Computer Support Forum

rootkit or/and worse

Question: rootkit or/and worse

not sure where to begin. my problems started installing something i thought was activeX to my fujitsu xp sp2 2002 laptop(not able to upgrade to sp3). i know the date and time as well. half of my desktop disappeared along with half of the start/programs. loads of popups and a mighty sirupy internet connection. instantly scanned with malwarefighter/superantispyware/spybot/symantec antirus/ccleaner.. and later anything i could think of. think it was the malwarefighter which found rootkit infection.(rootkit0access c:system volume info/restore..... exe). things seemed back to normal for half a day, only to come back worse than before. my missing desktop icons/programs, start/programs came back as i learned they only were made hidden. though most systemtools etc were gone..(later installed back)

now my problems/symptoms are as follows :
at (every!!) startup im told there is hardware found, other pci device.
my wave sound (in advanced mode is muted)
internet slow with constant avast popups
control has no parent windo.
tidserve activity 5
generic host process for win32 services problem.
my avast pops up messages constantly when connected to the internet.most mention explorer.exe.
the fan usually runs wild when browsing

combofix says rootkit activity
mbrcheck says c: error, physical drive0 mbr code faked, found non standard or infected mbr.
rkill says xSystemrootx\system32svchost.exe -k rpcss incorrect imagepath
gmer wont run(most of these programs wont run at all)

this was way over my head from the beginning. im surprised the computer runs at all.

it would please me greatly getting any feedback regarding this.

-jo

Relevance 100%
Preferred Solution: rootkit or/and worse

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: rootkit or/and worse

Please follow these instructions: READ & RUN ME FIRST. Malware Removal Guide

16 more replies
Relevance 56.99%

i have a rootkit infection, its causing my browser to get redirected to things like rogueantispyware and banned content sites(yuck!) and causing some pages to load on their own like gugle.com(yeah that is how it was spelled), ive run a number of different programs to get this off, such as spybot and malwarebytes, but every time i click the icons, i get nothing, its like telling a brick wall to move, whatever this is has disabled them. i tried uninstalling and reinstalling the programs and i have the same problem, they just wont start, can someone help me? in the past ive used combofix at the advice of a buddy who is darn good with pc's(he even helped me fix an issue that msn-the service provider couldnt help me with, using their own online data!) and in the past it was worked well for me, no problems except for that one time that it had a bug that subs took it down for so he could fix it, each time after it worked perfectly but now i cant get it run either.im wondering if there is something the exe's need in the operating system for them to be able to run, and if they are being denied access to whatever that is, i have a hijack this log, i looked through it and couldnt find anything alarming but im no expert(fairly decent with a system, but no expert, i was wondering if someone here could help me.when i tried to go to the site for spybot, i think its safer networking, to get an updated version thinking it would fix it, the site wouldnt come up, its acting like... Read more

Answer:rootkit infection, worse than other ones ive dealt with

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.I would like to get a better look at your system, please do the following so I can get some more detailed logs.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message w... Read more

20 more replies
Relevance 56.17%

Hi, I am in need of some help as this rootkit I have gotten has infected both of my Acer laptops. 1 Acer is a 4 G running windows 7, the other is 6 months older an Acer 3 G running windows 7. when the first laptop started acting up, i could'nt fix it & my husband bought me a brand new one, to replace it. believe it or not the new 4 G Acer got infected from my Webroot internet security CD! that;s the only way i can figure it got in the new one. I sent my 3 G Acer to a PC guy, to have Windows 7 reinstalled, as I had no disk from factory to do so. While it was out being repaired, i started my new laptop, removed McAffe which came with the PC, and tried to install Webroot internet security from a CD. I wondered if it was possible for the infection to be on the CD, (as it had been in the old PC) and asked my PC guy this. He assured me that Webroot and other software companies have fail safes on their programs for this. needless to say, he was WRONG. My 4 G Acer is now showing the same symptoms. Every time I boot my PC my file sharing and network discovery settings have changed! I have to manually go and change them back to no file sharing. whatever infection I have is taking ownership of my files, alot of files are becoming ACCESS DENIED. I tried researching all the symptoms, and so far it seems to be a bad rootkit, maybe a kernel rootkit. my symptoms resemble the terror rootkit or Vundo? From what I've read this infection is so bad it actually creates a clone on you... Read more

More replies
Relevance 47.97%

Hi all,

I started the day on a high note, before turning on the computer that is, thinking I was going to get some things done. This was not to be: So we start at:

FAIR:
After XP loaded it said that it had recovered from a serious error Product ID _251... so I did some digging around and got some info from microsoft's web pages complete with registry fixes (deleting bad entries, etc.)

I did a quick scan with malwarebytes and it found some stuff that I deleted and when I did a restart it didn't come up correctly.

Went into safe mode and it came up.
(made a HUGE mistake here. Did not copy files I wanted to save when I had the opportunity)
Closed out of safe mode and let it start normally.
Would not boot normally.
Tried to boot in to safe mode and now its recycling back to POST, we have gone to...
BAD:
Hmmm. So I thought how about putting the XP disk in and then do an install leaving file system intact.
When I got to the point of doing the install I chickened out because it said that it might delete the My Documents folder (had some things in there I didn't want to lose) I've done this procedure before and perhaps I should have taken the second opportunity to recover gracefully but I did not.

I hit F3 to cancel out of the install to try and boot from my other HD that has XP (but with some driver issues that I had yet fixed.)

I went into the CMOS to change boot order and notice that the hard drive (the one that I was trying to boot into is not showing ... Read more

Answer:HD/Filesystem prob:Went from fair to bad; then to worse, much worse

Test the HDD with the drive manufacturers disk tools (preferably using a different PC). Run the short and long tests. If either test fails or has errors, the drive is faulty.

