Computer 1]

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 50.02%

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz, Intel64 Family 6 Model 37 Stepping 5
Processor Count: 4
RAM: 8047 Mb
Graphics Card: ATI Mobility Radeon HD 6370, 1024 Mb
Hard Drives: C: Total - 476837 MB, Free - 423953 MB;
Motherboard: Hewlett-Packard, 1411
Antivirus: Microsoft Security Essentials, Updated and Enabled

I have tried to delete AVG paid 4 times and yet it is still listed in my system in the program list what do I do?
 

Answer:Solved: It won't let me delete AVG Paid anti-virus

Try using the AVG Removal tool You must select the correct tool to match the version of AVG installed and the bit rate (32 or 64bit).
 

3 more replies
Relevance 50.02%

i am planning to purchase an avast anti virus so please suggest me which is the best avast version? avast premier or avast anti virus or avast 7 etc......
regards all friends

Answer:which is the best avast anti virus paid version?

Hi quickslvr,

I have no experience with the paid version; however, I do have a great deal of experience with their free versions, and I can tell you that the free version provides adequate protection for most individuals. I have been using the free version since Avast 4 (or maybe even earlier) and I have never been infected. The beauty of Avast is you get the warnings "before" a website can infect your PC (it blocks the download and warns you to leave the website). Right now, I'm running on the newly released Avast 8.0.1482 and it is running without issue on both of my rigs. Now, if you are interested in their paid versions, I would strongly suggest you visit their forums and browse for problems because I really don't think they have worked all of the kinks out of them yet.

2 more replies
Relevance 50.02%

I like using paid antivirus.I've used the free trial but I always uninstall them before its runs out so I dont have to pay.I've used one in particular.How much time should you leave it before you install it again ?

Answer:Paid anti virus:how often can you use them for a free trial?

Once a trial version has expired it cannot be used again. Reinstalling it will not work.
Purchase the software or use one of the many free products.

4 more replies
Relevance 50.02%

Do I need any more anti virus software as I have a licenced copy of Malwarebytes?
 

Answer:Do I require Anti Virus as well as Paid for Mailwarebytes

Yes.

http://www.bitdefender.co.uk/solutions/free.html
 

12 more replies
Relevance 50.02%

AV-Comparatives has released a detailed report comparing the differences between free and paid antivirus software.
https://www.av-comparatives.org/free-vs-paid-2017/
Hopefully this will settle all arguments.
 

More replies
Relevance 50.02%

I did a google search and it seems there are now or soon will be at least 2 security suites for Windows 7:

1. Norton Internet Security Suite 2010

2. Kaspersky Security Suite 2010

According to the reviews, it seems that both do an OK job, but still in Beta until closer to Windows 7 shipping. Just wondering what others think may be best. I am looking for REAL good, not cheap or free.

There was a good write up on the Norton Security Suite 2009 in Maximum PC recently and they said they have made good progress and it now has a much smaller memory footprint and is a lot better than before. They think 2010 will be as good or better. Does anyone know if it has a "game" mode or such where it still protects but takes the least amount of memory? I think Kaspersky has this in the 2010 suite.

Thanks for any thoughts.
 

Answer:Best Anti Virus Suite for Windows 7 that is paid for?

Why do you need a suite?

If I had to pick, I would probably get Windows Live Onecare as it outperformed both Kaspersky and Norton in the last AV-Comparatives tests.
 

73 more replies
Relevance 49.61%

cont'd from http://www.bleepingcomputer.com/forums/topic415205.html

Hi,

I am running Windows XP Home Edition SP3 on a Compaq Mini netbook and recently got infected with a trojan or a virus. I've been trying to clean it for a while with no luck. It used to asked me to buy a fake antivirus software, but it doesn't do it anymore. It may be the MSBlaster trojan.

When I try to open it in safe mode, it closes all the antivirus programs including hijackthis and malwarebytes.

I tried renaming malwarebytes and run it but did not work. It stats scanning and closes after 5 seconds.

Even in safe mode, there is a suspicious program in task manager named 472196741:2061097699.exe which I can not kill using task manager.

None of the network connections (including internet) do not work on the computer but I have another laptop to transfer files through a USB.

I was able to get the full DDA log, but the virus closed the GMER application once it was done scanning which makes me not able to get the GMER log.

Please help!

Thanks

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by User at 20:33:03 on 2011-08-19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.486 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4F... Read more

Answer:trojan/virus closes all anti-virus software and mbam

I'd like to continue resolving this through spybot.com forums. Please close the thread. Thanks.

