Computer Support Forum

Irony: was better B4 I removed malware (LOL?)

Question: Irony: was better B4 I removed malware (LOL?)

Hello!

OS: Vista home basic (have tried twice to download Service Pack 1 and both times it has gone through the whole rigmarole and then FAILED. Ugh.). Chrome browser.

I moved out of NYC to the boondocks. So, I am on dialup at home, and borrow WiFi at McDonald's & wherever else I can get it.

Was on WiFi last week and spending too much time "Resolving Host." Everything started with the long "resolving host" wait times.

Checked Chrome Extensions and found that three misspelled versions of something similar to "download keeper" had inserted extensions onto my Chrome (looking like "DoWnLoAd keeepEUR" or something like that, three different variations--since deleted). Also, an IP had been inserted in my hosts file, also immediately deleted.

Deleting those weird Extensions and cleaning up the Hosts file helped, but not entirely. So I read about disabling IPv6, and inserted FFFFFFFF into the appropriate place in the registry, which did not speed up my connection at all: still "resolving host" problems and unusually slow (now on dialup this week, and yes, dialup is slow, but, not like this).

So, yesterday connected to WiFi at the local library to go through the malware removal process recommended by majorgeeks (did it once before on this PC in 2010, and on a previous machine in 2006), and a few things were found yesterday--but I had to re-create my dial-up connection today after booting up the PC again--and the PC is slower than ever, not just the phone connection, but the activity of the PC all 'round.

Even after running the malware removal programs, I've found more than a few instances of this "dOwNlOaD keeePEUr" thingamajig (misspelled any number of different ways) still in the registry. I had downloaded free DivX software which I have since uninstalled; I don't know if that's what brought in the other stuff?

Now what? I saved the logs; I will go dig them up if they would help? Or is there another process I should run in addition, or instead?

Thank you so much!!!

- Miss Leigh

Relevance 100%
Preferred Solution: Irony: was better B4 I removed malware (LOL?)

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Irony: was better B4 I removed malware (LOL?)

I saved the logs; I will go dig them up if they would help?Click to expand...

Yes please! Without those, I'm about as much use to you as an ashtray on a motorbike.

23 more replies
Relevance 54.94%

Got the Anti-virus soft virus more then a couple of weeks ago and was pretty sure I got it all. One of the things it did was attack my Hotmail account and send emails out to everyone in my contact list and my girlfriend got the (something) essentials 2010. I will post about that later on if I have problems. I was going to use the Hirens 10.2 boot disk and see if I could finish it off. I received an email from her with a couple of pictures of the kids. I opened one but not the other. The problem is she didn?t send me the email. Anyway I have used various spy-ware and malware removal tools as suggested from this very helpful forum and have the logs if you want to see them. So I am hoping you can take a look at my logs and see if you see any discrepancies. Thinking I need to reinstall Avast but not sure. I have used the basics and quarantined quit a bit of trojans and others. I have used Malwarebytes (Which I used first and didn't completely remove Anti-virus Soft.) SuperAntiSpyware, HyjackThis, Spybot, RootKitBuster, (I wasn't sure how interpret the log and what to do) SpyWareBuster, Combofix, a-squared Free, (Wish I could delete a2squared.exe from my start-up list) Dr.Web, (I had a warning on Combofix about a possible Varuit but it didn't find one) Norman Malware Cleaner, CCleaner, ATF Cleaner, Ran scans with Trend Micro Housecall and Avast. I think that?s it. I have the logs if you wish to see them.-------------------------------------------DDS (Ver_09-12-01.01) -... Read more

Answer:Originally had Anti-virus Soft. Thought I had removed it. Have removed various Trojans and malware in the last week.

Here is an updated file. Had to uninstall all antivirus and delete all entries including registry. Had many entries from past antivirus software. I then did a clean install of Avira. Sorry if that caused any problems.DDS (Ver_09-12-01.01) - NTFSx86 Run by Owner at 2:23:36.06 on Wed 03/03/2010Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1791.1005 [GMT -8:00]AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\WINDOWS\system32\lxdxcoms.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\WINDOWS\Explorer.EXEC:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exeC:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Avira\AntiVir Desktop&... Read more

26 more replies
Relevance 50.43%
Question: A Little Irony

Some vulnerabilities have been reported in Apple iPhone, which can be exploited by malicious peoplehttp://secunia.com/advisories/26287/

Answer:A Little Irony

whoa that sucks i almost bought one and then i woke up and remembered i couldnt afford it...(dang)

4 more replies
Relevance 50.43%

The Elder Scrolls IV: Oblivion is out as of today. I prepaid for it, and even bought a 20in WS LCD to replace my POS 19in 25ms LCD for the game.


Late last night, my PC died. Thats right, dead. I walked into the room to find it stuck on a stop error. So I rebooted. Stop error again. So I booted to Safe Mode. Stop error. I booted to a WinPE CD. Stop error. I ran memtest from a CD. A few hours later, I had accumulated a good oh...5 million some odd errors.


So I shut off the PC, and removed a stick of Ram. Turn the machine on and what do I see?


BIOS Checksum Bad. Starting Recovery...

So I put in the Asus CD, and it automatically reflashes the BIOS. Reboot. Same problem.

So I try the other ram stick. Not even a video response. Same in all slots. I tried other ram. Once again, nothing but the fans fired up.

So here I sit today, pondering just how cool Oblivion is, knowing I can't play it for at least two weeks while my RMAs(for the mb and ram) are being processed.

I hate computers.
 

Answer:Here is Irony For Ya

Adrynalyne said:



I hate computers.Click to expand...

Yeah but you really love games!

Boy this really sucks! So I assume you are still in warantee period?
 

21 more replies
Relevance 49.61%
Question: Microsoft Irony

i was looking through Microsoft's clipart through Word when i was looking for a simple desktop computer picture, and look at what i found:



and this is the company who got pissed because its employees were using iPods....
 

Answer:Microsoft Irony

someone is going to get fired for that.
 

4 more replies
Relevance 49.2%

Hi, in Settings, from here...
..click Custom colour...I see... wait for it... you'll like this..promise..


Laptop, same display settings as 1703 and earlier...
Do you see that? I suppose it will vary with display and settings.

More replies
Relevance 49.2%

Hi, in Settings, from here...
..click Custom colour...I see... wait for it... you'll like this..promise..


Laptop, same display settings as 1703 and earlier...
Do you see that? I suppose it will vary with display and settings.

More replies
Relevance 48.79%

It's not really a problem, but here goes anyway.

I've spent the past couple days here trying to help people with various problems. Turns out, most of those problems were power-related. PS quits, or symptoms of a bad PS, or ways to diagnose. You name it, it usually circled around power supplies.

About 8PM tonight (EST) my power supply quit on me.

After about a half hour solid of laughing at the irony of the situation, I found out the 3.3v supply lines were deceased, but the 5v and 12v were fine.

I have an old AT-style chassis that's loaded with drive bays, and no PS. And somewhere in my garage, I have a dusty old PCI backplane board from an older Dell machine. (I saved it because I had noticed that the expansion slots were wired straight-through without interruption, making it usable for expanding expansion. heh)

I'm gonna use that board, the old chassis, and this defunct power supply unit to build a massive expansion chassis and drive housing system.

Now that I think of it, there is a teensy little problem there. How do you turn on an ATX power supply in one chassis by throwing the power switch on the main computer? Any gizmo tinkerers out there have any ideas on this?
 

Answer:Solved: Oh! The irony! LOL (power problem)

You can jump start an ATX powersupply by shorting a pair of the wires in the 20pin plug, there are guides on the web on how to do this, Google for "jump start atx powersupply".
 

2 more replies
Relevance 48.79%

They seem to have posted me an utterly dead PSU. The "Tagan i-xeye 420W" or similar name. I forget. Anyway, it's very dead. No fans. No LEDs. Just my favourite Simon & Garfunkel: The Sounds of Silence. Help?
 

Answer:The glory of Tagan (irony intended)

14 more replies
Relevance 48.79%

I never run antivirus at home...I run antivirus at work.

My work computer is the one that got hit today and I have no idea how. I did not go to any websites other than Microsoft to get another Win7 key. Every thing was fine this morning until I stepped away for 20 minutes. I come back and my computer is FUBARED.

Go to google.com, do a search. Every time I click on link that starts with "go.google.com", I get redirected to something like 64.117.xx.xxx, I forgot the full address.

If I try to run Malwarebytes, SuperAntiSpyware, the apps start and then crash immediately. Likewise, I can not go to either website, I get forwarded to some fake anti spyware software site.

Absolutely nothing in my running services, hosts file was untampered, nothing in startup...I couldn't find what the deal was at all.

Searches for people with my problem came up with nothing useful that would help me resolve the issue. So, I had to back up my files and reinstall Windows(installed Win7 this time).

What baffles me is how I got this and that there is little to no information on people experiencing the same issues. My computer was 100% up to date, antivirus was up to date, and I had not gone to any website different than normal, hell I wasn't even at my computer(which was locked when im afk).

BTW: I'm using the most up to date version of Firefox, I thought it was impervious
 

Answer:Hit with VERY BAD spyware today and irony involved

MrFace said:


Go to google.com, do a search. Every time I click on link that starts with "go.google.com", I get redirected to something like 64.117.xx.xxx, I forgot the full address.Click to expand...

Had the same issue at work to. Apparnetly its a driver that redirects most search engines to the go subdomain. Go to your device manager, show hidden devices, and check under Non-Plug and Play Drivers for any driver that has a .sys on the end. Think it starts with Q or V. Disable, not uninstall, the driver. Once its disabled, restart, then uninstall it.

Once its gone, try installing Malwarebyte's Anti-Spyware in safe mode. Try running it in safe mode too. Most of the rogue files that it removes that come with this driver are in the System32 directory.
 

9 more replies
Relevance 47.56%

Hello in There All,
What is about to be described is a grotesque irony; please bear with me.
The system is WinXP Pro SP3 build 2600-install disc is WinXP Pro SP1 version 2002.
Was simply setting up network connection thru network connections/wizard; prompted to reboot for changes to take effect, rebooted, and unholy Beelzebub, the system arbitrarily and independently created a boot password screen with my username and a password from another world, unbeknownst to and not initiated by me. Good Grief! Well, attempted 3rd party utilities (0PHCrack, OFFLINE NT Password/Registry)to no avail. At password screen, it will not recognize CTRL+ALT+DEL(2).There is no hidden administrator selection. Can access DOS thru install disc repair feature, but it does not support CMD (not in 'help' list). Cannot even enter Safe Mode because the password screen is there first. Was suggested I try Ubuntu, Mint, (not familiar with, and have not yet tried them). Grotesque insult to ironic injury, nobody will help me because TSL rules expressly forbid password breach assistance (and I do understand the malevolent potential), but this IS my distressed conundrum. The system did NOT ask, advise, nor inform me of what it did until it was done. Now Bill's boondoggle is my nightmare; locked out of my own machine, clueless. What in the universe is one to do? If there is a Mighty Tech somewhere with the solution, there is nothing I would not do to express my supreme gratitude. 9 1 1 to the Tech World. Ple... Read more

Answer:WinXP Locked Out Boot Password Grotesque Irony

Hi,does the password prompt look like this:If so it is a password for encryption of your registry hive.regardsmyrti

2 more replies
Relevance 47.15%

After watching my laptop update for nearly 20 minutes, sitting at 100% I had to force the power off and reboot the system. Now it is re-running through the update process. The supposed auto updates are to make the OS safer, but I think forcefully shutting off the power to use your PC mid update is more likely to cause problems to your OS install than any supposed security hole. The long load times force many users to force the system off mid update due to the updater choosing its own schedule, which tends to be in the most inconvenient times. I merely wanted to use the SD card on my laptop, a 30 second task. Not wait 20+ minutes for an unexpected update that would hang at 100%.