4 more replies
Relevance 47.97%

My icons are disappearing
The computer is running slow
Viruses have completely taken over my computer
I am going through financial difficulties right now and would REALLY appreciate help.
I understand computers therefore I can take direction fairly well..
Just please tell me what I need to do.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:43 AM, on 5/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\svcd\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDO... Read more

Answer:It's Getting Worse & Worse. PLEASE. I cannot afford to bring it anywhere:( LOG INSIDE

7 more replies
Relevance 46.33%

I bought a Think Pad in April last year which does not start anymore, no lights,nothing.I wanted to send it back to Lenovo for guarantee.Ther ist only ONE problem, there is no sticker on the laptop which shows me the serial numer. Obviously there supposed to be on, but it is missing!!!I do have the invoice which shows the purchase date, but no serial either.I already quit wasted some time to with this bull**bleep**, I hopefully do not need a layer for that.Here you see the last response of the "support" manager -Dear Michael Mueller,Unfortunately I have to inform you that you have no guarantee for this machine.Repair of machines that do not have a sticker can only be carried out by a Lenovo service partner.Lenovo Service Partner:https://pcsupport.lenovo.com/de/de/serviceproviderIf you have any further questions about this service case, please send us an e-mail to [email protected] or call us on the free phone number DE 0800 - 500 4618 / AT 0810-100-654 / CH 0800-55-54-54. Lenovo regularly conducts customer surveys on service quality.If you are selected, please take a few minutes to answer the questions.We thank you in advance.  Yours sincerely, Davor KrpanLenovo Technical Support IBM Hrvatska d.o.o. za proizvodnju i trgovinuMiramarska 23, 10 000 Zagreb, HrvatskaUpisan kod Trgova?kog suda u Zagrebu pod br. 080011422Temeljni kapital: 788,000.00 kuna - upla?en u cijelostiDirektor: ?eljka Ti?i??iro ra?un kod: RAIFFEISENBANK AUSTRIA d.d. Zagreb,... Read more

Answer:guarantee handling - bad worse than worse

I just forgot to mentioned, that the purchase was done through the Leonovo online shop itself -  VERSANDBESTÄTIGUNG Ihre Bestellung wurde versendetSehr geehrte(r) Michael Müller,vielen Dank für Ihre Bestellung im Lenovo Online-Shop, der von Digital River unterstützt wird.Die folgenden Produkte wurden versendet.Bestelldatum14. April 2017Bestellnummer23856585462Tracking-nummer1ZAF68846704024055Folgende Artikel wurden versendet: BestellmengeProdukt-SKUProduktnameVersandmengeVersandmenge gesamtBetrag120J1CTO1WWThinkPad 13 2G11800,52EURWenn Sie per Kreditkarte bezahlt haben, wurde Ihre Karte nun belastet.

1 more replies
Relevance 46.33%

i've had verizondsl for about half a year or so now, and from last month to present, the connection has been horrible.. sometimes it would just hang for up to a minute at a time, with the modem activity light blinking slowly (loss of connectivity).. before it started, speeds were decent, and although slow compared to the optimum cable i was used to, it was sufficient. now it's just pure garbage. if it weren't for the fact that we're getting free cable, i would immediately switch to roadrunner

i figure asking you guys is probly much more helpful than those scripted outsourced fools at tech support. i tried all that "reset your modem" "unplug the ethernet cord" "make sure you're computer is on" crap already and would like some REAL answers..

PS- at my old house, we used to have verizon as well, and after a while it just stopped all of a sudden and when we called to see what happened, they said since there was construction in the area, they must have switched our phone line over to one with a further CO, and we were now too far to service. verizon is teh gay.
 

Answer:verizondsl getting worse and worse speeds

Well try plugging the modem into the demark jack if you have one (by where the phone line comes into your house). See if this still happensl. If it doesn't maybe something happened to your internal phone lines. (this probalby won't be the issue I'm betting).

Beyond doing that phone your ISP and get them to file a support ticket or whatever they call it there. When I was having trouble with my DSL connection a couple years ago I phoned up, they sent a guy from the telephone company to test the line and they replaced a device at the CO and the connection has been perfect ever since.




The [H]orde needs You!
 

15 more replies
Relevance 46.33%

I was curious if anyone out there knows anything about this...

I have a self-built computer, three years old now...and day by day it's getting worse and worse!

AMD Athalon XP @ 1.1 GHz
512MB PC2700 DDR-SDRAM
Windows XP Pro.
Radeon 9500 Pro. 128MB DDR

The problems started about six months ago--every time I'd turn on the computer, it'd scan the hard drive for errors, claiming an improper shutdown. Then, two months ago, it started going to a black screen saying a windows file is corrupt, use the XP CD to restore the file--but simply restarting the computer at that point would get it going (only came up on a fresh start).

Then in the recent times, the screen is completely black. I turn on the computer, and no signal is sent (I'm guessing) to the monitor, so it's just flashing the power light...but after waiting approximently 10seconds, and restarting ('reset button'), it would go to the other problems--file corrupt screen, then the error scan...and this latest time, it took 4 resets for the screen to catch a signal...

All wires are plugged in good, and everything seems to be functioning properly, except for, of course, this problem I have...and I really have no idea where to start on fixing this. I planned on keeping this computer for another year or so--and hope this can be fixed! Anyways, any ideas/suggestions, please let me know!

Thanks,
-X

Answer:My Computer - Getting Worse & Worse! Is there hope?

take the graphics card out and insert it back in firmly making sure it is sat properly in its slot. check the manufacturers websites for your motherboard and graphics card and see what the bios updates do, and see if they have any FAQ's to check if anyone else has been having similiar problems to you in terms of people who have the same motherboard or graphics card??