2 more replies
Relevance 49.61%

I worked with Broni all day today and he was extremely generous with his time. My problems started about 10 days ago when I found the Vista 2012 Security virus on my machine. My AV quarantined the viruses but I had no internet. I ran the various fixes including Rkill and Combo-Fix and got my internet back a few days later. It was fine all week and then yesterday it went down again. Broni helped me through the following thread:

http://www.bleepingcomputer.com/forums/topic441308.html/page__st__15
He helped me get my internet back and my system seemed to be running better than ever tonight. Then, after running the Mini Tool Box and aswMBR tools, the computer restarted and couldn't. It asked me if I wanted to go to a restore point and repair which I selected Yes to. It restarted, slowly, and I found that my firewall was disabled, my MBAL was corrupt or missing and my Avira Anti-Virus was shot as well. Scary.

Broni then told me to follow these instructions here:

http://www.bleepingcomputer.com/forums/topic34773.html
I have begun to do that and will post the logs associated with the steps. I really appreciate anyone that can help me.

Answer:Please HELP me... Virus has knocked out firewall, Anti-Virus, MBAM and internet!

DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_26
Run by Todd at 22:52:16 on 2012-02-04
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2036.1314 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:... Read more

49 more replies
Relevance 49.61%

Hi, 
 
I have a Lenovo desktop with lowly Core i3 2100 processor running Windows 7 64 bit. Somehow malware has gotten a hold of it, and it is blocking normal use (or initiating insane scrolling) of type-in windows for operations like "Save As" in MS Office or the "Run" window in the Start Menu. It's also messing with folder view in Explorer.
 
Norton AntiVirus shows all normal after an update and scan. Windows malware tool is snoozing unaware of any issue.
I downloaded Kaspersky and ran the free virus scan; all pretty much normal.
I then tried to download and run MBAM, but when running Setup, when I try to choose English as the user language, it only lets me select Catala! (cute, eh?)
Norton gave a false positive for WS.Reputation.1 when downloading FRST, so I turned off antivirus temporarily to download and execute.
So that's where I'm at. I would run MBAM if I understood Catala! Pasted here is my FRST log file and attached is the "addition.txt" file.
 
Note, I do have an accessory back-up drive (G:) which has both file back-ups and a system image on it. It was attached and running when I ran FRST. I am a little hesitant to mess with my system with the drive running, as it's my only back-up of all my files.
 
Thanks so much for your advice.
 
 * * * * 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Anne (administrator) on ANNE_DESKTOP on 21-07-2015 12:30:05
Running from C:\Users\Anne\Downloads
Lo... Read more

Answer:Win 7 Computer has malware, can't install MBAM normally

Apologies for the duplicate posting. Computer is acting up enough that this website showed as "nonresponsive." I would delete the duplicate posting if I could.

10 more replies
Relevance 49.61%

Ok im having problem using Mbam(Malwarebytes)free edition with my Sony Vaio Laptop VPCEE42FX Windows 7 Home Premium sp1 64bits. The first time i installed mbam it runs perfectly and what happened in the next day is i downloaded some application called "My Lockbox" v. 2.8 with KeyGen and after clicking the keygen my computer starts run slow and start crashing ( windows hang , cant open anything , cursor is loading and able to move ). After that, i found out that mbam is causing my computer to hang because i run Clean boot everything works fine but when i enabled mbam in startup and services my computer is starting to hang again.

I was trying to install Superspyware but i cant install it i dont know why, however im able to run full scan of my AVASt AV and Mbam both in Safe mode and Normal mode but still nothing found. I also tried using rkill + mbam full scan but still no malicious item found. Also tried using chkdsk /r /f and sfc /scannow but still didn't resolve the problem. Later i will post the log file of Rkill and Mbam cause im currently running Combofix(sorry for that) in my laptop right now (im in 2nd computer)

I dont know if my laptop has a virus/malware or corrupt registry or whatsoever. Thanks in advance! God Bless!

Answer:Malware causing mbam to crash

ok its already an hour trying to install ComboFix but the installation procedure is not moving its still in ..

"Extract: blah blah
Extract: blah blah
Extract: blah blah
C: blah blah
C: blah blah"

Is this normal? How long does ComboFix takes time to install?

Edit:
Ok i have read this link http://www.bleepingcomputer.com/forums/topic273628.html and immediately i went to my laptop and stop the combofix from installing. But again the installation procedure seems stuck.

44 more replies
Relevance 49.61%

Hello I cant run mbam, combofix or antispyware. I have run mgtools and here is my log. any help will be greatly appreciated. Thanks in advance
 

Answer:Cant run mbam combofix or any other malware programs

First off, it is a very bad idea to allow all users to have Admin. privileges. Once malware gets into the system on an Admin, account, it has free reign of the computer.

Go to start / run / and type:
services.msc

Scroll through the services and look for this:
vbma640d

If you find it, disable it.

Now, use windows explorer to find and delete:
C:\WINDOWS\Tasks\9D5FF430B8309A5C.job
C:\Documents and Settings\All Users\Application Data\.wtav

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.




REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\bhoreg]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vbma640d]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vbma640d\Enum]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vbma640d]

Click to expand...