I can imagine for the typical user who needs to use their PC in a hurry or turn off their PC in a hurry as they have to leave/conserve batter life forcefully powering off their OS will cause more instability in the long run.

My options are to buy Win 10 Pro for my laptop and likely reinstall the OS, which I do not care to do. Or buy an SD card reader for my desktop. I think the SD card reader will be cheaper/more handy.

Considering most laptops don't come with Win 10 Pro, it makes going Apple a much more real possibility for me laptop wise in the future. It is not like I can customize or built my laptop anyways. I can only imagine the typical laptop user being even more frustrated than I am due to the extremely inconvenient updater with a low reliability rate.

My short rant is over.
 ... Read more

More replies
Relevance 46.74%

Here?s a lovely bit of irony for you: Adblock Plus, which is by far the most popular add-on for Firefox and Chrome, is actually increasing the amount of memory used by your web browser, rather than decreasing it. Furthermore, ABP also increases the amount of time (and CPU cycles) required to render a website. Instead of making web surfing more responsive, ABP actually makes your surfing experience slower.

This might seem counterintuitive at first ? after all, ABP blocks all of those annoying animated Flash ads from loading, and so it should save you from unnecessary memory and CPU hits. Unfortunately, the actual situation is a lot more complex than that. Basically, ABP has grown too big for its own good, and just the very process of running ABP in your web browser consumes more memory and CPU cycles than it saves.
How Adblock Plus works

To begin with, according to Mozilla developer Nicholas Nethercote, there is a 60-70MB memory hit having Adblock Plus run in the background on Firefox. The main problem, though, is the process by which ABP actually blocks ads. Basically, ABP inserts a massive CSS stylesheet ? occupying around 4MB of RAM ? into every single webpage that you visit, stripping out the ads. This wouldn?t be a problem if we were still in the ?90s or early ?00s, but nowadays it is very common for a webpage to have lots of iframes, which are separate, individual webpages that are loaded and embedded within the page you?re currently looking at. The m... Read more

Answer:Iframe irony: Adblock Plus is probably the reason Firefox and Chrome are such memory hogs

Adgauard is a nice alternative,light on memory and resources....................
 

8 more replies
Relevance 45.51%

Hi,

I Had a problem with malware which I may have successfully removed but I am not an expert at this so I am not 100 percent sure.

I have attached all the logs as per the procedure outlined on this forum.

I had to attach the rootrepeal txt file in the mglogs zip file as you may only upload 4 attachments here.

I just need to be reassured that it is safe now. Browsing is back to normal and everything seems fine and dandy. Even IE is seems fast but I do not use that as the default browser.

Only problem I encountered was rootrepeal not scanning my secondary drive D, but it scanned C. I had checked both to be scanned before scanning but only C was scanned.

Thank you for taking your time to help us.

Sincerely,

Shem.
 

Answer:Removed Malware But Not Too Sure

Welcome to MajorGeeks, SHEM.

I am reviewing your logs and will get back to you with instructions as needed. Please be patient as the logs produce alot of information to go over.

dr.m
 

2 more replies
Relevance 45.51%
Question: Malware Removed?

ComboFix 08-11-09.04 - Dan G 2008-11-10 21:23:38.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1598 [GMT -5:00]Running from: c:\documents and settings\Dan G\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Dan G\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe * Created a new restore point * Resident AV is active.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\MabryObj.dllE:\Autorun.inf.((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 ))))))))))))))))))))))))))))))).2008-11-03 20:06 . 2008-11-03 20:06 <DIR> d-------- c:\windows\aolshare2008-11-03 20:05 . 2008-11-03 20:20 <DIR> d-------- c:\program files\AOL 9.12008-10-23 13:07 . 2008-10-15 11:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll2008-10-20 19:48 . 2008-10-21 21:44 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware2008-10-20 19:48 . 2008-10-20 19:48 <DIR> d-------- c:\documents and settings\Dan G\Application Data\Malwarebytes2008-10-20 19:48 . 2008-10-20 19:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes2008-10-20 19:48 . 2008-10-16 19:36 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys2008-1... Read more

Answer:Malware Removed?

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Please create a new topic explaining the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.If needed, we will direct you to our HJT Preparation Guide.Thank you for using BleepingComputer as your malware removal source.This topic is now closed. The BC Staff

1 more replies
Relevance 45.51%
Question: Removed Malware

My computer takes up to 20 minutes to start up. When its ready i try to get on the internet and it takes 5 minutes for my home page to show up. I followed the guide to malware removal and the cleaning process. My computer has improved, less than 8 minutes for start up. And less than 2 minutes for my home page to show up. I will attach my logs from the scans. Could someone look over what i posted and let me know if there is anything else wrong with my computer.
 

Answer:Removed Malware

I dont know if i am doing this right, but here is my last attached log.
 

4 more replies
Relevance 45.51%
Question: malware removed

Hello

Please find attached the log files from the scans detailed in the readme first post.

IE was unusable with constant pop-ups and adverts. These symptoms appear to have stopped but would appreciate it if someone could take a look at the logs to make sure they have all gone and wont come back again.

Thanks
 

Answer:malware removed

Actually it would appear I am still getting pop-ups and false google results using firefox.
 

6 more replies
Relevance 45.51%

Below is the dds text.

What is happening is every few minutes or even a few seconds a pop-up comes up using another instance of Firefox with the url hxxp://www.redirsv.com. I think sometimes it opened another tab in current instance of FF too and displayed the same. FF blocks it from redirecting. One time I Allowed the redirect and it gives you a 3 step question and answer and then offers a selection of 3 'gifts' or whatever they call them, one being an iPod for $0 but you have to pay for shipping.

This has been happening for a long time now...like many weeks.

I installed Hostsman but that didn't help. I deleted all Add-ons in FF and entered the url in adblock. It didn't come up for quite a while after that. I thought it was fixed but no, it came up again as I was going throught the malware removal routine.

I got another similar thing happening in IE but with a different url.

Also, on some web pages, the color of some text words are changed and double underlined.

That's all I can think of now.

Thanks

BC
-------------------------

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16514
Run by Brent at 13:51:36 on 2013-10-22
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.2.1033.18.2038.877 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\W... Read more

Answer:Need Malware Removed

I think it has to do with java...and I can't remove it. When click the link in the sticky to remove java, that same window with url redirsv.com pops up!!!

19 more replies
Relevance 45.51%
Question: malware Removed

Hi there, I contacted on Monday while struggling to get control of my computer (windows xp home) again. Had first seen virus activity one week before and had tried numorous things before finally coming here and reading advice giving to other's with similar problems. I run Norton Internet Security but although this kept removing Vundo and another un-named trojan, as soon as I opened IE they were back again. I had masses of pop up windows attempting to download all kinds of anti spyware etc.. One in particular was Registry Defender and my privacy settings kept changing from medium to allow all cookies. After reading here I downloaded Spy-bot Search & Destroy which identified virtumonde.prx and generic, Smitfraud-C, FlashDollars.AntivirusDetection, etc. In all there were 22 incidents of virus activity when I started. Spybot got rid of everything but as before as soon as I opened IE they were back again. I then downloaded Malware Anti Malware and after scanning, this listed Trogan.Vundo, plus .H, Adware.comet, Trojan downloader, Adware.videoEgg, Adware.MyWebS and Malware trace. After finishing this scan I noticed that IE was working properly and that the IE privacy button was not being changed. I then ran another M.A.M. and this time it showed just two incidences of Vundo which were deleted. That was yesterday, I've been contantly checking the system since and think it is clean but I would really appreciate you guys having a look at my HighjackThis log, which I have attached.... Read more

Answer:malware Removed

Hello trojanhunter,I apologise for the delay, the forum is extremely busy.If you still need help post a new HijackThis log following my instructions below. Please do not post it as attachment, but as a normal post.----------------------------------------------RENAME HIJACKTHISThere is some infection hiding in your log.Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to: C:\Program Files\Trend Micro\HijackThis\HijackThis.exe Right-click on HijackThis.exe & select Rename to scanner.exe and post back a new Hijackthis log.

14 more replies
Relevance 45.51%

Hello,

Allow me to preface this by saying that my computer seems to be in perfect working order once again, thanks to this site and forum!

It seems I had the fake File Recovery HDD failing virus (as in this thread http://forums.majorgeeks.com/showthread.php?t=257440 ), and it seems to be having no effect on my computer except that it's showing up in the All Programs list (it's highlighted, as well) by the name File Recovery.

Is it completely gone? Are there any more steps I should take? I have attempted to attach all the logs requested.

By the way, if this thread is pointless I have no problem with deleting it.
Thanks again!

OH and here's a quick screenshot lol
http://i.imgur.com/lY9qm.jpg
 

Answer:Has the malware been removed entirely?

Welcome to Major Geeks!

I see you aready ran Unhide. Did this fix all of your missing items?

Uninstall >> StartNow Toolbar

Now delete the below folders:
C:\Users\Buklau\AppData\Local\Conduit
C:\Users\Buklau\AppData\Local\Conduit

Also delete the below files:
C:\ProgramData\-PtUsjZ383nYHqI
C:\ProgramData\-PtUsjZ383nYHqIr
C:\ProgramData\PtUsjZ383nYHqI


Please run RogueKiller to again. If you can then run a scan and after it finishes, select the Registry tab and then select any of the below that exist and then click the Delete button.




[SUSP PATH] HKCU\[...]\Run : PtUsjZ383nYHqI (C:\ProgramData\PtUsjZ383nYHqI.exe) -> FOUND
[SUSP PATH] HKLM\[...]\Run : WBlURVsQCEvCBSx.exe (C:\ProgramData\WBlURVsQCEvCBSx.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-665516541-3897053279-2572803081-1000[...]\Run : PtUsjZ383nYHqI (C:\ProgramData\PtUsjZ383nYHqI.exe) -> FOUNDClick to expand...

Then immediately reboot your PC if it has not already recommended doing so.

After reboot, run a new scan with RogueKiller and save a log as in original instructions and attach the new log.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

the new RogueKiller log
C:\MGlogs.zip
How are things working?
 

3 more replies
Relevance 45.51%
Question: Malware removed?

I have ran the Read & Run Me First. Could you please check my logs and make sure I have gotten everything.

When I first noticed problems, I had a popup come up and say that this copy of windows was not geniune (2nd computer I have seen this on). After a couple of the scans were done, the message disappeared.

Thanks in advance for your help and here are my logs (Super AntiSpyware did not find any malware and did not give me a log):
 

Answer:Malware removed?

Your logs are clean.

Now we need to clean up from running the scans.

Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.




REGEDIT4

[-HKEY_CURRENT_USER\Software\Kazaa]
[-HKEY_LOCAL_MACHINE\SOFTWARE\knight]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"HideLegacyLogonScripts"=-
"HideLogoffScripts"=-
"RunLogonScriptSync"=-
"RunStartupScriptSync"=-
"HideStartupScripts"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"HideLegacyLogonScripts"=-
"HideLogoffScripts"=-
"RunLogonScriptSync"=-
"RunStartupScriptSync"=-
"HideStartupScripts"=-Click to expand...

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

If you did, then it is time to do our final steps:





We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significan amount of resources ( except a little disk space ) until you run a scan.
If we used Pocket Killbox during your cleanup, do the below

* Run Pocket Killbox and select File... Read more

3 more replies
Relevance 45.51%
Question: malware removed?

this is my first time posting, first time doing logs or anything like that, tell me if something is wrong please.
 

Answer:malware removed?

Actually looks pretty good...let's just do this:

If you haven't already, please disable the Guest account in User accounts.

Run thisDisable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.




REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pest-Capture"=-
"MSMSGS"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"SunJavaUpdateSched"=-
"QuickTime Task"=-

[HKEY_LOCAL_MACHINE\software\Microsoft\windows\currentversion\Explorer\sharedtaskscheduler]
"{}"=-Click to expand...