Email the manufacturer(s) for your motherboard company and graphics company.

2 more replies
Relevance 46.33%

Initially it was Edge not working properly, now it mostly crashes. Even the new "amazing" feature of tab previews doesn't work properly. Imagine, I moved back to Chrome after so many years of being a happy IE user. Cortana was a bit iffy with "Hey Cortana". Now she doesn't listen to what I say at all, even when I press the button. The notification center has its own mood. Often decides to hide until I restart for absolutely no reason at all. Same goes for the sound volume and other flyouts on the desktop.
In short, there is massive degradation of various major features with every new build. And since I post all the issues I find using the feedback app, I know it is not just me experiencing these things. This is disastrous.
So, is it just me or you experience similar issues yourself?

Answer:Is it just me or does Windows 10 get worse and worse with every new build?

It's just you.

10 more replies
Relevance 46.33%

Hi everyone,
My bottom fan on my PC was being very loud, so I opened up my case and unplugged the power supply, and flicked off the power switch on the back. I unscrewed the bottom fan and dusted it a little bit, and then I put it back together how it was before.

The part that I unscrewed also contained my hard drive, and now that it is reseated I cannot boot.


At first I got an error when booting:
Loading operating system . . .
disk boot failure, insert system disk and press enter.

THEN, I tried making sure everything was connected well and tight, and now I am not getting anything displayed on my screen.

Apologies for the lack of knowledge and thanks for the help.

Jeremy
 

Answer:Boot problem, getting worse and worse

It is possible that when you removed the fan and hard drive, you plugged the hard drives SATA cable into a different SATA port on the motherboard. Get into the bios, and make sure that the hard drive is being detected properly
 

1 more replies
Relevance 45.92%

I've already run malwarebytes, combofix, Spybot.

The winfiles and Pe-files attachments are from rootkitty running on ubcd4win, although they could possibly have been modified by the rootkit before uploading, as I uploaded them from the infected machine.

Here's dds.txt,
DDS (Ver_09-07-30.01) - NTFSx86
Run by Winxp at 9:13:45.14 on Sun 08/30/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.511.182 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\avgas\guard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C... Read more

Answer:Rootkit, Vundo.h, Rootkit.agent, Rootkit.Rustock, Rootkit.Dropper, Slenugga, FakeAlert, WinWebSec, etc....

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

3 more replies
Relevance 42.64%

Hello my new bestest friends. I need help ! (as does everyone who comes here) My computer has been running like a bag of you know what for about 3 weeks. IE became corrupt and will not start even after uninstalling and re installing Versions 6 & 7. However this is not the problem as I am currently using safari and finding it great. The problem lies with my computer and it's sluggishness, ever since IE became corrupt my computer seems to have slowed. I am getting occasional Internal memory (blue dos screen) errors and several other little glitches like windows XP's search program will not close after I perform a file search. I have performed several Virus & spyware checks such as AVG and Spyware Doctor also several registry progs like registry Booster.AVG comes up clean, however Spyware Doctor and Registry Booster both show a lot of Registry errors inluding heaps of lnk file and url files. I removed most of these the first time around but discovered it to have deleted all my shortcuts and bookmarks that I much needed (well not so much the shortcuts) It did not remove the actual .exe files but was a major hassle as my dektop shortcuts where wiped. So I performed a system restore and now have everything back.I am wondering are/have these files become corrupt or is this just overkill on the software (spyware Doc & reg booster) behalf?? I have also noticed in my Hijack this log that there are several (missing files).I am so in need of help as i use my computer to p... Read more

Answer:Need Help Computer Getting Worse And Worse!

Hello Krisso,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies
Relevance 37.31%

OK- I am not extremely computer savvy... I may have destroyed the computer beyond repair, but my files are not backed up and all of the videos of my son when he was a baby are on there and only there. So, HELP!!!! I had a bad virus that started as pop ups for fake virus protection- I can't even remember what it said. I gave it to my brother in law to fix and it took him a month to tell me I needed to backup my files cause he was going to dump the whole thing. Last night after plugging in the USB and having it fill up without even getting through a 1/4 of our pictures, I decided to try to get rid of the virus myself. I ran malwarebytes which found some items and told me to shut down to complete. I did, got the blue screen- started in safe mode w/ networking (got a pop up that said malwarebytes could not be located). After some more searching, I downloaded Hitman that was made for the DNS virus- I know whatever it is on my computer is really bad. The local connection icon was completely removed. Ethernet driver gone and microsoft system tools like firewall and security all gone. Here is a what hitman said before it told me to reboot to complete the deletion of the virus (s). Rootkit rootkit.mbr.pihar.d (boot image) ,trojan.tdlphaze.1, rootkit.win32.pihar!Ik, Win32/bootkit, Malware gen:variant.graftor.13001 (engine A), backdoor.maxplus, trojan-dropper.win32.sirefeflIK... and 57 items in tempfiles..... HELP PLEASE!

Answer:. Rootkit rootkit.mbr.pihar.d (boot image) ,trojan.tdlphaze.1, rootkit.win32.pihar!Ik, Win32/bootkit, Malware gen:variant.g...

Copy this tool to the infected PC FSS Checkmark all the boxesClick on "Scan".Please copy and paste the log to your reply.