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now see if you can run any of the other scans. ( Also, make sure you agree to the license to run HJT when you re-run MGTools!!)

Now run the C:\MGtools\GetLogs.bat file by doub... Read more

5 more replies
Relevance 49.61%

Following the instructions of BoopMe in the "Am I infected" forum, I ran TDSS Killer, ADWCleaner and ESET Online Scanner. ESET detected Somoto in my backup files. It seems that I got rid of it, however there still could be a MalwareBytes interference, since it did not detect any infections while I had the Somoto and Bundled Installer. Also, during the time I was infected, CPU usage was rather high which is why I disabled indexing by Search Index. I also lost all icons in the start menu and was left only with empty folders. Also, maybe irrelevant, but when I run Sticky Notes, the font is not as it was by default and if I open another sticky note I cannot close it, not even the first one. I can only close them if I exit the program altogether.
Thank you!
Oh, and the topic was started because I often got MalwareBytes notifications that it successfully blocked access to a potentially malicious site, it just popped out, the site was 31.133.56.176
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457
Run by XX at 17:25:25 on 2013-01-26
#Option MBR scan is disabled.
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.385.1033.18.2849.825 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ========... Read more

Answer:Possible Protected Malware bothering MBAM

Hello and welcome to BleepingComputer. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF). Please go here to see a list of programs that need to be disabled.**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.****Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**Please include the C:\ComboFix.txt in your next reply for further review.

39 more replies
Relevance 49.61%

I somehow picked up a nasty piece of "ransom-ware."This afternoon I ran Ad-Aware (the free version) and it complained that it found a trojan. The file it identified was the executable of "Free Hi-Q Recorder," a free program I installed almost a year ago and have not run in at least 6 months. I was suspicious so I exited without removing or quarantining the program.I then ran MB Anti-Malware. The first thing I did was check for updates -- one was found. While downloading it I got an alert from Spybot S&D that a value was being changed. I assumed (probably incorrectly) that this was MBAM and I okayed it. I then started MBAM.Avast! immediately began reporting viruses and, while MBAM was running, reports that too many identical emails were being sent. I manually stopped each one. I got a "license" form for something similar to Superantivirus 2008," Firefox windows opened and tried to connect to the Superantivirus site and another site for something like "SuperiorAntiVirus 2008," etc. (Firefox blocked those sites.)When MBAM finally stopped it found many (maybe 20+) infected files. I "fixed" them all. I then ran Spybot and got rid of all the threats it found. I ran CCleaner and dumped my temp files, etc.I then ran MBAM again. It found a few more trojans, etc. I fixed them and it warned me to run MBAM again in "Safe mode" to make sure I cleaned them all. I did. Then I ran MBAM and it came up cle... Read more

Answer:Malware surviving MBAM and Spybot

Okay, I read some additional posts and saw that I should permit changes to values after I run MBAM -- I did that and I seem to be clean.Firefox seemed to be hijacked -- my first selection whenever I ran a Google search sent me to a shopping site. I solved that by clearing all my cookies.I still have the red shield in the tray, and I'm wondering if it's a valid Windows alert. I went in through:Start >> Control Panel >> Security CenterAnd it appears that the Windows firewall is down. I'm on a small network of family computers behind a router. My wife uses her business computer behind that router and I believe she has a firewall set up, but her business computer is critical and she's in charge of security settings for our network. I'll check with her. In the meantime, since I never had this warning before, I assume I had it running before (it's been years since I set this up) and I suppose I can set it up to run at minimum settings. Whatever virus this was, it disabled the Windows Security Center and I assume that's when the firewall went down.Anyway, I'd still appreciate any comments or advice I can get. I'm already adhering to all the safe internetting principles I've read about. I'd appreciate any advice.Thanks.

24 more replies
Relevance 49.61%

IE runs then unexpectedly closes. Also MBAM reports blocking a connection to a potentially malicious website almost every 5 minutes. Hitman Pro log to follow.
 

Answer:IE Closes and MBAM blocks malware

Attached are the Hitman Pro files. The single file was too large to upload. I cut it into 3 individual files.
 

10 more replies
Relevance 49.61%

Had a malware attack, detected in Malwarebytes Anti Malware. Computer is running really slow. Can anyone help me?

Thanks

Answer:Malware attack, detected in MBAM.

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

13 more replies
Relevance 49.61%

My neighbor asked my help in dealing with a problem on his Windows XP desktop. I discovered that his system was infected with WinPC Defender malware. I Googled and found bleepingcomputer's MBAM removal tool. Since the incessant popups on my friend's system prevent or impede a lot its functionality -- including getting an uninterrupted internet connection for a direct internet download! -- I decided to try using my own PC to download MBAM to my HD, and then copied it to my optical drive onto a blank CD-R disc.