Now download The Avenger by Swandog469, and save it to your Desktop.

* Extract avenger.exe from the Zip file and save it to your desktop
* Run avenger.exe by double-clicking on it.
* Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:




Files to delete:
C:\WINDOWS\system32\ndt2.sys

Folders to delete:
C:\Program Files\PestCaptureClick to expand...

* Now click the Execute button.
* Click Yes to the prompt to conf... Read more

3 more replies
Relevance 45.51%

My apology to ryder. Starting over. Thanks for your time.

It pops up a window in the FF browser to redirect to redirsvc.com. I do not allow it to redirect but I did once. It also highlights and double underlines words on web pages. FF keeps crashing...althought I updated recently. I keep new programs showing up...

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16520
Run by Brent at 13:47:50 on 2013-11-25
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.2.1033.18.2038.923 [GMT -8:00]
.
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files\Omiga Plus\omigaplusSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel... Read more

Answer:Need Malware Removed

BrentC,

Hi and welcome to TSF.

I am currently reviewing your logs. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please be patient with me during this time.

14 more replies
Relevance 45.51%

McAfee virusscan is giving a message "pup found - The file C:\System Volume Information\_restore{679CC8D8-659A-4231-90F... is a potentially unwaqnted program (spyware, adware or other malware) and cannot be removed.) I cannot find the file in question by searching, and Spybot search & destroy and Adaware do not locate it. Any ideas how I can remove it?

Answer:malware cannot be removed

Turn off System Restore. click hereScan again to be sure it has gone.Turn System Restore on again.Note. This procedure will delete all your existing restore points.

4 more replies
Relevance 45.51%

I've followed all instructions to the BEST of my ability.
Symptoms:
random shutdowns
random restarts
mouse will freeze forcing me to restart
may restart when I move my laptop
redirected google searches
daily news 7 browser redirects
slow performance

Restarts have been happening intermittently for almost a month. have been happening more recently

Redirecting has been happening for about 1 month

I have attached all my logs in this post, as well as the following post (theres more than 4)

Thankyou in advance!
Godspeed:major
 

Answer:need malware removed

other logs attached
 

8 more replies
Relevance 45.51%

Hi There,

Just wanted to say that have looked at some of the threads on here and you guys seem to do an amazing job! Flattery out of the way, I have some large problems!!!

I think it's due to the fact that I stupidly downloaded an IP Hider application, god knows why, and something I will never be doing again and think this is what has cause all these problems. I get pop-ups when I log on the Internet, inlcuding with google, I search something and it will bring up a Yahoo page, and have to close that and click on the google link again to get it to open, a couple of my files have been moved, and text documents have appeared to have been copied but with a $ in front (might not be a part of the problem though and my stupidity), my computer sometimes will not turn on, no matter what I do!

I have run all your progams, well the majority, and am hoping you can shed some light on what's causing my problems, if they are still there, which I gather they are, and how to remove them, if at all possible.

SuperAntiSpyware
Ran fine, seemed to pick up a Trojan DNS changer

Malware Bytes
Ran fine and then when finished, computer crashed and would not restart so started the following programmes in the morning when it let me start it again.

Combo Fix
Ran fine, but after it restarted my computer, kept getting error messages, when I clicked on Mozilla, control panel etc, think it said something like this is illegal and is due to be deleted or something similar, so ... Read more

Answer:Malware been removed??????

Let's start with this;

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




R3 - URLSearchHook: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKCU\..\Run: [NordBull] C:\Windows\temp\87196758.tmp.exeClick to expand...

After clicking Fix, exit HJT.

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.
* Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
* If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
* Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::

File::
C:\Windows\Tasks\... Read more

3 more replies
Relevance 45.51%

Hi,My issue started out with annoying popups to fake AVG site. I tried using SpyBot, AVG AV, HijackThis. None have helped my remove this popup issue. When I use the browser, popups come randomly. I tried running SmitFraudFix.exe software but I never got the blue screen on the cmd prompt. It remained black until I turned it off. I suspect it is SmitFraud.exe but you guys are the experts.Here's the log - Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:47:50, on 12/25/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exec:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exec:\Program Files\Common Files\Symantec Shared\ccSetMgr.exec:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exeC:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG... Read more

Answer:Need Help: Tried everything malware is not getting removed

Hello tubsaltman,I apologise for the delay, the forum is extremely busy. I will be assisting you with your malware issues.Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!Please bookmark or favourite this page. In case you need it as reference or etc.If you fail to reply in 5 days period from now, this thread will close, and you will have to open another topic, and wait for another helper.----------------------------------------------If you still need help please post a new HijackThis log.

2 more replies
Relevance 45.51%

Hi,

I've followed the instructions on

http://forums.majorgeeks.com/showthread.php?t=35407

but still show problems when running Adware SE. I click to remove the objects but some still re-appear after rebooting, though they vary.

Original problem was mainly Vcodec being found and Spyfalcon loading. These seem to have been cured.

Trojan.zolob was found by Windows Defender and removed. It now shows clean.

I also run AVG anti virus, which is updated automatically and this is now showing clean.

I've attached the logs of Bitedefender and Panda Activescan, as well as the log from Adware SE. All were run in normal boot mode, as I couldn't seem to connect to the web in safe mode.

I would appreciate any help in removing these last problems, or advice if you feel they are not a problem (though Adware lists them as 'Critical').

Thanks in advance.
 

Answer:Malware not removed

Welcome to Major Geeks.

Please post a HijackThis log as an attachment.
 

3 more replies
Relevance 45.51%

**I don't know how I got infected with this malware, Either I clicked 'yes' for some browser plug in Installation or I clicked some non-secure programs downloaded from websites.

Infected on a System with Windows XP Sp2, IE 6, Firefox 2.x, Symantec Client Security.
System is on a secure restricted network with firewall and Proxy Internet.

I'm not naming the malware now, it comes with different names or versions.

**This was the effect of the Malware:--

It Install many dll files and ini/ini2 with random names in Windows System32 Folder.
It Install Browser Helper Objects in Internet Explorer.
It adds a dll file( Say nnnmKayQ.dll) in notify reference of Original Winlogon.exe
It add some other dll file references in Explorer.exe and lsass.exe
The module loaded in winlogon and lsass, make the registry entries for the self existance, and it generate new random named dll files in System Folder and add them as Browser helper Objects.
Then you can see process Running like: Rundll32 C:\windows\system32\dllname.dll, c
It add Global Registry Startup Entries like: Rundll32 C:\windows\system32\dllname.dll, b
It add something in User's temprary folder and run, add some entries in Wininit.ini.
These random dlls are registred using 'regsvr32' by the modules loaded in 'Winlogon.exe'
It slower the computer.
Automatically open some Comercial Websites or some Offensive sites.

**How I knew the above things?

I had Process Viewer (Prcview), When the c... Read more

More replies
Relevance 45.51%

Malwarebytes only runs in safe mode with or without networking or it shuts down after a few seconds of scanning. Superantispyware will not complete even in safe mode. GMER shut down when starting up. JV16 power tools shut down when I tried to look at startup programs. I am displaying the DDS.txt below.
I greatly appreciate your help.
Thanks in advance

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Alan at 18:20:05 on 2012-03-20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2346 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Returnil System Safe 2011 *Disabled/Updated* {535A8864-C2D9-4337-B49A-B5E35815B9BB}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
d:\Program Files\Mamutu\a2service.exe
d:\Program Files\Zentimo\ZentimoService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
D:\Progr... Read more

Answer:Need Malware removed. Help Please

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us1.Do not run any other tool untill instructed to do so!doing so will only at best cause you unneeded worry as it finds our backups and may even list our toolsand at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback It does not need to be long but just something so I know how things are going it can be something likeI am still getting redirected The computer is running as it shouldDon't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anythingPay special attention to the Notes** I have put inThese are things I have found that happen allot and can be taken care of easily just by reading the Notes**Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Ba... Read more

5 more replies
Relevance 45.51%

Our family laptop was attacked by malware yesterday. The name: Defender. It hid files from all menus and desktop icons, though the Trend Micro antivirus software may be slowing things up, too. We tried to install and run MBAM in Safe Mode but it wouldn't run. So, we found and ran SuperAntiSpyware Portable. It may have helped slightly. Still couldn't run MBAM. Then we ran Spyware Doctor in Safe Mode three times(quick, then complete, then quick again until everything was removed). Then, still not being able run MBAM, even from flash, I found Combofix from an old session with you and ran it and it seemed to help, though there were error messages. (I wish I had seen your Forum warning about this! No log was created, by the way.) Finally, last night we got MBAM to work and it found something. Where we are now: Still all programs are hidden and no icons appear on the desktop. Also the antivirus software (Trend Micro)appears to not be working properly and is asking to be reinstalled. Also, the computer continues to be extremely sluggish. On the good side, it appears the malware is gone (see below).

We get one error message that is not Trend-Micro related upon bootup: "Error...Unable to locate c:\documents and settings\will c\local settings\application data\BVRP software\not waiting\MoHog.xt file" whatever that is.

I have attached two logs: rkill and the MBAM log. Thanks...I hope you'll help us out, even though we used ... Read more

More replies
Relevance 45.51%

Hoping someone could look over this please?- This is my friend's PC, so I don't have instant access to it. - Also, I removed xpa.exe AFTER running this log, so this log probably shows it as being still infected.- I ran elitekiller's kit here - Rogue Removal Kit, which included running:CCleaner SlimComboFixRogueFixSmitfraudfixSDfixVundoFixMalwareByte's AntimalwareKapersky's AVPTool- I had run all these previously, about 2 weeks ago, and then she couldn't connect to the internet.- This time around, I also ran msconfig, saw xpa.exe, and removed it.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:28:17 PM, on 5/4/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Rogue Removal Kit...04.10.08\VundoFix.exeC:\Rogue Removal Kit...04.10.08\HJT.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {397CFCF4-A36D-47DB-B055-6B8E73F3D886} - (no file)O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOW... Read more

Answer:Xpa.exe Removed - Any Other Malware You Can See?

Hello,You might want to save this page on your favorites, so you can find it again when you return.Welcome to the Bleeping Computer Malware Removal Forum, sorry for the delay in responding, but the amount of people posting with infected computers is through the roof and we sometimes can't get to logs as fast as we would like to.If you have not resolved this issue and still need assistance, post a HJT log as your system may have changed since your original post.Thanks for your patience.

2 more replies
Relevance 45.51%
Question: Malware removed?

Hi,
I just finished all the steps listed in the "Read + Run First" thread, and I just want to make sure my PC in clean. I first noticed a fake spyware protection tool installed on my family's computer (I think it was called Malware Remove, or something like that) today. It would bring up pop-up's and warnings, install iteslf without asking even after being uninstalled, redirect me away from sites for virus/spyware removal programs, bring up audio ads in the background, and block anti-virus/spyware programs from running.

Malwarebytes Anti-Malware wouldn't run at first, despite renaming, but got it to work on another user log-on on the computer.

ComboFix took a few tries to work, but eventually did after logging on and off.
It detected rootkit activity and gave me a list of files before rebooting. I wrote them down, if needed.

The problems seem to be gone, but I just want to make sure they're not hiding and won't return.

My logs are attached.

Thank you for your time!
 

Answer:Malware removed?

And here's the attachment for my MGtools log.
 

4 more replies
Relevance 45.51%

I have done the basic steps to remove malware from my system. This didn't go as well as I thought it would. I tried using a few malware removal programs but all failed when in scanning. Finally I tried combofix and that seemed to do the job. Because of this vicious malware I was not able to disable my trendmicro antispyware and virus program. I'm pretty sure this messed something up. Finally after the combofix finished my computer seemed to be working fine but there still are a few bugs in the system. It seems to be running slow and random internet pages on my internet exploer are popping up. Can someone help me with this?
 