1 more replies
Relevance 35.26%

Hello,I have been working on cleaning this system(Desktop PC: Dell Optiplex 7500: Windows XP SP3)for a few days now after discovering an old partially removed infection of Paladin Antivirus. Ran the usual removal tools, MBAM, Combofix, Avast Boot Scan, and F-Secure Online scans, and all show up clean now; however, the Avast real time behavior scanned is still flagging a latent Rootkit service: SVC:PRAGMApxevsticxr. Of course when avast asks what I want to do I choose delete, and it recommends boot scan which comes up clean, and the avast process starts again. Knowing I was still infected, I decided to go to the ever trusty, but lengthy ESET online scanner which found: C:\WINDOWS\PRAGMApxevsticxr\PRAGMAc.dll a variant of Win32/Kryptik.EXT trojan cleaned by deleting - quarantinedC:\WINDOWS\PRAGMApxevsticxr\PRAGMAd.sys a variant of Win32/Rootkit.Kryptik.AZ trojan cleaned by deleting - quarantinedC:\WINDOWS\PRAGMApxevsticxr\trz1D.tmp a variant of Win32/Rootkit.Kryptik.AZ trojan cleaned by deleting - quarantinedC:\WINDOWS\PRAGMApxevsticxr\trz3.tmp a variant of Win32/Rootkit.Kryptik.AZ trojan cleaned by deleting - quarantinedC:\WINDOWS\PRAGMApxevsticxr\trz7.tmp a variant of Win32/Rootkit.Kryptik.AZ trojan cleaned by deleting - quarantinedand then in a subsequent ESET scan: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000075.dll a variant of Win32/Krypt... Read more

More replies
Relevance 35.26%

Got some problems.I am running Vista on a Gateway. Everytime I run a AVG or otherscan the computer just restarts itself without being prompted. Before it restarts it shows a Trojan, Windows Antiviruspro and Rootkit.cloaked/service-gen 3. RootkitRepeal and dds will not run but HJT will run.Any help is appreciated.Here is a HJT logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 3:18:36 PM, on 8/18/2009Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16890)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Windows\sttray.exeC:\Windows\System32\hkcmd.exeC:\Windows\WindowsMobile\wmdc.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\igfxpers.exeC:\Program Files\AVG\AVG8\avgtray.exeC:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXEC:\Program Files\Glance23\Glance.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\System32\mobsync.exeC:\Windows\system32\wuauclt.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software ... Read more

Answer:> Rootkit, Trojans and Windows Antiviruspro, cannot run rootkit tool, restarts computer on scans

Hello my name is Sempai and welcome to Bleeping Computer.*We apologize for the delay. Forum have been busy.*I want you to understand that I'm still a trainee here. I will be working with my Coach who will approve all my instructions before posting them to you, so there's a possibility to have some delays in my responses. But the good part is, there are two people reviewing your problem instead of one.*It is important not to make any further changes or run any other tools unless instructed to. This may hinder the cleaning process of your machine.*You must reply within 5 days otherwise this topic will be closed.Your log will be analyzed and you will be instructed on what to do next as soon as possible.

21 more replies
Relevance 35.26%

I originally received Security Tool 2011 from golf.com.au. It came through svchost.exe.

I found and deleted the .exe and System Restored to before the infection. In safe mode with networking (i..e without firewall), iexplore.exe was startig by itself and before I picked up on this I believe I was infected with a series of trojans and other nasties. Many of these were picked up by Malwarebytes and SUPERAntiSpyware. I then used Avast! and it picked up a Win32:Cossta and the Alureon Rootkit. The Cossta trojan was cleaned. The rootkit has remained.

MBRCheck diagnosed the MBR Code as being non-normal or infected. Boot_remover identified the code as 'FAKED!'

After cleaning as much as I could with Avast! Boot scans, I attempted to use both MBRCheck and boot_remover to 'fix' the MBR. Neither were able to.

My next step was to download aswMBR.exe but it would not run. I then attempted to download GMER but the options were greyed out. I then downloaded TDSSKiller which detected 1 Rootkit which I 'cured' and 1 locked file which was 'skipped'. A log is provided below.

This allowed me to access aswMBR.exe which I ran, and posted the log below. After this I ran ComboFix (sorry!!) which said I had Rootkit: Zero Access. ComboFix rebooted and successfully went through all its 'stages'. The ComboFix log is provided below. Interestingly, I had uninstalled all my Anti-Virus software prior to running ComboFix, except for Malware Anti... Read more

Answer:Infected with Rootkit: Zero Access from Security Tool 2011 [Also potentially Rootkit: Alureon]

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/427038 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

14 more replies
Relevance 35.26%

I'm working on a friend's laptop and they believe one of the kids went somewhere they didn't need to be going. They said they started noticing issues on 7-20. I was going to try and clean it my self and did a little research on the rootkit and decided I needed to ask for some help. I attached the logs from malwarebytes and TDSSkiller. When using TDSSkiller I had it skip trying to "cure" the infection.
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:50 on 24/07/2012 (Elizabeth)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
-=E.O.F=-
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Elizabeth at 14:51:40 on 2012-07-24
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3031.2286 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C... Read more

Answer:Infected with Rootkit.Zaccess/Rootkit.Boot.Pihar.c, Trojan.Dropper.BCMiner

please go ahead and re-run TDSSKiller and allow it to "cure" what it findsNEXTRefer to the ComboFix User's Guide Download ComboFix from the following location:

Link

* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here
Double click on ComboFix.exe & follow the prompts.Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

21 more replies
Relevance 35.26%

I would really appreciate some help from someone with experience with this matter.

Introduction:

Origin: False sense of security by AVG (updated), Windows kept updated, Browser settings, firewall, and self system maintainence.

Presentation: Installed a 2nd HDD (Exclusively for daily backups - ironic!) I did manage to fire off one Backup with win 7 backup including an image, but I doubt it is clean. Then next morning the computer was no longer in WIN7 environment but had rebooted to System Repair Panel, and despite a week of working on the problem with lots of pro and sub-pro advice online and offline, I could not get the startup repair to stop reporting that my code integrety file"C:\ci.dll" was corrupt and it could not help me. I was locked in a loop [boot start->system repair]. Safe mode, bios changes/resets, drive removals rearrangments, win7 orig DVD repair, triple startup repair cycle, replacing ci.dll w/ correct sized version (which simply reverted to "corrupt size on reboot"), restore points, using the one imagefile i had made .... no help - all roads lead to the sys rec panel.