My first question to the forum members is: Can I successfully install the CD-stored MBAM tool to my neighbor's PC as an alternative to the internet download method?

Note: If this method is deemed to be an effective alternative, then I should also mention that I planned to install it to my neigbor's PC while in Safe Mode.

My second question then is: Will the Safe Mode installation be possible -- or better yet, helpful?

Please help me help my neighbor! Thanks.

Answer:MBAM malware removal tool

Yes, it will work
Mbam is best run in normal mode, if possible

5 more replies
Relevance 49.61%

Hello all, and thank you in advance for helping me out. I had a virus/malware problem a few days ago that looked like a typical "Security Essentials" or "Security Tools" malware/virus. I am running Windows XP, build 2600.xpsp_sp3_gdr.101209-1647:service pack 3. I started in safe mode, and I ran RKILL.com and then followed it up with MBAM. It found multiple infected files (roughly 20) and I restarted, updated MBAM (the virus wouldn't let me update it prior to the first scrub) and rescanned. I found a couple more infected files(maybe 5 tops). I then restarted again, rescanned and MBAM found nothing. I thought I had beat this virus, but I was very, very wrong. I started getting re-directs from Google when searching online. I also found that my computer has been running incredibly slow since I first went toe to toe with this virus. So, today I started windows in safe mode and tried to run RKILL.com. I instantly had a window pop-up that was the "open with" dialog box. The program it was trying to run was iexplorer.exe. Every time I tried to close out of the pop-up "open with" window, a new one popped up. Sometimes it would be for iexplorer.exe and sometimes it would be for explorer.exe. If I clicked the windows closed as fast as I possibly could eventually RKILL.com ran. BUT, before it finishes I get an line in the MS-DOS cmd.exe file that reads:"sed.exe: can't read c:\DOCUME~1\MATTNE~1\LOCALS~1\Temp\rks... Read more

Answer:Rkill.com and MBAM will not eliminate my malware

Just checking in to see if anyone had any advice to offer on this. I still cannot get rkill.com to work. I have renamed it to iexplorer.exe, eXplorer.exe, etc. But everytime it gets started it says "rks1.log: no such file or directory." I went to the specified directory and renamed a file called rke1.log to rks1.log and it looks like that helped. But, it still wont run, it is telling me that windows cannot locate notepad.exe. Where is the default location of notepad.exe. Or, where is rkill looking for it? I understand how busy you all are, and thanks for doing what you do. Any help at all would be appreciated.

2 more replies
Relevance 49.61%

I was browsing torrent websites yesterday and probably downloaded some Malware disguised as a torrent. You don't have to condone my actions but I really can't figure this out! I cannot open any program naturally, I had to CTRL+ALT+DELETE, then hold done CTRL and click File>New Task (Run...) to open up command prompt. After that, I typed in the path to oprn any executable. I'm not sure but I'm almost 100% sure it's this Mal-Ware. Then I managed to re-associate .exe's with Windows so I can open MOST programs. I'm still having a hard time, programs are being force closed by, what I think is, this virus (possible worm). My browser is closed after about a minute and it's impossible to download things. I receive error messages upon logging on saying I'm missing files, but upon research the files don't exist in WINDOWS>system32, where they claim to hail... Malwarebytes' Anti-Malware found nothing, same as AVG. Ad-Aware found several things but mysteriously closed when it did...

I'm going to post this HJT log because it's all I can do based on the conditions... please help!?

Answer:Undectable Malware (MBAM+AVG cannot detect)

Bump?It's been awhile, I know it's not the policy here to do so but I feel it's rather justified.====================Hello,I know how frustrating it is when your computer isn't working properly. Let me assure you that your topic isn't lost, forgotten, or ignored. We work with hundreds of logs every day, so we have devised a means of seeing only those topics that don't have responses yet. At the moment, we have nearly 500 unanswered topics, the oldest dated Sat July 18, 2009 9:08 pm Eastern Daylight Savings time in the U.S.A. Your HiJack This topic is dated July 21, 2009, 09:43 PM using the same time zone.The reason why this response is edited is because had I replied in the normal way, your log would disappear from the Unanswered Log queue, and then it would get lost.Our volunteer HJT team members have various levels of expertise and training, so while we try to take the oldest DDS/HJT logs, it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us would want someone to assist you who is not familiar with your issue and attempt to fix it.Please be patient. It may take a while long... Read more

4 more replies
Relevance 49.61%

This has gotten really bad in the past few mins..
-I'm unable to open most EXE's, i double click them and they dont load up (but they still appear in processes).
-I cant access this website (among others) without using a proxy?
-Images dont load unless I use a proxy
-Search engine links are redirected
-Cant run combo fix or other apps (does the thing where it wont load)
-Cant run combo fix in safe mode even.. (does the thing where it wont load)

This is really getting out of hand here


Edit by bjgarrick: Inline HJT log removed. READ & RUN ME sticky not followed.