Answer:Malware removed... maybe?!

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.
After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using a different user... Read more

1 more replies
Relevance 45.51%

Hi,

Recently I found that something drained my system resources like mad.
Then I found winlogin.exe and winsvchost.exe under Appdata>Roaming.

Now I have run through the malware removal guide and just want some help to see if these are gone?

Thank you.
 

Answer:Not sure if malware is removed

Welcome to Major Geeks!

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:


R3 - URLSearchHook: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
O2 - BHO: uTorrentControl_v2 - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
O3 - Toolbar: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
O4 - HKCU\..\Run: [AdobeUpdate] wscript "C:\Users\Andre\AppData\Roaming\Adobex86\invis.vbs" "C:\Users\Andre\AppData\Roaming\Adobex86\bat.exe"
O4 - HKUS\S-1-5-21-2487167802-3491251391-1733091479-1004\..\RunOnce: [CTPostBootSequencer] "C:\Users\Andre\AppData\Local\Temp\CTPBSeq.exe" /reglaunch /self_destruct (User 'UpdatusUser')


After clicking Fix, exit HJT.


Uninstall the below program:
uTorrentControl_v2 Toolbar


Please download OTM by Old Timer and save it to your Desktop.

Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
Copy the line... Read more

1 more replies
Relevance 45.1%

DDS (Ver_09-03-16.01) - NTFSx86
Run by Kavitha at 21:37:41.95 on Mon 04/20/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1151.495 [GMT -7:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\tas... Read more

Answer:Virus/Malware not being removed

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Relevance 45.1%

Having trouble with my 4 y/o HP Pavillion dv4000, running XP Home.

I could not get it to boot up and let me log into my regular (Admin) account, it kept freezing up when I entered the password. My company laptop was recently attacked, and I discovered this site via our IT Help Desk.

I booted the HP in Safe Mode, then ran rkill and Malware Bytes. MB cleaned several files, but I still can't boot up. I enter the password and it simply clears the password box and does nothing further, although the hard drive is running non-stop. I went back into safe mode and removed the password to see if that helped. Now it simply freezes at the Welcome screen. Again, the hard drive is running steadily.

Any way to know if this is malware that the above programs missed vs. an aging computer?

Answer:Removed malware, now can't boot up

Start here:http://h10025.www1.hp.com/ewfrf/wc/documen...0#c00006110_doc

4 more replies
Relevance 45.1%

I recently had some malware removed from a friend's laptop, http://www.bleepingcomputer.com/forums/t/332708/possible-remaining-infection/. The remaining issues are as follows:1. When it boots, it tries to run chkdsk, but it is immediately cancelled.2. In about 1 out of 3 starts, the computer will run extremely slow.3. No matter the settings, the screen saver will not work.Any ideas?Thanks.

Answer:malware removed, but computer is still not right

After the system has successfully booted, I would run chkdsk /r.

Start/Run...type chkdsk /r and hit Enter.

Type y in new screen and hit Enter.

Reboot the system.

The chkdsk /r should run...if any errors appear onscreen or the command is stopped for any reason...write down displayed message.

If chkdsk /r completes, the system should then boot into XP.

Louis

8 more replies
Relevance 45.1%

I make the stupid error of downloading AntiVirus-XP 2008 which caused many problems. The forum assisted me in removing this malware; however, I find that I cannot click on links and be directed to the site. I imagine that the malware affected my registry. Any help.
 

Answer:Malware Removed but Cannot Use Links

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.


If something does not run, write down the info to explain to us later but keep on going.

Do not assume that because one step does not work that they all will not.

READ & RUN ME FIRST. Malware Removal Guide
Note:

1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
 

1 more replies
Relevance 45.1%

Hi

My PC was infected with Smitfraud and other viruses which generated similar popups such as "Your computer is infected..." etc. including a "MS security centre".
Using Smitfraud fix and Hijack this, I have removed both, but have been unable to access any websites, or open emails from messenger. Clicking on any links causes a browser to open for a split second and disappear again.

The only link that does work, however, is the Apple Website through which I am able to access all the major search engines.

Any help will be appreciated.
Thanks.
 

Answer:Malware removed or is it still lurking??

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.



If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide

Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Links are given in the Step 2: Installing Tools and Running Scans section for downloading the definitions for the MBAM & SAS scanners. Then copy them to the problem PC. Yes, you could use a flash drive too but flash drives are writeable and infections can spread to them.

Here's a guide on how to attach the logs HOW TO: Attach Items To Your Post
 

1 more replies
Relevance 45.1%

i have a nasty program, malware crush, and it will not let me install malwarebytes even in safe mode. any ideas on how to get rid of it?
Thanks...

here is my dds log


DDS (Ver_09-10-13.01) - NTFSx86 MINIMAL
Run by David at 20:57:11.65 on Sat 10/17/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.316 [GMT -7:00]


============== Pseudo HJT Report ===============

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: {2502BBD0-D73B-11DD-B4EC-CEBF56D89593} - No File
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\... Read more

Answer:how to removed malware crush

Hello carolebrew,

Our pre-posting topic also instructs you to post a log from gmer.exe and the attach.txt that was produced when you ran dds.scr.

Kindly refer back to, and follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

**Please note this section of the forum is very busy, so be sure to familiarize yourself with the Bumping Rules also found in our sticky topic mentioned above. One of our Analysts will review your log as soon as possible.

19 more replies
Relevance 45.1%

hi,
using firefox with windows 7
when firefox starts up and i do a search it re-direct to a yahoo search instantly
yesterday i went through the malware removal guide, done all the scans and i still have the same problem
i have the logs and i will try attactch them
i have aspergers so i dont understand things all the time, so please bear with me
 

Answer:malware hasnt removed

I want you to run TDSSKiller so refer to the below for how to do so.

TDSSkiller - How to run

Now please attach the rest of the logs. From running SUPERantispyware, Malware Bytes, Combofix, and MGTools. Thanks
 

11 more replies
Relevance 45.1%

A few days ago, I had this problem:I was on playlist.com when I got a pop-up saying from what I thought was Windows Security Center saying that I have spyware on my computer and I should delete it. Like an idiot, I downloaded something, now my Desktop Background is blue with a warning on it saying "Spyware has been detected on your PC...Click Here to Scan your computer for Spyware". I keep getting pop-up ads for anti-virus stuff and I keep getting an ad from antispwareupdates.net trying to get me to download their "anti-spyware" software.I tried the Vundo Fix and it didn't work, so I tried the VirtumundoBegone and that didn't work.Here is the major ad that keeps popping up and the one that started it all. The URL just says about:securityBest Spyware Protection. Used by Millions World Wide.Spyware & Adware can not only result in data corruption, personal profiling, hacker attacks, pop-up ads, spying, but also identity theft.SpyAway was created by the industry?s top professionals to protect your privacy and to ensure optimal system performance. By locating, eradicating and preventingmalicious spyware infestations, SpyAway is able to provide its users with a spyware-free computing environment and safe surfing.PerfectCleaner was built to Help You Forget About Spyware.Using an advanced monitoring technology, it puts you in control over the changes in your system. Its sophisticated removal module will eliminate all traces of spyware from your system. Add the... Read more

Answer:Malware Removed; Still One Problem

Hi and welcome,The popup you get regarding the dll file missing is a result of a leftover registry entry telling windows to load (the now missing) dll.The task manager issue is a result of the malware setting a restriction to prevent you from loading task manager.I see you have LimeWire running.I'd like to stop it from running at least till you are clean. Just in case you have an undetected worm on system causing limewire to share infected files with other p2p users.Disable at boot option should be available in limewire preferences.Let's do a couple fixes then I want to see another log or 2.Make sure all other users are logged off please and whatever they are working on has been saved/closed.We will be rebooting shortly.1.) Start HijackthisRun system scan and check:R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comO2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)O2 - BHO: (no name) - {E755715C-9FC7-48EE-82BB-751C9DD88518} - C:\Program Files\Online Services\horefojeC:\DOCUME~1\Chris\LOCALS~1\Temp\CEMG555077.exe.dll (file missing)O2 ... Read more

12 more replies
Relevance 45.1%

Hi, I was infected with "system security malware"... I had to restart several times and finally was able to delete it from my application data and registry thorugh safe mode. Now I have been trying to download a malware remover but my pc will not initialize any .exe file and throws an error. Also it will not let me checkdisk nor defrag. The current malware and virus protector I have is obviously useless so I thought a new one would be a good idea. Also several other programs will not initiate and occasionally I will start hearing as if a video is playing but there is nothing open. Any help please! Thank you...... I have XP sp2....
 

Answer:Malware removed now pc has several issues

Hi, I am posting a Smitfraudfix log and will do a HJT log also. I have run malwarebytes and my own f-secure software. They remove rootkit virus and trojan.dss but I still do not have access to disk management, defrag or chkdsk after system repair install... so does anyone have any ideas besides a complete reinstall?

SmitFraudFix v2.423

Scan done at 15:40:20.68, Wed 07/15/2009
Run from C:\Documents and Settings\Suil\Desktop\Virus\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Embarq Online Security 8\Anti-Virus\fsgk32st.exe
C:\Program Files\Embarq Online Security 8\Common\FSMA32.EXE
C:\Program Files\Embarq Online Security 8\Anti-Virus\FSGK32.EXE
C:\Program Files\Embarq Online Security 8\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Embarq Online Security 8\Common\FCH32.EXE
C:\WINDOWS\system32\srvany.exe
C:\pvsw\bin\w3dbsmgr... Read more

3 more replies
Relevance 45.1%

Hello, problem started a couple days ago when I was searching google for loan places. Then later when I was searching my usual sites through google, I was being redirected to loan sites. It didnt redirect much and the next day when searching rockauto(well known site), computer screen went blank and rebooted. So I scanned with spybot and it came up with smitfruad-c.generic. Then scanned with MBAM, and it came up with trojan.agent. Came here and followed the "Read and run me first". TDSSkiller seemed to have cleaned out the malware but I am still getting redirected. Here goes the logs. Very fustrating, almost quit when I had a problem with MGTools not running. Hopefully I did everything right. Thank you in adnvance.
 

Answer:Malware Removed PC Still Redirects

Does MGTools.exe run in safe mode? What error do you get when trying to run it normally?

If it really cannot run, try this for now...

Download OTL to your desktop.


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Vista and Windows 7 users Right-click OTL and choose Run as Administrator)
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Attach both of these logs into your next reply.
 

6 more replies
Relevance 45.1%

A friend of mine recently tried to download a program onto my computer, and I don't know what she did, but this ended up in a constant alert by avast! that there are viruses and malware being found on my computer.

Many times, though I took the recommended action, and tried moving the entry to the chest, it didn't work.
It would either say 'avast! : The process cannot be completed because it is being used by another program', though no programs were open on my computer. Or, it would all just keep coming back.

I also don't know what's wrong with my desktop, but it would constantly freeze about every hour or so.

Here's my HijackThis Log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:05 AM, on 8/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSRes... Read more

More replies
Relevance 45.1%

Hello... I had a trojan and associated malware that was installing PUP. Every time I uninstalled one, two more would load. I found and removed it... but after running tools from 'read me first' it seems I still have alot going on. See my attached... and thank's for your help. -Kirby
 

Answer:Removed some malware, some left?

Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:


[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\donureqe (C:\Users\our\AppData\Roaming\3C682200-1425676056-0820-1218-090413000000\nsu9DDF.tmp) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lykygizu (C:\Users\our\AppData\Roaming\3C682200-1425676056-0820-1218-090413000000\jnsm58CB.tmp) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\donureqe (C:\Users\our\AppData\Roaming\3C682200-1425676056-0820-1218-090413000000\nsu9DDF.tmp) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lykygizu (C:\Users\our\AppData\Roaming\3C682200-1425676056-0820-1218-090413000000\jnsm58CB.tmp) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\donureqe (C:\Users\our\AppData\Roaming\3C682200-1425676056-0820-1218-090413000000\nsu9DDF.tmp) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\lykygizu (C:\Users\our\AppData\Roaming\3C682200-1425676056-0820-1218-090413000000\jnsm58CB.tmp) -> Found


Place a checkmark next to each of these items, leave the others unchecked.
Now press the Delete button.

...same for these items on the Tasks tab please...


[Suspicious.Path] ... Read more

7 more replies
Relevance 45.1%

Hello Security forum,

At present many new malicious software are active, now for three weeks ago I got a virus which is not removal
by the usually tools and procedures as mentioned. I suspect this type of virus is one of the most
dangerous I have ever had. My computer itself is in topcondition.
I also used GMER rootkit detection/removal newest version 1.015 with no results.

Please let me explain what I have done before:
For clearing the virus can escape and executing in more identities and can not be dectected by
Anti-virus application Norton Internet Suite 2011 which is up to date, Strongly speaking it manipulates
with this program which I can not be trusted any more.
I can as usually work on my computer but with some differencies. (virus identities)
1e) manipulating with WindowXP SP3 settings such as: colors, textsize, messages like ?new program
installed? in start-menu (every time) and much more?., 2e) On internet it manipulates chosen webpages
like textsize, reclames, icons, pictures. Scrollbars? 3e) At turn on it can manipulate the bootingsequence
if the virus is angry. 4e) it can manipulate with download utilities to use its own settings or using slightly
different instruction the utility execute.

The following procedure on the highest level (extremity overkill) are described with no results:
The floppy?s are clean and write-proctected.
The proceduresteps are exactly in the sequence as described below:

1) turn-off computer (5 min.)
2) putting out the intern... Read more

Answer:MALWARE CANNOT BE REMOVED FROM HARDDISK

Hello,And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.Malwarebytes Anti-MalwareNOTEMalwarebytes is now offering a free trial of their program, if you want to accept it you will need to enter some billing information, so that at the end of the trial you would be charged the cost of the product. Please decline this offer, if you are unable to provide billing information. If you want to try it out, then provide the billing information.Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program bef... Read more

1 more replies
Relevance 45.1%

I went through the process but was not able to follow the ROOTREPEL process. Each time i clicked the icon it would reset the entire system. In the MGTOOLS process I ran into a couple of errors but was able to follow the process. I have not done the System Toggle process. Just wanted to submit the logs and see if you could tell if Malware, Trojans, Viruses, Worms etc was removed. System stills seems a little sluggish, and I still get the Virtual Memory error message.:confused

I had to run SASLog twice because it was so full it started to stall.
 

Answer:Need help to verify if Malware was removed!

Here is the MGTOOL log
 

9 more replies
Relevance 45.1%

My PC was infected. MalwareBytes found and corrected some problems; I'll attach the log. (Please ignore file date; it was wrong on my PC.) Avira AntiVir Personal also found a problem (EXP/Pdfka.kxo) and corrected it after I manually updated the virus database. Now Windows Update and Avira STILL won't update. I can at least manually update Avira, but Windows Update tells me "Windows can't check for updates." By the way, before I could update MalwareBytes I had to uninstall and reinstall it. Maybe I need to do the same thing with Avira. Any ideas?For what it's worth, I downloaded Java Installer and it's telling me: "The installer cannot proceed with the current Internet Connection settings."CPU/RAM: 1.87 GHz/2 GB

Answer:removed malware; can't update

Better post Hijackthis log here:Please do the following:1) Download this file: http://www.trendsecure.com/portal/e...2) Unzip it and run HijackThis.exe3) Click on "Do a system scan and save a logfile" button4) Post Log Here;) Security Made Easy ;)

11 more replies
Relevance 45.1%

Hello,

I'm the unofficial tech person at my company. That means that while not a tech person (in terms of qualifications or skills), I'm the most tech savvy person in the company and consequently, get the job of trying to fix all the computers.

Right now, I have a problem that is far beyond my limited skills. One of our people has a laptop that has either malware or a virus infecting it. Two symptoms are present: first, when using firefox web pages get redirected to advertising or to unrelated google searches; second, the machine seems more sluggish than usual.

I have tried to download anti-spyware software (e.g. Spy Sweeper, CounterSpy, MalwareBytes, Superantispyware, PC Doctor) and nothing works. In some cases such as Counterspy and PC Doctor, the executable will run but the program will not update (and thus, not allow for a scan). In other cases such as MalwareBytes, the executable simply will not run.

I have run a Trend Micro anti-virus scan. It seems to detect something but it crashes before the scan can complete. The same thing happens with Panda Activescan. Last night, I ran Panda Activescan for over 8 hours. When I woke up, the scan had frozen at the 52% point and had found 1 infected file, which it didn't appear to clean up.

Anyway, I'd really appreciate any help.
Best regards,
Jordan
 

Answer:Malware can't be removed; AVP not working

Welcome to Major Geeks!

Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:
If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. ... Read more

1 more replies
Relevance 45.1%

Hi and thanks for reading my inquiry.

I am having serious trouble with viruses, spyware, malware, you name it. It's been more of a problem recently, because I think it's been bogging down my system/internet. Surfing the web is completely slow. Even the main google page takes 20-30 seconds to load and playing games is impossible.

I know I have spyware and the like, because I can see them when I use the various security scanners accumulating on my computer. This leads me to explain the biggest problem I've had for a time. No matter how many times I delete/quarantine infected files using Spybot, Ad-Aware SE, XoftSpySE, or AVG they keep coming back. I have no idea why. The cleaning programs say all infected objects have been "successfully" removed from your computer, or whatever the end result message is, but upon rescanning, i get the same infected objects. Most notable are objects named:
Euroclick, Revsci, Adrevolver, Zedo, but the list goes on. According to AVG and Spybot they are tracking cookies, but they never get removed no matter how hard I try.

Another similar problem has to do with my system registry. I've been using a registry cleaner called Regcure and every time I scan the computer at least 100 new objects show up. I click fix. upon rescanning I get over 100 more problems.

This is very frustrating as anyone can imagine.

I don't know if you need the file to help me, but I've attached my HiJackThis log along with this messag... Read more

Answer:spyware? malware? can't be removed.

no one?
 

2 more replies
Relevance 45.1%

Today I suffered a rather severe malware attack in the form of xp antivirus 2008. My desktop was changed to a spyware detected message and i experienced slowdowns.

First I tried to go at it manually by deleting its registry folder and the file in program files. Upon restarting with a clean Avast Boot scan, my computer froze soon after logging in. After many restarts/freezes and safe mode boots, I noticed a few things. First of all, my User name column in task manager was blank. Secondly, the program was coming back.....

Eventually, xp antivirus 2008 completely revived and began to pester me with false alerts, but I was able to operate in normal mode. I downloaded MalwareBytes and ran its scan which seemed much more effective than Avast and found many/all of the files responsible for xp antivirus 2008. Upon another restart however, I was suffering from the same effects as before: Freeze soon after login, and an empty task manager user name column. I have checked the registry and program files and don't see any sign of a malware reanimation, but only time will tell. At the moment, I'm operating in safe mode, and 800x600 is beginning to piss me off. Please help!

Hijack This Log attached.
 

Answer:XP freezes after malware removed

somehow my keyboard got unrecognized, so i had to use UBCD to reset all passes to blank so i could log in... the freeze still happens...
 

2 more replies
Relevance 45.1%

Hey everyone.

I have a computer I am working on, XP Home SP3. It is an HP Pavilion. At first this pc had more viruses ad spyware than any other pc I've dealt with. After two days of running every cleaning util in my arsenal I am at a point where there is no malicious software on the pc but the web browser will not surf from IE or FF.

If I boot into Safe Mode I can surf fine with IE or Firefox. I can ping, tracert, telnet, putty (ssh connection). Everything network wise seems to be fine except the browsers. Checked my HOSTS file and it is at it's default.

Anyone have any recommendations? I have HT log if that helps...

Does anyone see anything that could still be hijacking the browser? I'm thinking that one of the browser hijackers that was removed left it's settings in place for both IE and FF.

Any ideas?
 

Answer:Removed all malware but cant surf

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions.
**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using a differe... Read more

1 more replies
Relevance 45.1%

Hello a few moments ago i was working at my laptop and notice a small "X" on the bar saying that my laptop has some security problems and as soon as i right click on it to closed the internet explorer opens with this websiteantivirus.protectionscan.com/2009,1/en/freescan.php?id=77100108and also appears like is scanning I did the full system scan with the lavasoft ad ware 2008 but it didnt show anything and this pop up "X" still therehere is the info that appears from the RSIT i only got one page not two thank youLogfile of random's system information tool 1.04 (written by random/random)Run by RCR at 2008-11-26 19:08:29Microsoft? Windows Vista? Home Premium Service Pack 1System drive C: has 138 GB (73%) free of 189 GBTotal RAM: 3061 MB (65% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:08:30 PM, on 11/26/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\TOSHIBA\Power Saver\TPwrMain.exeC:\Program Files\TOSHIBA\SmoothView\SmoothView.exeC:\Program Files&... Read more

Answer:how to removed malware virus

got rid of it
thanks

2 more replies
Relevance 45.1%

I have a PC which is now clean, but I thought it might be fun and interesting to share info about this infection.... it had hijacked IE and made it appear that the PC was not going online by showing it's own "Page cannot be displayed" screen along with a "Diagnose Problems" button (which I never clicked on, DUH!). But in the address bar was this web site:
http <colon slash slash> click <dot> w3i <dot> com
followed by a slash and a bunch of numbers and letters. I didn't want to type out the exact site; it would have displayed as a link and someone might have clicked on it. This particular nastiness also had disabled SUPERantispyware, MBAM, AVG, and others. Renaming the setup files (which can help in a case like this) did nothing 'cuz the malware had also listed program files from these (and other) malware cleaners. I attached two screen shots below: one is of Windows Explorer with the main 3 files highlighted, and the other is a shot from regedit, and it shows the reg key and the disallowed list. I booted to a PECD and manually located and deleted the three files, then searched the registry and deleted the key shown in the 2nd screen shot below. I restarted, XP loaded to the desktop and I'm now able to run scans without any problems. Anyway- I just thought it was interesting, and if this all helps somebody, that's a plus!!

:-D

[dlb]

(maybe I should post a link to this in the malware forum?)
 

Answer:Just removed some nasty malware....

The Super Antispyware scan just finished and found only one trace item left in the C:\RECYCLER folder. It was identified as a rootkit:




SUPER AntiSpyware said:



Rootkit.Agent/Gen-MSIVX
C:\RECYCLER\S-1-5-18\DC925.DLLClick to expand...


 

4 more replies
Relevance 45.1%

Hi! 
Recently my son decided to download a free version of Minecraft- I have no idea the website he clicked on but all kinds of popups were on the screen when he finally came to get me. I ran Malwarebytes, and downloaded SuperAntiSpywareand ran that too. Things were found, such as sweetpacks and trojan gen-nullo,  a rouge video converter. Both logs are attached.
 
But one program, Optimum PC Boost kept popping up with messages that we had errors and wanted us to buy the program. I was surprised that neither Malwarebytes or SuperAntiSpyware caught this program, as it was continuously popping up while the scan was running. I then downloaded Kaspersky free trial and ran it, but it found no items either. I deleted the program Optimum PC Boost through add/remove hardware, but I am not convinced i am clean. 
 
While looking through the list of installed products there is something called free-4-pc-bundle. When i click to remove it, a dialog box pops up saying that when I installed it I also installed other programs (such as Google Chrome, Adobe Reader, my printer software, etc), and I know that that is not true. But the only option I have when the dialog box pops up is to remove all programs which I don't want to do.
 