B.T.W. SafeMode would halt boot at driver #5 "CLFS.sys" to enter system recovery console.

Positive (hopefully) Headway I've Made: I researched the details of the component library ci.dll and looked for a vulenerability or weakness I could exploit to avoid the error, and I learned it doesn't lend it's function set during kernel debug mode and unsigned d... Read more

Answer:Require (Rootkit.TDSS.TDL4) Rootkit Removal & Cleanup walkthrough

Mike,

You need Jacee and/or Corinne's help with this - they are our resident security MVP's. No doubt they will see this, but I'll drop them a message and ask them to have a look at this for you.

Regards,
Golden

9 more replies
Relevance 35.26%

Hi,Since Friday my computer started to run slow and kept crashing. I also noticed it would redirect Google searches to various webpages and not the actual link it was meant to...I have McAfee Security Centre (updated daily), so ran a scan. It revealed some trojans, namely "Spy-Agent.bw!mem, DNSChanger!ba and Generic FakeAlert!cd". Some of it was removed/quarantined while 1 or 2 files couldnt be fixed by McAfee.I then ran MBAM which managed to clear everything. Here is the log from then (28th Aug):[/color][/color]-----------------------------------------------------------------------------------------------------------------------------------------------Malwarebytes' Anti-Malware 1.40Database version: 2709Windows 5.1.2600 Service Pack 328/08/2009 18:07:25mbam-log-2009-08-28 (18-07-25).txtScan type: Full Scan (C:\|)Objects scanned: 165024Time elapsed: 36 minute(s), 47 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 6Registry Values Infected: 1Registry Data Items Infected: 2Folders Infected: 1Files Infected: 12Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\C... Read more

Answer:Infected with Google redirect & Rootkit TDSS and Rootkit.Agent/Gen-Rustock[KBI]

UPDATE:Did an online scan with Eset, it reported the following: C:\Documents and Settings\Amit Sinha\Application Data\Sun\Java\Deployment\cache\6.0\56\3c28cc78-2a20046a probably a variant of Win32/Agent trojan deleted - quarantinedSo lloks like there are still some remanents...Anyone?===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are... Read more

4 more replies
Relevance 35.26%

On Feb 14th, I posted about a rootkit that is on my system HERE in the 'Am I infected" section. It has been a very long time since I have been here, but I believe you used to have to post there first and only ended up here once someone started helping you, but I truely can't recall. Should I leave that where it is and wait for a reply there? or can that post be moved here? can the topics be merged? or should I repost my issue here and delete that post? I apologize that I am so out of touch with forum protocol here, but on the other hand, I don't want to waste anyone's time by posting in the wrong place and clogging up the wrong queue.I do have a nasty version PRAGMA Rootkit (Win32/Rootkit.Kryptik.AZ trojan) TDSS Variant. All other infections have been removed, and I believe the bulk of the rootkit has been disabled. I *think* I just need to drop a custom script into ComboFix or Avenger2 to finish the removal; however, I am not sure because I haven't seen a piece of malware this resiliant in years.The following scans have been run and their logs are saved and available for posting:DDSGMERRkillCombofixRootRepealHijackThisMBAMESET Online ScanFSecure Online ScanSuperAntiSpywareAvast Boot ScanAs well as a manually created record of all self deleted registry keys related to PRAGMA.The bulk of the pertinent information (at least what I *think* is pertinent) is in the original thread linked above with the exception of the GMER info on the rootkit.Please advis... Read more

Answer:PRAGMA Rootkit (Win32/Rootkit.Kryptik.AZ trojan) TDSS Variant

Post removed due to Crossposts

28 more replies
Relevance 35.26%

Hi guys.
I am having serious trouble removing what seems like two visuses from my laptop. When they first attacked they shut down wireless netowrking, and then proceeded to start blocking all my antivirus.

I went through the READ & RUN ME FIRST Malware Removal Guide and the Windows XP Cleaning Procedure, and here are the results. I'm afraid to use a flash drive to get the log off my laptop because it's already infected one of my other computers by transfer via flash memory. Fortunately before the flash was corrupted I was able to save most of the reccomended antivirus software to it and got a lot of it onto the laptop, including MGTools.

- The wireless connection to my laptop is disabled, not by my doing.
- When I attempt to boot to Safe mode (or any non-standard mode) I get a blue screen and failure.
- When I attempt to run Hijack this, Spybot, Combofix.exe, etc. I get an error telling me it is not a valid win32 application
- When I attempt to run the MGTools analyse.exe from the MGTools folder and using a command prompt it gets half way through and then is shut down
- When I run SuperAntiSpyware it crashes windows with a blue screen reporting problems with srosa.sys
- When I run Malwarebytes it detected and cleaned about 7 bad files, but two remain even after the reccomended reboot:
Rootkit.Bagle C\WINDOWS\system32\drivers\srosa.sys
Rootkit.Agent C\WINDOWS\system32\drivers\hldrr.exe
Both detected during the final heuristic portion of the Ma... Read more

Answer:Rootkit.bagle and Rootkit.Agent - No Internet, No Safe Mode, No Antivirus

Welcome to Major Geeks!

Please try the below doing the below.

Run SuperAntiSpyware


In SUPERAntiSpyware under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options uncheck the below two options
Use Kernel Direct File Access (recommended)
Use Kernel Direct Registry Access (recommended)

Then try doing a new full scan and tell me if it still crashes.