 

Answer:Really bad malware, cant run combofix, mbam, etc (even in safemode!?)

First do this:

Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

* Scroll down to ?Non-plug and Play Drivers? and click the plus icon to open those drivers.
* Then search for TDSSserv.sys
* Let me know if you find this or not.
* If you do find it, right click on it, and select Disable. Do not try to uninstall it.
* Also if this is found and you disable it, then reboot and see if you can run the other scans that would not run.

Now see if you can run the scans. We need to see as many logs as you can attach, esp. the C:\MGTools.exe--> C:\MGLogs.zip
 

1 more replies
Relevance 49.2%

Hi I purchased a program called "Pinnacle Game Profiler" from power up software.  It is designed to enable gamers to have full game controller support on games that offer no support for controllers.
 
However while scanning my PC for viruses I got an alert stating the main exe for this program containes a rather nasty trojan called trojan.gamethief.heur.gen  according to my research it is a trojan aimed for gamers with the purpose to steal account and password details from gaming sites eg: Steam, Origin, Battlenet and Uplay, enabling the designers of the trojan to hijack and basically steal games purchased by the infected user.  Is this a false-pisitive as my previous AV program (Avast) did not detect this but my new AV program (Baidu) has listed it as a critical threat.  I would like some direction from the community as this it the main exe of a program that I payed good money for the enhancement of my gaming experience.  I will not clean this file untill I get some feedback here on wether it IS a false-positive or if the company that created this software are out to steal their customers gaming accounts.
 
Please can someone respond ASAP as I am quite concerned as my steam account currently has 448 games and 167 DLC packs and I also have some games with Origin, Battlenet AND Uplay.

More replies
Relevance 49.2%

1. Does the paid version of Bitdefender AV remove programs without user discretion like the free version is well known to do?

2. How happy are you with the realtime protection of paid Bitdefender?

3. How happy are you with its proficiency in removing infections?

4. How much of a problem has it posed with false positive detections?

5. How much of an impact has it had on system performance? Does it go bezerk on CPU usage whenever you open your Downloads folder as Microsoft Security Essentials does?

6. How would you compare it to other anti-viruses you have had?

7. If you have had it, how would you describe your experience with the Bitdefender firewall?

8. How would you compare it to other firewalls you have had?
 

Answer:I'd like to query users of Bitdefender paid anti-virus

Hello there, when I used Bitdefender I can honestly say that I never had any problems at all, it worked great for me without any negative affects to my system. Of course I'm only speaking for me, others here may have other issues with the program, but I didn't have any.
 

2 more replies
Relevance 49.2%

Which Paid anti-virus leave a small footprint? I'm just looking for light weight douse not pull the PC down.

Answer:Which Paid anti-virus leave a small footprint?

Repeatedly our very own quietman7 suggests ESET's NOD32 for the very reason you ask.http://www.eset.com/us/support/download/home/

9 more replies
Relevance 49.2%

Hello,
I just don't know where to go with this question. If anyone can help I'd appreciate it.

This morning I tried to renew my Norton anti-virus 2006 online, to upgrade to 2008. I entered credit card info but when I clicked "submit" there was an error message that indicated the transaction didn't go through.

I had to leave for work so I let it go. But this evening my bank confirms the $39.99 charge did go through. Yet the Norton window on my desktop is all red and scary and says "at risk, you need to renew, etc." Yet it also says my computer is secure and it runs scans when I click on that. (???)

I am completely confused. I don't know whether I have renewed or not. I never got a confirmation email or a product number. I tried doing the live chat support but the chat windows wouldn't load. Then I registered and created an account to post a question in the Norton forums, but it won't let me post a question. The question button is not activated or something.

I really just want my money back so I can get a different product. Does anyone know how to get hold of an actual live human being at Norton?

If I downloaded the product from the internet already -- then that means they won't give me a refund, right?
 

Answer:Norton Anti-Virus Nightmare -- paid and can't get product

It doesn't matter. Contact Norton and explain your problem. Make sure you get the transaction number from your credit card. If they refuse to honor the purchase, dispute the charge.

Courtney
 

3 more replies
Relevance 49.2%

I followed all the instruction to remove the FBI  moneypak Virusand could not use the free one so purchased the Hitman Pro license for 1 year subscription product key C4HTN-XSBGN -LNJTR-YVAI8 was unable to remove the FBI Virus moneypak virus in Windows 7 64 bit.
 
Any suggestions for further Help?
 
Dee

Answer:FBI moneypak Virus removal not removed with paid hitman pro

Hello deesyd I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", ... Read more

3 more replies
Relevance 49.2%

I didn't see this posted anywhere else (so if I have duplicated a posting I apologize) I am curious to see what everyone here thinks as to the best Virus/Spyware Scanner and Firewall (either FREE or PAID) ..