Below are the logs, and the computer is running Windows XP. 
Thanks so much for any help!
Tiffany
 
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 6/19/2014
Scan Time: 5:50:29 PM
Logfile:
Ad... Read more

Answer:Need help making sure I removed all malware...

 Sweetpacks and Conduit are two really nasty forms of malware to get rid of.  You could try several things including running those two programs in Safe Mode, but when I got hit by those I ended up restoring my computer to factory settings.  The first thing you should do is make sure you have any data you don't want to lose backed up.  Then make sure you have the discs you'll need if you have to restore to factory settings.  Then, if you still have a problem, you could try doing a System Restore to prior to the beginning of your problem.  
 If you still have a problem, see the recommendations by Boopme here
http://www.bleepingcomputer.com/forums/t/538250/jskryptiki-trojan/?hl=%2Bboopme#entry3400319
 
 When you've gotten your system back like you want it, I urge you to get yourself an external hard drive and a good 3rd party backup program. You can set it up to do everything automagically at the time and frequency of your choice. 1 TB external hard drives are about $60 these days and a really good FREE backup program is the Easeus Todo Backup Free.  That can save you a lot of time and frustration the next time something like this happens. Sooner or later it happens to all computers for one reason or another.
 
 Good luck.

1 more replies
Relevance 45.1%

I have completed the Read & Run First instructions. The symptoms I experienced seem to be gone but I'm not certain that my system is no longer infected. I'm hoping somebody can look at my logs and advise me about any further actions I should take.

I first noticed problems on 6/15 when I was browsing the internet and looking for a program to remove DRM from my protected iTunes .AAC files. My anti-virus (McAfee) program warned me that it had quarantined several trojans. Here is a summary of the log events I can find in McAfee and what I remember happening.

6/15 17:35 - McAfee blocked a buffer overflow by WINDOWS\system32\services.exe at API KERNEL32.LoadLibraryA
6/15 18:17 - McAfee removed several trojans during a real-time scan
6/15 18:51 - I intitiated a manual scan by McAfee which quarantined several trojans and rootkits
6/15 20:18 - Blocked a buffer overflow by WINDOWS\system32\services.exe at API ADVAPI32.RegOpenKeyA
6/15 20:20 - Blocked a buffer overflow by WINDOWS\system32\services.exe at API WS2_32.socket
6/15 20:22 - I initiated another manual scan by McAfee which quarantined more rootkits and trojans
6/16 01:23 - McAfee detected another trojan during real-time scan
6/16 02:00 - I intiated another manual scan which quarantined another rootkit
6/16 14:29 - My computer was pinged from several IP's in Europe
6/16 17:19 - Pinged again
6/16 20:04 - Pinged again
6/16 21:50 - Pinged again
6/16 23:39 - Pinged again
6/17 11:28 - McAfee bloc... Read more

Answer:Malware removed? Please advise.

Here is the last log
 

4 more replies
Relevance 45.1%

I have found several different virus's/trojans/etc on my system.The first one I found and removed to my knowledge was one that caused a black screen with mouse pointer in Windows 7 Pro. This was kdbhook.dll.I then noticed that my browser was getting hijacked when clicking a link in a google search. I believe this was a file in the system32 file and in the registry under wininit i believe, it was attached to explorer.exe, and using process explorer i was able to find it, stop explorer.exe, delete the file and the registry entry for it. It did not come back.Now I am getting a blue screen with no cause listed (that I can see) GMER found a NV(something i cant remember the rest).sys file as being suspicious (i think was the wording) and upon researching that, I encountered the BSOD for the first time. Apparently its something to do with my Nvidia 7900GS graphic card. I was trying to look up the correct name for that log file when windows crashed, and when I ran it again, it did not appear, but the BSOD's continue.All of this because I had a Windows 7 Pro upgrade fail while it was saying Starting Services, but that never went away. I then installed Win7 pro to another drive, but couldn't access the drive or files unless using a utility. I stupidly found a torrent for one, opened it, and got a virus, that I thought I removed. No AVG installed yet, etc. This is what I preach to my family who have PC issues, but I didn't follow my own suggestions lol.The computer runs ... Read more

Answer:Various Malware detected and removed (hopefully)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

2 more replies
Relevance 45.1%

Please help!

I've tried to get what F-Secure reported as a MBR malware taken care of. I managed to use Vista's bootrec as: bootrec /FixMbr and bootrec /fixboot

Now it will only boot to "Safe Mode" and "Safe Mode + Networking". It will BSOD if I login to any of the accounts. The HJT logfile follows. Please help me analyze this! TIA, Ed

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:04:43 PM, on 9/28/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Intern... Read more

More replies
Relevance 45.1%

I was notified by my antivirus that I had acquired a malware of some sort, and it gave the option to quarantine the file, which I did. I was then told to restart, which I also did.
Since restarting, nothing on my desktop opens, it just asks which program I want to open it in, but then doesn't work. I managed to open my antivirus by right-clicking and selecting 'start', and then removed the malware, but nothing opens. Some programs, like Internet explorer, open when I right-click and select 'start' but most do not.

What can I do to get my computer running normally again?

Apologies if this is in the wrong category, but I thhought it was appropriate as I don't know if the malware has actually been removed.
 

Answer:Removed malware, but nothing will open.

11 more replies
Relevance 45.1%

Hi All,

I am having this problem with my Windows XP box, where an application starts up as windows is booted it spawns three instances and is shown by the name 'yaang'. It seems to have modified the registry keys HKLM/Software/Microsoft/Windows NT/Winlogon/Shell= & the UserInit=

I tried fixing the keys but, I guess it sets them back to the same value. I tried this while running the computer in normal mode, safe mode & safe mode with command prompt. I also tried removing the malware yaang.exe executable with killbox, but it keeps comming back here is my Hijackthis log. Any help in this regard would be greatly appreciated.

Thanks

Logfile of HijackThis v1.99.1
Scan saved at 12:29:56 AM, on 5/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\srxTitan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Multimedia\main\ATID... Read more

Answer:Yaang malware not getting removed

Hi, Welcome to TSG!!
Download Brute Force Uninstaller to your C:\
Unzip it to a folder of its own (C:BFU).

BFU should be on your root. In most cases this is C:
Download qoofix.bat (rightclick on this link and choose save as)
Place qoofix.bat in your C:BFU - folder. (Important!)
Doubleclick qooFix.bat, Close all browsers and explorer folders.
Choose option 1 (Qoolfix autofix) and follow the prompts.
Please be patient, it will take about five minutes.
After the PC has restarted please post another hijackthis log.

 

3 more replies
Relevance 45.1%

Hello, I have just been able to remove Malware Doctor, partly manually and partly using Malwarebyte.

I restarted the computer and I don't see the Doctor Malware alert message popping out anymore .... (hope this means it's not there anymore - can I check my emails now without having someone spying on my password?).

Also.
Checking my task manager, in the processes I saw this program running and I can't figure out what it is, can anybody help?

NeKkdUkddhM.exe

Thanks for any help!!

Mika

Answer:Just removed Doctor Malware

Hello and Welcome to TSF.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 45.1%

I was infected with the malware from the moneypak scam. I followed the first part of the procedure published several times by naranxp to remove the malware (see post by bighenny22 for example). I then rebooted in normal mode and followed the remainder of the procedure to check the system. My computer has been running fine now for two days. My question is: Have I done everything I need to? I ask, because naranxp asks for log files, which I can't understand. Should I look at something particular in those files? Finally, my thanks to naranxp for working out a good fix and being kind enough to post it multiple times for those of us less skilled.

Answer:FBI/Moneypak Malware: Have I removed it?

Can you post the logs ?

5 more replies
Relevance 45.1%

I ran malware bytes today and removed about 60 items which included my websearch and some other questionable items like the one below:HKEY_CLASSES_ROOT\msvps.msvpsapp (Trojan.FakeAlert) -> Quarantined and deleted successfully.If needed I can post the entire Malware bytes log - After rebooting the pc to remove all of the items that were found I re-ran the scan and more my web search items appeared.How do I get rid of my web search and the item listed above to make sure that all of the infections are gone?Thanks

Answer:Removed Malware using Malwarebytes

Hello Use ATF Cleaner:http://www.atribune.org/index.php?option=c...5&Itemid=25 Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button.If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.Notes for Windows Vista users:On Windows Vista that "Windows Temp" is disabled, to empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator"-----------------------------------------------------------------------------------------------Run RKill:http://www.technibble.com/rkill-repair-tool-of-the-week/Rkill is a small, freeware and portable tool designed to terminate active malware processes allowing you to use other removal tools. Rkill is made by a Microsoft MVP ?Lawrence Abrams? and is available in 4 different extensions. An .EXE, .COM, .SCR and a .PIF file.The reason why Rkill comes in 4 different versions is because some malware will block .EXE files in an attempt to prevent you from running other malware removal tools, so this gets around that problem.---------------------------------------------------------------------------... Read more

1 more replies
Relevance 45.1%

I am working on a friends Dell Inspiron 1525 running Windows Vista 32bit. Initially it was loaded with crap. He gave me authorization to do a DELL Factory restore. I did this and then did all of the Microsoft updates etc, installed Microsoft Security Essentials, Malwarebytes AntiMalware, CCleaner, Winzip etc...
 
I noticed as I have been working that certain keys would not function in certain locations, while they would work in other locations, and the same with other keys. Also when I left the computer on overnight and came back to it, the power was on, but when you tried to press a key to get the screen to come on, nothing would happen. Today so far it is working fine, but it may have a keyboard virus, rootkits, MBR virus or something, I'm not sure. Can someone look at it for me before I return it to him.
 
Here are the  FRST Log and the Addition Log
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-02-2015
Ran by Nard (administrator) on NARD-PC on 24-02-2015 19:27:29
Running from C:\Users\Nard\Desktop
Loaded Profiles: Nard (Available profiles: Nard)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) ==========... Read more

Answer:Possible Virus / Malware Needs to be removed

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/568221 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 45.1%

Hi,

I have Avast 5 and it scanned and found two malware files.

Here is the picture,



They will not be deleted or to be moved to Chest.

I can't get the whole information from that folder because it won't allow me to check from Avast.

I also used two malware scanners. They found nothing about those two malware files. They also found some files from Spyware.MarketScore.

Here is the log from malwarebyte,

Malwarebytes' Anti-Malware 1.44
Database version: 3765
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
2/20/2010 11:36:49 AM
mbam-log-2010-02-20 (11-36-49).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 248267
Time elapsed: 35 minute(s), 35 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 3
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 13
Memory Processes Infected:
C:\Program Files (x86)\RelevantKnowledge\rlservice.exe (Spyware.MarketScore) -> Unloaded process successfully.
C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (Spyware.MarketScore) -> Unloaded process successfully.
Memory Modules Infected:
C:\Program Files (x86)\RelevantKnowledge\MSVCP71.DLL (Spyware.MarketScore) -> Delete on reboot.
C:\Program Files (x86)\RelevantKnowledge\MSVCR71.DLL (Spyware.MarketScore) -> Delete on reboot.
C:\Program Files (x86)\RelevantKnowledge\rlls.dll (Spyware.MarketScore) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\M... Read more

Answer:Malware files that will not be removed

Hallo Chimp78, Malwarebytes needs a restart to remove some of those nasties or have you done that since you posted the log?

After that i would suggest doing another quick scan with mbam see if anything else crops up. Then run disk clean up.

Once mbam gives you a clean report i would suggest run a manual definitions update on Avast then run a Boot time scan.