 

14 more replies
Relevance 35.26%

Hello, I was sent here from the Am I Infected Forum by garmanma. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/260361/requesting-virus-help-malware-greenav-and-rootkit-etc/ ~ OBPrior to posting in that forum. I tried to run MBAM, Spybot, Spyunter. The programs would not run at all, I would get an error stating I didn't have appropriate permissions. I downloaded the DDS.scr file and tried to execute a scan. The scan screen popped open for about one second and closed....every program that I try to run will either not run at all, or if it does run, it will close a few seconds into the scan then shut down. If I try to run it again, I'll get an error saying I don't have permission to run that file.I have tried online scans from Bitdefender, Microsoft's OneCare, and one more (forgot the name)...but every online scan shuts down the entire browser. Also, on occasion I get a fake page saying that the webpage I requested has been blocked due to my infections, and links to me to a page regarding GreenAV. I could not run most of the tools in the preparation guide, even after renaming them. However, in the other forum I was able to run a couple of scans before the programs shut down. I was requested to start a new topic here and post the logs that I have. Thanks in advance:I was instructed to download "peek.bat" and run that program and also RootRepeal. The results from both are listed below:Peek.bat Log:Volume in drive C is SQ004214P01Volume Serial Number i... Read more

Answer:Rootkit and Spyware Problems: Antispyware/Antivirus/Rootkit Scanner programs all shut down when executed...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

3 more replies
Relevance 35.26%

Hello to any and all helpers,
I am new to this forum, so please help me follow the rules. I downloaded/ran the scans on the "new instructions" thing and will connect them to this post. 2 wks ago Friday I checked "the official" website of St. Exupery to see if one book was written before the other and up pops McAfee saying it identified 2 instances of the trojan named in the title of this thread. I was already late to class so I closed the window (IE7) and shut down the comuter, hoping it would be better later(bad move!). When I got home.. I'm trying to remember, I believe the computer started up ok to run the scan, somewhere in that day I had to restart several times because it stalled (windows was open but wouldn't do anything). I did run the McAfee scan and delete the trojans, but my computer wouldnt restart fully until the next day, when I discovered that my internet connection would no longer work (it may not have been working right away, I'm sorry I dont remember). It said it was connected but no pages would load. Since then it has not worked, even though I tried to reconfigure the connection (and my IP address). I would say that this is a problem with the modem/router, but my bf's computer is connected to the same and it works fine (this is the computer Im writing from btw, and he has no antivirus and is resolutely against it and so I can do nothing about it. I wanted to try to reestablish my internet connection before starting a thread so that I do... Read more

Answer:NTOSKRNL-HOOK, Generic Rootkit.d!rootkit & NO INTERNET CONNECTION

Hello, Exams+this :)
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the button in the lower left hand corner of your screen.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .

We Need to Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

If this tool helped you, please consider a donation to it'... Read more

19 more replies
Relevance 35.26%

 Attach.zip   4.33KB
  1 downloadsThis was a redirect by OBlossom,Hi Hope you can help. I clicked on a link to a web page that I shouldn't have and got a popup saying I needed to update my Adobe, thinking all was ok! When I did that another popup came and said I may be infected and it wanted me to click on their link. Which I didn't, instead I tried closing the windows, even with Ctrl-Alt-Del, it wouldn't let me. Then returning to desktop, McAfee said something wanted access and if I allowed. Again, no! The only way out was a reboot, which took some time to shutdown. When the system came back on I got a window saying Google installer had a problem and had to close, never had that before. It did have a "more info" link, which I clicked and a new window opened up saying something about UACD.SYS & WJQS.EXE! I found them in the registry, I knew I had a problem. After running McAfee it said something about NTOSKRNL-HOOK and Generic RootKit.d!RootKit. Needless to say I am here. I would continue to get that popup, about Google Installer needing to close. Also when I did a search and would click on a link I would get the "WindowsClick" and was redirected to another web page. Ok, try to shorten it, I tried a lot and nothing seemed to help. Until I read here and ran ComboFix, it seemed to work! Had to make note of some files "UAC******.dll and one UAC******.dat another was Service_Uac.sys, ... Read more

Answer:NTosKrnl-Hook UACD.SYS WJQS.EXE Generic RootKit.d!RootKit

I just wanted to mention an oddity I've noticed, my msn.com link in favorites keeps disappearing, I've saved it then, it's gone again! I'm not proceeding with anything else until told to do so. Though I do hope to understand this soon and rectify its problems!?thanks again,Hello RikCab,We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.Thank you for understanding.Regards,The weatherman (Moderator)Thanks weatherman, I did just read about that while scanning another's post. I was going to make a note of it here, but you beat me to it, lol. I did try to edit m... Read more

17 more replies
Relevance 35.26%

Dear Folks,

It looks like my computer is infected with Generic Rootkit.d!rootkit (Trojen) - File: NTOSKRNL-HOOK

I use McAfree Antivirus. Whenever I scan, it shows the following log and it says detected 1 and fixed 1.

8/1/2009 10:24:13 PM Scan Started: 08/01/2009 10:24:13 PM
8/1/2009 10:24:59 PM Scan Started: 08/01/2009 10:24:59 PM
8/1/2009 10:25:44 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"
8/1/2009 10:29:00 PM Total objects scanned: 12981
8/1/2009 10:29:00 PM Objects detected: 1
8/1/2009 10:29:00 PM Scan Done: 08/01/2009 10:29:00 PM

Also I get BLUE Screen very often and my system gets rebooted automatically (screenshot attached).

Please help me in resolving this issue.

I downloaded "ComboFix.exe" from your website but didn't run it as I saw many times that I should not be run without the proper instruction / help from Technical Folks.

I'm just waiting for your response. Please help..!!

Thanks in advance.