Answer:Best (FREE or PAID) Virus/Spyware Scanners and Firewalls

This question is actually asked quite often. One size does not fit all. What works best for me, may not be ideal for you and vice versa. Add to that a multi layered approach should be used for defenses, no one application will protect you completely.With what I have just said, we generally point people to our very own quietman7's excellent topic regarding choices with malware and protection products. Please take a look at: Answers to common security questions - Best Practices Prevention & Choosing an Anti-virus or FirewalIf you have more technical and or specific questions after reading that topic please continue here.

4 more replies
Relevance 49.2%

This program has updated and now one program I use will not work, happened this morning, got it working by windows restore back to yesterday. Get message cannot connect to server. As Avast wants to update which it has the program will not work again. This is not a commercial program from big company but a specialist one. Any ideas or suggestions on another anti virus program please. Has any one else had trouble with Avast causing programs not to open.
Thanks
Bill

Answer:Avast Paid Anti Virus latest version 8

No problem here

5 more replies
Relevance 49.2%

Forum queries show how to just re register with the free version, but what happens if I let the paid version expire. Does it revert to free or does it stop.

I have no complaints with avast except the latest updates made it impossible (probably only hard for the tech savvy folks) to control which programs may and may not access the WWW. I really liked that ability. Also, these warnings that it is expiring are very annoying. They've irritated me.

What happens if I just let it expire? Will I have protection while I decide if I want to keep it or will I be out of luck.
I do want the ability to prevent some programs from accessing the internet.
 

Answer:Solved: What happens when paid avast anti virus expires?

I'd remove it completely with the Avast Uninstall Utility. Then install the free version of Avast.

Don't forget to enable your Windows Firewall.
 

1 more replies
Relevance 48.79%

Malwarebytes Anti-Malware (MBAM) 2.1.8 released (2015-06-29)
"Here's what?s new in v.2.1.8: Improvements
License key is now displayed on the My Account screen
Remaining subscription duration now displayed on My Account screen
Implemented other licensing improvements to clarify license status
Enhanced protection capabilities of Malwarebytes Anti-Malware Web Protection
Numerous enhancements to prepare for full compatibility with Windows 10
Enhanced Malwarebytes Chameleon's ability to fully restore Malwarebytes functionality when affected by a malware infection
Updated data collection techniques to improve malware research and analysis
Removed "Exclude" button on Website Blocked notification to reduce inadvertent allowing of malicious sites
Updated button text on Malware Detected and Non-Malware Detected notifications to clarify meaning
Added enhanced support for High DPI displays
Enabled the Malwarebytes Anti-Malware Free version to receive incremental database updates
Added appropriate copyright notices and license statements for all third-party open source software
Corrected translation errors for core non-English languages (German, French, Spanish, Italian, Dutch, Portuguese, Brazilian Portuguese, Russian and Polish)
Added support for Chinese Traditional, which is provided as a convenience for our users by a community volunteer and is not an officially supported language
Several improvements to malware detection and remediation capabilities Issues Fixed
R... Read more

More replies
Relevance 48.79%

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 10.60.2
Run by Wilson Family at 1:44:15 on 2014-12-26
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.6007.4088 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
... Read more

Answer:MBAM detecting malware--backdoor access...help please??

I don't know how to get rid of this malware.
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 10.60.2
Run by Wilson Family at 1:44:15 on 2014-12-26
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.6007.4088 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDe... Read more

10 more replies
Relevance 48.79%

I've got a nasty infection that gives me the error "The system process 'C:\WINDOWS\SYSTEM32\services.exe' terminated unexpectedly with status code -1073741482. The system will now shut down." on startup. When I have been able to get past this message and log in, I can't run MalwareBytes, Spybot, HijackThis, or RootRepeal because of permissions errors. They don't work in safe mode either. AVG runs but it won't scan.
When I try to run DDS, its startup message appears for a few seconds and then it exits without any output. I can't run RootRepeal because it is blocked.
Thanks for any help...

Answer:MBAM, HijackThis, etc. blocked by malware (Permissions)

Welcome to BCTry running this and then immediately run your mbam and RR toolsPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer or you will have to run it again===============================Also try thesePlease download Win32kDiag.exe by AD and save it to your desktop.alternate download 1alternate download 2This tool will create a diagnostic report Double-click on Win32kDiag.exe to run and let it finish. When it states Finished! Press any key to exit..., press any key on your keyboard to close the program. A file called Win32kDiag.txt should be created on your Desktop.Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.-------------------------------------- Go to > Run..., then copy and paste this command into the open box: cmdClick OK.At the command prompt C:\>, copy and paste the following command and press Enter:DIR /a/s %windir%\scecl... Read more