This will scan your whole OS before Windows loads so it can remove nasties that it cant while Windows is up & Running

EDIT; those files that are Quarintined are perfectly safe there dont worry about deleting them yet

EDIT; If this still does not remove the files found by Avast i had a look @ Avast Forums & it seems some people have had success useing Superantispyware;
I have attached a download link it is a free program & is highly recommended by many of our members

http://www.superantispyware.com/download.html

11 more replies
Relevance 45.1%

How best to proceed from here?Description of the PC that was infected, the network and infection symptoms and combofix log as follows:PC is on business network XP Pro OS, SBS 2003, wired w/remote access, SonicWALL tz180+McAfee Enforced AVServer & all other client PC's worked normally- infected PC use is primarily Accounting w/remote deposit/check scanning- & Banking- accessed remotely via logmein or SSL VPN via GETMyLAN-BarracudaWebDriveInitial symptoms networking issues: PC getting disconnected from internet and/or server randomly PC reboot would reset connections to begin with- as progressed reboot did not fix.Investigation discovered services stopping while PC running (and not restarting with reboot as problem progressed) (PC's remain online 24/7 for remote access). As time passed more and more automatic services were affected. Upon investigation & trouble shooting (web search) i saw aggressive redirects of browser- knew that was malware.McAfee had not identified and quarantined the threat(s).Long story short- ran combo fix 7/12/2010 and this resolved all issues for the affected PC (network/internet connections & browser redirects)However- i feel VERY uneasy not knowing what it was - and since it was the primary accounting/banking PC infected.After combofix i finally got GMER to run and it reported no problems, repeated scans since w/MBAM, ESTE are clean- combo fix log:2010-07-12 00:12:22 . 2010-07-12 00:12:22 1,130 ----a-w- C:\Qoo... Read more

Answer:Malware removed.. but should i reformat?

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

57 more replies
Relevance 45.1%

Hello I hope this is the right forum area.... I have a laptop that was infected with a fake Anti-Virus program. That has been removed, with Malwarebytes, and combofix... The internet does not work now, I can ping from a command prompt any website and it replies. Through the Browser it does not, both Internet Explorer and Firefox. I checked to see they weren't going through a proxy. I also checked windows/system32/drivers/etc Hosts and it looks ok. I have also attempted to disable any startup items, still nothing. Scanned with Avast, Malwarebytes and Adaware come up clean. If I start the system in Safemode internet works great. Any ideas? I'd really appreciate any help someone can offer. Thanks alot!

HardTrancid

Answer:Malware Removed - No Internet Now

Run sfc with the scannow option, this will scan and repair important Windows files.Instructions 1. Locate your Windows XP installation CD. If you don't have one, you'll need to locate a directory on your system that's named"i386" (without the quotes). This directory may be on a hidden partition on your hard drive. 2. Go to Start, then to Run, and type in "SFC.EXE /SCANNOW" (without the quotes - and with a space between the SFC.EXE and the /SCANNOW). Then press Enter. (For VISTA, go to Start and type in the above information, then go to the top of the box and right click on SFC.EXE /SCANNOW and select "Run As Administrator") 3. The program may (or it may not) ask you for your Windows XP installation CD - please insert it at the prompt. If it doesn't ask you for the CD this means that it wasn't necessary to replace any files. 4. In the event the the system asks you for the CD, you must visit Windows Update immediately after the scan is completed (Please note that there won't be any confirmation dialog - the program will just exit without telling you anything). 5. If this doesn't repair the problem with your system other troubleshooting procedures are required.

6 more replies
Relevance 45.1%

Hi

I have a laptop which has picked up a malware infection (Virtumonde I think), the symptoms of which were IE slow to open, popups appearing, and Avast antivirus flagging up various Trojans. I've gone through the READ AND RUN ME FIRST instructions, and this does seem to have improved things. I don't know if it's completely clean now though, so if anyone could take a look at the logs and let me know if all looks OK that would be great.

Thanks
Ian
 

Answer:Malware successfully removed?

Here's the remaining log.

Ian
 

11 more replies
Relevance 45.1%

Had a system that was infected with many different types of Malware ... used Malware Antibytes and others to remove and the system seems ok - but I am still getting redirected in both IE8 and FireFox 3.5.5Here is the HiJack this log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:14:23 PM, on 12/11/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\UPHClean\uphclean.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\system32\wuauclt... Read more

Answer:Removed Malware ... still being redirected

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 45.1%

Hi I have had a few virus's and my google had been redirecting me to other sites mainly copy book redirect!. I ran my anti virus and spyware doctor in safe mode and they showed virus's etc.Can you check my hijack this log and see if these have been removed please. im worried about using the internet incase it has not been removedThanks in advanceLogfile of Trend Micro HijackThis v2.0.2Scan saved at 18:22:01, on 22/07/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\... Read more

Answer:Have I Removed Virus/malware

Hi,sorry for the delay in getting back to you.If you still needs help, please do the next:We need to update your version of Hijackthis to the latest release.Please find and delete the Hijackthis.exe you already have installed.Click here to download HijackThis.Save HJTInstall.exe to your Desktop.Double click on the HJTInstall.exe icon to start the program.By default it will install to C:\Program Files\Trend Micro\HijackThisAfter the final dialogue box it will launch HijackThis.Click on the scan button. It will scan and then ask you to save the log.Save the log, and post me it in your next reply.Regards,Rosty.

1 more replies
Relevance 45.1%

Hi and thanks for reading my inquiry.

I am having serious trouble with viruses, spyware, malware, you name it. It's been more of a problem recently, because I think it's been bogging down my system/internet. Surfing the web is completely slow. Even the main google page takes 20-30 seconds to load and playing games is impossible.

I know I have spyware and the like, because I can see them when I use the various security scanners accumulating on my computer. This leads me to explain the biggest problem I've had for a time. No matter how many times I delete/quarantine infected files using Spybot, Ad-Aware SE, XoftSpySE, or AVG they keep coming back. I have no idea why. The cleaning programs say all infected objects have been "successfully" removed from your computer, or whatever the end result message is, but upon rescanning, i get the same infected objects. Most notable are objects named:
Euroclick, Revsci, Adrevolver, Zedo, but the list goes on. According to AVG and Spybot they are tracking cookies, but they never get removed no matter how hard I try.

Another similar problem has to do with my system registry. I've been using a registry cleaner called Regcure and every time I scan the computer at least 100 new objects show up. I click fix. upon rescanning I get over 100 more problems.

This is very frustrating as anyone can imagine.

I don't know if you need the file to help me, but I've attached my HiJackThis log along with this message.

Thanks a lot ... Read more

Answer:spyware? malware? can't be removed.

so, is there a reason I'm not getting any responses? Is this problem unsolvable? Could someone at least tell me there's no help here so I'm not waiting for a response and can go somewhere else for help...

2 more replies
Relevance 45.1%

My computer was infested with malware. I was able to remove it with Malwarebytes, but I'm still having issues with:1) Only some programs showing up in Start menu2) No desktop icons3) Can't right click on desktop (in regular mode. I can in safe mode)Running WinXPOnce the virus was removed, Windows Explorer was not displaying any files/folders. I had to manually "unhide" the folders. They are now displaying in Windows Explorer and some are in the Start menu, but most are 'empty' in the start menu. So, it seems that the files and executables are all in the program file folders and I can run them. The problem is that all the shortcuts have been removed from the Documents and Settings folders. If I manually add a shortcut to the Documents and Settings folder, it shows up in the Start Menu.My first question: Is there a utility or something that can restore all those shortcuts? Note, this is my friend's computer and they don't have a back up I can restore to. The second and third issues have me baffled. When I log on to Windows I have the task bar and start menu, etc but the desktop is blue and I can't right click on it to get anything (properties, etc). At least in regular login. When I start up in safe mode and login as the admin, I can right click and go to properties, etc. Any ideas on how to fix this problem, short of doing a restore?

Answer:Removed malware but still have issues

Run hijack this in normal mode & post the log.How do you know when a politician is lying? His mouth is moving.

8 more replies
Relevance 45.1%

...I am still showing traces of what appears to be part of the AntiSpyware2009. At first I was freezing up and unable to run malwarebytes or superantispyware untill i removed the drive from this computer and scanned it with another computer. I then put the drive back into the computer and was then able to reinstall the above programs as well as trojan remover and eliminate a few more ssues. After multiple scans of trojan remover, malwarebytes, and superantispyware, I am not detecting anything else. Whatever it was that got to my system also knocked out my system restore function in XP home. I cannot turn off system restore. The section of system restore is greyed out as well (it says disabled by group plolicy).Could you take a look at my log file and see if I can do more, please?Thank you in advance.JimbyLogfile of Trend Micro HijackThis v2.0.2Scan saved at 6:20:16 PM, on 5/28/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\WINDOWS\Exp... Read more

Answer:I removed a few viruses and malware but...

Hello and welcome to Bleeping Computer. Sorry for the delay the forums here at BC are alwaysvery busy and we do are best to keep up. If you no longer require any help could you let me no please, so this topic can be closed.My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I wouldbe grateful if you would note the following: Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
If I do not hear back from you within 5 days of my last post, then this topic will be closed.First I would like to see a new log since alot could have changed since your origional post.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Thanks

2 more replies
Relevance 45.1%

Hey there, would like to start by saying thanks for the help in advance. Here's the situation:

My laptop (running on Vista Home Premium Service Pack 2) recently became infected with the 'Vista Home Security' malware. Needless to say I was unable to do anything booting up normally, so I tried to start up in safe mode. However, starting up in safe mode did nothing to stop the malware, so I had to use my girlfriend's computer to download rkill and Malwarebyte's Antimalware. The first time I ran rkill and did a quickscan with Malwarebyte's it captured the malware and I was able to start up normally, however my virus protection (webroot antivirus with spysweeper) kept getting turned off and I had to turn it on normally. After a few more scans with malwarebytes I removed the same viruses again, and since scans come up clean. Since then I've become aware that my computer probably became infected because I've neglected to update many of the programs on my computer for a long time.

Since then I've been running updates for everything, but the problem is that my computer takes forever to start up, and freezes when I'm surfing the internet. The mouse freezes and I cant do anything, and have to wait for about five minutes for task manager to open up. This never happened before I removed the malware. Malwarebyes and webroot haven't turned up anything since but the poor system performance and random freezing leads me to believe there might be something that wasn't picked up when I re... Read more

Answer:Malware Removed, Still Problematic

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.

===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: A guide and tutorial on using ComboFix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.

How to : Disable Anti-virus and F... Read more

11 more replies
Relevance 45.1%

I believe I have more than one virus on my system. I've deleted several, they keep coming back with different names. The ones I can't delete are Smitfraud-C. & WildTanget. The virus software is saying these are Trojans & high risk. I've ran almost 4 diferent adware, malware & virus remover programs, & a registery cleaner. None have been able to fully help. I need to be able to log into important sites like my bank & I'm terrified to because of this on my system. PLEASE HELP!!!!!!! THANKS SOOOOOOOOO MUCH IN ADVANCE!!!!!MY HIJACKTHIS LOG:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:33:57 PM, on 10/23/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXEC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32 ... Read more

Answer:Trojan & Other Malware can't be removed

Hello alyssa2008,

I apologise for the delay, the forum is busy.

If you still need help, post a new HijackThis log.

2 more replies
Relevance 45.1%

Hello,

First, thank you for helping me with these computer problems. On 6/5 I was using Firefox and reading a PDF document when errors popped up on my desktop. I first received random pop-ups claiming that I had run out of hard disk space, a drive error was imminent, etc. The first thing I did was system restore to a point three days ago 6/2. The those pop-ups were eliminated. Additionally, I ran Malware Bytes immediately along with a program called CCleaner. However I still continue to get two problems. 1st I still get a message on the desktop when the computer starts-up that says "Catalyst Control Center: Host application has stopped working." Attempts to install recent drivers have failed.
2 - The desktop icons look very strange, as if they were "Cut" but not yet "Pasted." There are some icons that are opaque as they should be, but the ones that are seem to be random ones.