Cheers,
Siraj

Answer:Generic Rootkit.d!rootkit (Trojen) - File: NTOSKRNL-HOOK

Hi Folks,Thanks for responding for my "Personal Message" from Orange Blossom ~ forum moderator and email from Administrator.As mentioned in the email, I followed the steps mentioned in the following "Preparation Guide For Use Before Using HijackThis and other Malware Removal Tools" which is located @ http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/1. Data Backup - Done2. Verified that my computer is infected by NTOSKRNL-HOOK trojan3. Steps 3, 4 & 5 are also done6. Downloaded DDS and scanned my computer. When I tried to run this scan, I got the warning in the same Command Prompt with the message three times like "Not enough memory to complete the sort.". After that the scan has produced two files (DDS.txt and Attach.txt).7. Responded to my own topic which I've created on Aug 2nd, 2009. Please help me out in resolving this issue ASAP.Please find the log from DDS.txt file which is pasted at the bottom of this message.I'll upload the Attach.txt file, if you want. Please let me know.Problem with my computer is that - I get blue screen often and gets rebooted by itself (I'm loosing all the data). - System hangs when Windows Logon Screen appears (only sometimes); I'm not able to login. I've to hardboot.Just curious: When DDS.scr was scanning, I found that the following EXE files processing in the background in "TASK MANAGER". Please confirm are they genuine.fi.exewregs.exefindstr.exedds.screds.execs... Read more

13 more replies
Relevance 35.26%

A. McAfee scan has found multiple instances of a ?Generic Rootkit.d!rootkit?, which it calls NTOSKRNL-HOOK, and classifies as a Trojan. It has both eliminated and quarantined them.
1) As many as 2 to 5 have been found at once.
2) Once ?removed,? they appear again in no time.
B. McAfee ? Update Error
?An error occurred in updating. Please reinstall these programs:
- McAfee Security Center?
NOT DONE ? Expected to be repetitive.
C. Defrag ? no access
1) Norton Speed Disk won?t start. Error Message:
?An unexpected error occurred while communicating with the Speed Disk Service (NOPDB.EXE). Please exit Speed Disk, restart the Speed Disk Service, and try again. If the problem persists, reinstall Speed Disk.?
Reinstalled Speed Disk. Same result.
2) Windows XP Accessories Disk Defragmenter Error message:
?Disk Defragmenter could not start.?
D. Backup ? presently unable to back up.
1) My backup utility, XXCLONE, will not start. (Last backup was WAY too old.) It returns following Error Message from its initial disk scan:
?The source volume (C:) specified in the command line does not exist, or the volume label does not match. Therefore, it will be ignored.?
2) Windows XP Accessories backup component refused to start as well. Error message:
?The Backup Utility cannot connect to the Removable Storage service. This service is required for use of tape drives and other backup devices. Please exit and start the Removable Storage service using the System Services function of the Management ... Read more

Answer:Hijacked; Generic Rootkit.d!rootkit (NTOSKRNL-HOOK); certainly other probs.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

1 more replies
Relevance 35.26%

well once again my co workers have managed to get something that i cannot remove, last time i had a issue you guys fixed it perfectly and i am here again asking for help, somehow this computer got a virus on it that has been spamming e-mails, because of this our ip has been blacklisted and e-mails we need to go out are not going out ect ect... i would just reformat this machine but it has very specific software on it and i cannot

as far as i know the virus's are called
rootkit-agent, rootkit.protector, and agprotector, here is my DDS.txt and again i hope i have done everything correctly and i hope you can help, thank you again


DDS (Ver_09-12-01.01) - NTFSx86
Run by Big Fox at 15:18:51.93 on Thu 12/03/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.389 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe... Read more

More replies
Relevance 35.26%

I have tried Norton AntiVirus and also Kapersky's TDSSKiller and neither have found any Trojans. However, I know I have one because my whenever I do a google search the results pop up but when I click on something I get redirected to another website via Click.LiveSearchNow (the addresses usually aren't website names, they're random IP addresses to sites). I have attached my logfile from HijackThis below. Any ideas?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:51:54 PM, on 11/25/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Users\Brendan\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Users\Brendan\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Users\Brendan\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Roxi... Read more

Answer:Trojan / Rootkit - Click.LivesearchNow - Not Detected by Rootkit Removers

I'm going to try the Junkware Removal tool since I didn't have any luck with any of the other programs I've seen thus far. I will paste the log when I'm done per the instructions I saw in another thread (see below for those).

Shutdown your antivirus to avoid any conflicts.
Right-mouse click JRT.exe and select Run as administrator
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message

21 more replies
Relevance 34.85%

I need help removing Generic Rootkit.d!rootkit from my computer using Windows 2000. My McAfee virus scanner is erasing it but it keeps coming back. I've tried to run McAfee in Safe Mode but it won't run. I've also tried to install and run Malwarebytes' Anti-Malware but it won't run. I was able to run Stopzilla in Safe Mode but it didn't do anything. Can't get PC Tools to run either.

Any help would be appreciated.

My other 2 laptops were infected also but they utilize Windows XP and I was able to get rid of this trojan/virus on those computers. Right clicked on My Computer and disabled system restore. Then ran Malwarebytes' Anti-Malware program which seemed to do the job.

Looking for something free to download and get rid of this.

Was afraid to try ComboFix.exe due to posts warning about this program

More replies
Relevance 34.85%

Hi,

I am here to ask for help with removing NTOSKRNL-HOOK Generic Rootkit.d!rootkit infection that appears to be redirecting most browser search attempts indicating 'www.clickover.cn' within the url.

I have run DDS and included the resulting .txt and Attach as instructed.

Thank you for your support!

Regards

DDS (Ver_09-06-26.01) - NTFSx86
Run by Norm at 1:38:45.54 on Thu 07/30/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1287 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Spyware Doctor\p... Read more

Answer:Please Help Removing NTOSKRNL-HOOK Generic Rootkit.d!rootkit

Hello and welcome to TSF!