5 more replies
Relevance 48.79%

Hi,I am really really frustrated and almost in tears trying to get rid of this malware which keeps redirecting my websites. I was running an older version of MAlwarebytes but it didn't detect anything. I reinstalled MBAM and it found several Trojan virus and fixed it. I ran MBAM in full scan both in safe mode and safe mode with networking but the problem still persists. I also installed MS security essentials but it didn't really find anything. After reading another forum I installed HitmanPro and Avast. Avast found 1 infected file and deleted it. Hitmanpro also found 1 infected file in the temp folder. Avast software keeps getting deactivated and I cannot enable it in the safe mode with networking. In desperation I even installed combofix and GMER and tried to run it but they crash my system!I am really overwhelmed and have literally no one in my friends who can help me with this. Pls pls walk me thru the process of what needs to be done.Thank youUPDATE: I followed the preparation guide by Ginler and attached the files after running DDS and GMER. Also my other user acct on my laptop which is a guest login has been disabled
 DDS.txt   11.44KB
  1 downloads
 ark.txt   27.55KB
  0 downloadsAlso, my initial problem was the random audio ads playing even when my browser was off, I ran the updated version of MBAM and the problem seem to have stopped but then the browser started redirecting websites when I click on a site... Read more

Answer:Some Trojan malware still running after using MBAM, hitmanpro

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

26 more replies
Relevance 48.79%

Okay, I'm running Windows XP, most recent service pack, etc.

So, I ran a search of with MBAM last week and found on my portable hard drive a Malware.Packer.Gen file. It was in a file folder belonging to an emulator I used in the past and had backed up last summer. Looking through the logs, it seemed like MBAM had found this before in the emulator when it was on my hard drive, but not before I had backed it up on my portable hard drive (I don't scan my portable hard drive as much as I should, I suspect, although I only ever use it with my computer as a back-up system). Since nothing else had shown up on my computer in the ensuing months from the first instance nor after running Norton, SuperAntiSpyware, and MBAM in safe mode to be sure, I chalked it up to a possible false positive as it seemed like Malware.Packer.Gen seems to be the false positive of choice for MBAM after I did some cursory searching of the internet.

I cleaned it and everything seemed to be fine, but then yesterday I was running my weekly Norton/SuperAntiSpyware/MBAM sweep of my computer (not at the same time) and MBAM found another Malware.Packer.Gen file on my portable hard drive, this time in the system restore folder. I cleaned it and ran Norton and MBAM again in safe mode and found nothing. Am I likely dealing with false positives or is something more sinister afoot here?

Answer:Repeated instances of Malware.Packer.Gen with MBAM

Oh, my portable hard drive is a SeaGate 500 gb, if that is relevant.

3 more replies
Relevance 48.79%

i am on my laptop but my desktop is very very slow.

it is running windows xp sp2 (i dont want to update to sp3 cause im afraid it will take years!!) , 256 mb ram, 40 gb hard drive,
its about 5 years old!

ran malware antibytes i got like 150+ infections most vundo.
And avast found Win32: Neptuni-Abl, Rootkid-gen Adware-gen, PurityScan-BC, Trojan-gen.
And i deleted them all


Hopefully G2G can help.

Your skills are appreciated


Heres my log. Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:35 PM, on 2/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Edit by chaslang: Inline HJT log removed. READ & RUN ME sticky not followed.
 

Answer:MBAM found bunch different malware...slow pc

Welcome to Major Geeks!

A PC with only 256 MB of RAM running Windows XP will always be slow. You need 4 times that amount of memory.

Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them... Read more

1 more replies
Relevance 48.79%

My computer got a nasty little bug on it.

I believe it was one of those fake antivirus trojans. I had one before and Malware Bytes took it right off, but it couldn't do it this time. The malware keeps reloading on the system regardless of what I use.

I've used PC Tools Spyware Doctor (which I paid for and it has done nothing of note); Spybot and MBAM. The program keeps redirecting my browser to google-redirect.com or something like that and giving me tons of ads.

This is the log that I got after the most recent MBAM attempt.

I've removed and rebooted, with this and spybot, but the result is the same each time.

Please help.

Thank you.

Malwarebytes' Anti-Malware 1.36
Database version: 2084
Windows 5.1.2600 Service Pack 3

5/6/2009 7:14:22 PM
mbam-log-2009-05-06 (19-14-22).txt

Scan type: Quick Scan
Objects scanned: 86122
Time elapsed: 5 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\Temp\msb.dll (Worm.Autorun) -> Delete on reboot.
C:\WINDOWS\system32\autochk.dll (Worm.Autorun) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run�... Read more

Answer:persistent malware - ran MBAM, PC Tools, SpyBot, still there

i have the same issue please help. Except I only have Usernit

3 more replies
Relevance 48.79%

Hi, first of all let me thank you for helping everyone out. Two days ago I started having problems with my laptop(OS:windows xp pro), right before the welcome screen loaded, the computer freezed and stayed like that for hours. I manually turned it off and when turned on again, the computer turned off while loading windows. After a few hours I tried again and everything seemed to load normally but I started having problems with some programs.