The problem that I have been facing is very similar (exact perhaps, though I can't be certain) to the problem found in this post: http://forums.majorgeeks.com/showthread.php?t=230096

Please note that I haven't attached a file for RootRepeal because I am operating on a Windows 7 64 bit version.

Thanks for your help
 

Answer:Unsure if Malware is Removed

Uninstall below outdated java.


J2SE Runtime Environment 5.0 Update 15
Java(TM) 6 Update 20




"Catalyst Control Center: Host application has stopped working." Attempts to install recent drivers have failed.Click to expand...

Something to further discuss in the software/drivers forum.

C:\ProgramData\~37412600 <--- Delete this file.

Reboot your machine and install the most current and up to date version of Java available here at the below link:

Java Runtime 6

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista or Windows7) Then attach the new C:\MGlogs.zip file that will be created by running this.
 

7 more replies
Relevance 45.1%

Used malwarebytes to remove some spyware. Computer didn't have internet access before, after removing the spyware I still can't get the internet connection restored. I have tried resetting winsock with netsh winsock reset. Among many other things. Here is the hijackthis logLogfile of Trend Micro HijackThis v2.0.4Scan saved at 3:28:18 PM, on 5/14/2011Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v7.00 (7.00.6002.18005)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeC:\Program Files\Zune\ZuneLauncher.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Windows\System32\rundll32.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\HP\HP Software Update\hp... Read more

Answer:Removed malware no internet

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

2 more replies
Relevance 45.1%

Hello I have had the internet security 2012 removed with the help of thisisu from the malware support section now I am having all sorts of stuff pop up and shut down my computer.

Microsoft Windows XP
Home Edition
Version 2002
Service Pack 3 32 Bit

Dell Dimension 8400 Intel R Pentium 4 3.20 GHZ 1GB of Ram

Ok here are some of the problems

1. svchost.exe - Application Error
The instruction at "0x07c9100e8" referenced memory at "0x00000010" The memory could not be "read".

2. Generic Host Process for Win32 Services
Geneeric Host Process for Win32 Services has encountered a problem and needs to close. Blah Blah Blah
The error report contents:
C:\DOCUME~1\CHRIS~1\LOCALS~1\TEMP\WER ee89.dir00\svchost.exe.mdmp
C:\DOCUME~1\CHRIS~1\LOCALS~1\TEMP\WER ee89.dir00\appcompat.txt

3. sometimes for no reason the computer shuts down to a blue screen and says something about a dump of physical memory:
Stop: 0x00008086 (0x00000000,) x4

4. Upon starting the computer it always says Floppy Diskette Failure Strike F1 key to continue, F2 to run setup utility.

I have run the setup utility and put all the settings back to default and that has not helped.

Thanks for your time
 

Answer:Malware removed now some new issues

So the system is 100% clean? I'd get an AV boot disk just to make sure (link)

Then run SFC, system file check with your OS disk in the drive.

Also you can go into the BIOS and disable the floppy if you don't use it.
 

5 more replies
Relevance 45.1%

Hey guys,I need help! Spybot detected a malware entity in my computer called "MYSOFT" and for some odd reason it can't be removed . The first reason was that it might be still in my memory so it offered an option to run spybot after reboot. I rebooted and it scanned my computer before windows started. It detected that malware entity and I chose it to delete it but it still cant be deleted! . The reason was still the same, that the fact it was still in my memory. I ran the latest version of adware and it didn't detect it (but spybot did). Help me please! btw, here is my hijacklog...Logfile of HijackThis v1.97.7Scan saved at 5:27:31 PM, on 4/11/2005Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\ZoneLabs&#... Read more

Answer:Hijack this log! Malware can't be removed!

Here are some screen caps of what im talking about:Here is the Malware in question:Here is the dialogue box i always get when i try to get rid of it (even after reboot).Hope these screen caps will help you get a better idea of what im talking about.

8 more replies
Relevance 45.1%

Please advise which ones need to go.HJT Log:Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Common Files\ActivCard\acachsrv.exeC:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exeC:\Program Files\Common Files\ActivCard\acautoreg.exeC:\WINDOWS\vVX1000.exeC:\Program Files\Common Files\ActivCard\acautoup.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exeC:\WINDOWS\system32\Rundll32.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\Grisoft\AVG... Read more

Answer:Removed 15 Viruses/malware Already. Help Please!

byxvsqr.dll Keeps coming back even after FixCheck. WHY?

How do I get rid of it?

5 more replies
Relevance 45.1%

Hello,
I've run the Read Me and attached the logs. The script error messages and virus alerts seem to be gone. Windows still runs a bit slow, but that just might be how this PC has always been (256 MB RAM on WinXP). So before I go on to the next step and reset the System Restore points, I was hoping someone could give me the go ahead after reviewing the logs. Thanks

RJ
 

Answer:Removed malware, have logs

The other 2
 

4 more replies
Relevance 45.1%

Hi,
i have windows vista. and only 1 account, so its the admin account. now, when i ran spybot, it founf 2 malware and when i tried removing it, it says you have to run as administrator to remove these programs. It then shows an error that " cannot create C:/Windows/wininit.ini". The malware is Win32.Fraudload,edt
PLZ HELP

thanks,
Dheeraj

Answer:Spybot malware not getting removed

With a lot of things that you do with Vista you have to rightclick, run as administrator, to elevate the programs priviledges to the highest level.Real painPlease download Malwarebytes Anti-Malware (v1.40) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan butto... Read more

6 more replies
Relevance 45.1%

Dear,

I runned a malware removal program. The program worked but now I get some alerts about missing dll files when I start up my computer. The missing dll files are nnnmkIYQ.dll, kifxwagr.dll and tuvWpNeD.dll. Can someone help me with this problem.

Best regards
 

More replies
Relevance 45.1%

http://www.kaspersky.com/about/news/virus/2015/Equation-Group-The-Crown-Creator-of-Cyber-Espionage
 

Answer:new firmware malware cant be removed

Yesterday's front page news
 

1 more replies
Relevance 45.1%

I've been trying to get rid of this problem, but have had no success. I believe my computer was infected with it on 1/31/08. Not exactly sure what I had done, but I noticed pop ups randomly popping up after some time.
I followed the guidelines and created some logs. Please help when possible. Thank you in advance, whoever will be available. =)
 

Answer:Core malware can't be removed

Hi Ramza!
Welcome to Major Geeks!

AVG Antispyware didn't run and neither did HijackThis. Please rerun AVG Antispyware, but this time, be sure to shut your computer down and unplug it from the internet. Reboot while it's still disconnected and disable any antivirus, antispyware and firewall programs you have running. When it runs, please have it fix everything it finds.

For HijackThis, please do the following. Go to the folder C:\MGTools (or the directory where your operating system is located if it's not under C) and look in this folder for the program called analyse.exe. Double click on this program and select "Do a system scan and save a log file". Allow it to run and then attach the log to your next post. The log will be called HijackThis.log and I think it will either be in the MGTools folder or directly under C:\

Be sure that your antivirus, antispyware and firewalls are connected before you reconnect your computer to the internet. This should occur automatically when you reboot. If not, just reenable them manually.

Thanks very much.
abri
 

7 more replies
Relevance 45.1%

I was infected by various trojans and spywares. The steps I did to my Vista home premium sp2 laptop are below.

- Ran an offline avira rescue cd and cleaned all files.
- Ran a ccleaner to clear junk files.
- Ran an emisoft full scan and removed all it found.
- Ran a superantispyware professional trial full scan and removed all it found.
- Ran a malwarebytes full scan and removed all it found.
- Ran smitfraudfix.
- Ran combofix (wish I would have found this site before running...sorry ahead of time)
- Ran hijackthis removed invalid entries.
- Uninstalled all anti-malware products listed above.

System appears to be clean and functioning "fairly well". Windows Update has a problem with patches due to invalid image wuapi.dll. In general though I was able to get Microsoft Security Essentials back on the laptop and functioning.

Please review my logs and see if there is anything more I can clean.

Answer:Malware Removed Needs Reviewed

I forgot to add my emisoft log. Adding it.

3 more replies
Relevance 45.1%

Hi there!

The other day I got a malware program along the lines of vista internet security 2010 (possibly 2011) that claimed to be a Microsoft firewall.

Every time I tried getting onto Firefox a legitimate looking Windows pop up would say Firefox is infected with a virus and I needed to pay to download particular software in order to get rid of it; directing me to a site in order to facilitate this.

I was immediately suspicious and did a search to explore what this software was. A brief search told me that it was malware seeking to con me out of credit card details and also containing key stroke detection software.

I did a system restore to 3 days prior to the date that I started getting these symptoms when I had had no problems. The obvious symptoms like the Windows pop ups have gone and all seems well. To be sure I downloaded and ran Malwarebytes which detected and deleted 4 moles.

After all that can I be fairly sure that the malware has gone? There don't seem to be any more symptoms but my big concern is the reported key stroke detection software remains and I am concerned about doing any kind of online banking or purchasing.

I am fairly certain it has gone, and just hoped for some piece of mind as I don't really know what I am looking for when examining processes and the like to see if anything untoward is happening. Thanks very much.
 

Answer:Have I successfully removed malware?

Welcome to MG's. The only way for us to determine this would be for you to do the following:

READ & RUN ME FIRST. Malware Removal Guide
 

3 more replies
Relevance 45.1%

It had a ton of malware / viruses.  LaFlurla, among others.
 
Scanned and cleaned with Comodo CCE, and MBAM.  
 
After three or four passes all came up clean.
 
But now...  nothing works.  IE opens, to MSN.com or whatever the first page is, but then won't go to any other pages.  It just spins with two iexplore.exe processes in taskmgr.  One taking up 50k+ RAM, the other 4k~6k.  Closing either closes both.  
 
Can't do windows updates - it downloads, installs, and reboots, then notes "failure" and reverts.  I can do one or two at a time fine, but the system needs some 120+ updates as it had not been updated in a long time.
 
Won't install SCEP.  0x80004002 error when it gets to the update part.
 
All sorts of WMI and DCOM errors in event logs.  I got the DCOM errors sorted, mostly, and followed various support articles on the WMI errors. 
 
But I have hit a wall
Attaching full logs of MBAM, and Farbar Recovery Scan.
Any help appreciated.
 

Answer:Malware removed (I think...) but now nothing works.

Well, those MBAM logs are pointless - I swear each time it was finding tons of stuff, and I exported the log and then cleaned.  Great.  That will help this process so much.  

7 more replies
Relevance 45.1%

I was recently infected with some malware which included a rogue anti-spyware software called "Anti-spyware soft" Though my issues we're not quite as straight forward as other people (from what i've read in other forums) Using some of the information on this site (http://deletemalware.blogspot.com/2010/01/how-to-remove-antivirus-soft-fake.html) I was able to remove the malware or atleast solve a lot of the issues caused by the malware.Unlike other people infected with this rogue software i was unable to boot into safe mode, every time i tried my computer would reboot. Here are some of the things i did to remove the malware1. First tried the stop the software from booting in msconfig after rebooting so it wouldn't load up but this didn't quite workout (after having tried to boot safemode)2. Ran a scan, also found the site mentioned above.3. Used a Ubuntu LIVE CD and remove enough of the malware to beable to stop the software from running when i booted up my pc.4. Followed the "Alternative Antivirus Soft removal instructions using HijackThis (in Normal mode):"The guide is as follows". Download iexplore.exe (NOTE: iexplore.exe file is renamed HijackThis tool from TrendMicro).Launch the iexplore.exe and click "Do a system scan only" button.If you can't open iexplore.exe file then download explorer.scr and run it.2. Search for similar entries in the scan results:O4 ? HKLM\..\Run: [mxdeorsw] C:\Documents and Sett... Read more

Answer:removed malware but still having some issues

Please run a Malwarebytes scan and post the log.

8 more replies