When I opened utorrent a dialog box saying error 73 opened and shut the program down, the same happened when itunes tried to connect to the itunes store and with Windows Live Messenger. I researched a little and it seemed that HijackThis and MBAM could get rid of my problem, so I went and downloaded both. Every time I opened MBAM it crashes after 10 seconds, sometimes it won't even start the analysis. Originally HijackThis failed to work, but after re-downloading it and renaming it, I managed to get a scan. Please help me I'm desperate.
DDS (Ver_09-10-26.01) - NTFSx86
Run by HpUser at 17:50:11.25 on 09/11/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.52.3082.18.2038.1294 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C... Read more

Answer:Unknown malware(MBAM and other programs crash)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 48.79%

Hello,My son's computer started getting real slow yesterday. I don't know if he got some malware off of facebook or from game he downloaded. I noticed malwarebytes icon did not display correctly on desktop. I tried to install malwarebytes again but got wierd error dialogs.DDS.txt:DDS (Ver_09-12-01.01) - NTFSx86 Run by James at 20:23:49.18 on Wed 01/27/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1148 [GMT -8:00]AV: avast! antivirus 4.8.1351 [VPS 100127-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\COMODO\Firewall\cmdagent.exeC:\WINDOWS\system32\svchost.exe -k netsvcsC:\WINDOWS\system32\Ati2evxx.exesvchost.exesvchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\Program Files\TortoiseSVN\bin\TSVNCache.exeC:\WINDOWS\stsystra.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:&#... Read more

Answer:Infected with malware that disabled mbam - getting popups

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

13 more replies
Relevance 48.79%

Hi - I found this site looking to clean my infected system. I am actually on a different computer now as my infected system (desktop - wireless) can't access security sites.

The problem started Dec 2nd, 2008. I'm running XP SP 3. The system was set up to autodownload MS updates once per day, and AV every three hours. Somehow it got infected with a nasty malware program - I'm guessing via human interaction of a family member clicking something they shouldn't have. The system has TendMicro Internet Security 2008 running on it and had it running at the time of infection too. I've spent about 10 hours trying to clean it so far with little luck. I'd appreciate any help anyone can provide.

Symptoms:
-Running a little slow, to very slow at times, especially when downloading files. Not consistent though.

-Originally it wouldn't boot past the loading windows screen, but that has stopped now

-Trendmicro found GetModule, Adload, and Generic12.KAO but couldn't clean them. Adload and Generic aren't found anymore, and I cleaned GetModule via instructions on the TrendMicro site

-I cannot surf to any security sites (including this one) nor can I get to windowsupdate, but I can surf to msn, yahoo, etc

-tried loading AVGFree AV by downloading it to my clean laptop, burning it to cd, and then transfering it to the desktop, but it runs with errors and ends up doing nothing

-Also transferred over mbam-setup, HJTInstall, spybot, but they won'... Read more

Answer:Malware Infection on XP - can't run mbam or other security programs

I'm still discovering more information. I did a netstat -o while booted in normal running mode, without any network connections of my own open, and found many entries all mapped to a process ID of 1512. This PID lists in my task manager as svchost.exe. in the netstat - o results, http connections are open to the following:

207.68.173.231

205.128.73.126

206.33.45.124

8.12.222.126

65.55.239.188

a96-17-75-139.deploy.akamaitechnologies.com

204.160.99.125

65.55.197.247

198.78.200.124

65.55.197.254

199.93.63.124

192.221.114.124

8.12.222.126

65.55.21.250

89.188.16.36

hosted-by.xentronix.nl

89.188.16.36

62.4.83.195

-All are listed as CLOSE_WAIT at the moment. I doubt the IPs or domains will help in resolving my issue, but I thought I'd include them just in case. Also, if they aren't other unsuspecting infected computers, maybe this information will be read by someonw who can help add their info to security tools/scanners.

5 more replies
Relevance 48.79%

Earlier today my avg picked up constant infections (many of which are trojans), one notification after another, but was unable to heal anything. it was as if viruses are continuously coming through onto my computer or it was reproducing itself on my system. at first i did not experience any redirection on google, but after a good few hours i began to be redirected. i noticed that a process called "PING.exe" was using a lot of CPU usage, but i know its usually not a harmful process, so it must be used by the malware.i tried using rkill in safe mode and then mbam and superantispyware but nothing significant was picked up. im currently in safe mode with networking right now but i have no idea what to do next. so what should i do? geek squad is way over-priced for virus removal..DDS (Ver_2011-08-26.01) - NTFSx86 NETWORKInternet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_26Run by Peter at 12:22:49 on 2011-12-04Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2558.1652 [GMT -5:00].AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\sv... Read more

Answer:Unknown Malware/ Cannot detect with MBAM or SUPERantispyware

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

3 more replies