Regarding the rootkit and backdoors in general:

Unfortunatly One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


----

If you wish to continue follow the steps below, otherwise let me know



We are going to start with Combofix.

Download and Run ComboFix

Note to readers of t... Read more

19 more replies
Relevance 34.85%

Earlier tonight, I was apparently infected with the above rootkit. I started to get Symantec AntiVirus notifications that downloaders were being deleted, and Windows Firewall kept popping up asking me if I wanted to block access to different nefarious items, the first being Rootkit.Win32.Agent.PP. I did a google search for this and found this site, in particular, this page. I started to follow the instructions on this page, so I ran MalwareBytes, which found a rootkit, among other things. I also ran the TFC program mentioned next. I rebooted after each of these. However, before doing anything else, I stopped and read the preparation guide for this forum. I next ran DDS and RootRepeal and am attaching the log files to this post.Before running MalwareBytes, I was getting frequent Symantec AntiVirus notifications, and frequent Windows Firewall notifications as mentioned above ("frequent" being 1 every minute or so). After running it and TFC, I have not gotten any more notifications. Upon reboot, though, Symantec AntiVirus reported that there were items it could not remediate after rebooting. So, I'm not entirely sure if I've gotten everything or not. I'm pasting my MalwareBytes log below, and then the DDS log.Thanks in advance for any help you can provide. Just to be safe, I am disconnecting my computer from the network tonight and will check any replies from another computer.-----MalwareBytes log:Malwarebytes' Anti-Malware 1.43Database version: 3485Windows 5.1.2600 Service Pack... Read more

Answer:Rootkit infection (possibly Rootkit.Win32.Agent.PP)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

11 more replies
Relevance 34.85%

Hello,
Malware has been detected on my computer and I cannot seem to to get rid of it. AdAware detected the rootkit specified in the post title, and what sound like radio ads are playing even when I have no programs running. I downloaded and ran the DDS program but the dds.txt file did not generate. The attach.txt file did generate but I can't attach it since I had to write this on my iPad (see below).
I'm trying to give as much information as possible, so here are two more issues that I believe are related:
1. IE was barraged with unrequested cookies from random websites until I changed the settings to reject all cookies. IE and Firefox also now take 1-2 minutes to load a page, and in some cases never load it. This is also what happened when I tried to submit this post from my computer (I'm now typing this on my iPad).
2. McAfee has blocked about 25 executions of svchost.exe as mass mailing worms. I can upload that log file if needed.
Please help me get rid of the malware on my computer, and adjust my settings to increase security and prevent future infections.
Thank you!

Answer:Rootkit detected [Rootkit.MBR.Mayachok.B (Boot image)]

Hello, I am a Computer Software Technician. I will help with your rootkit. There is a few different solutions to your rootkit. (I GAVE EXTRA INFO TO HELP YOUR COMPUTER SPEED INCREASE.)
 
1. Install and Run TDSS Killer (download from bleepingcomputer.com)
 
2. Install and Open MalwareBytes DO A THREAT SCAN (malwarebytes.org) download it from there and make sure you go into settings and then detection and protection and set it to scan for rootkits. Fix anything it finds. Restart computer. There is manual ways of removing viruses but that I will not tell you. You can damage your computer. You have to be highly skilled to know what to delete.
 
3. Run Hitman Pro (download from surfright.nl) and delete what it finds and restart your computer. It will find what Malwarebytes did not. If anything was not found.
 
4. Download from bleepingcomputer.com AdwCleaner and run it and delete anything it finds. That will speed up your computer. Will delete adware and registry issues. Restart Computer
 
5. Download CCleaner free version from piriform.com. Run the cleaner and registry cleaner and delete everything it finds.
 
6. Click the Start Orb type run in the search box and click it. Type temp and clear everything out of that folder and then repeat opening run and type %temp% and delete everything in that folder. Run once more and type prefetch and delete everything in that folder. Restart computer. This will speed up your computer as well. MalwareBytes may hav... Read more

8 more replies
Relevance 34.85%

Hello! I believe my computer has an infection, and I'm not sure what it is or how to get rid of it. Hopefully I have followed the log and posting instructions carefully as I would like to avoid any delays and try to resolve this as soon as possible.What my computer is doing:It's slower than normal, but the big thing that seems to have started on Saturday 12/12/09 is that whenever I log into my eBay and PayPal account, the next page I'm directed to is a Fraud Prevention page asking me to submit a ton of personal and financial information, everything from my SS# to my ATM + PIN number. I am on the official eBay and PayPal website, happens after I log in using my username and password, I see no way to skip it, and no way to get rid of it. This is NOT eBay or PayPal, it's absolutely fake, neither site would ask for such information, there are even spelling errors. You can view a screen shot of the page here:Screenshot of Fake eBay Fraud Prevention PageDoesn't appear every single time, but often enough throughout the following day (today), at least 5-6 times out of 10. I have several eBay listings currently listed, eBay and PayPal are both important to me.What I have done - my computer infoI'm running Windows XP, sp 3, Firefox browser, Dell desktop, wired DSL connection. Only things I have done "prior" to the logs and steps asked by BleepingComputer are: 1. ran a scan with Malwarebytes (4 objects found)2. scanned with Avast antivirus (nothing found) 3. scanned... Read more

Answer:Rootkit infection - MBR Rootkit?? eBay & PayPal affected

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download ComboFix from one of these locations:Link 1Link 2Link 3Important!You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Make sure that you save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow ... Read more

32 more replies
Relevance 34.85%

Yes I've tried running almost every possible program in safe mode to remove this trojan, but everytime I reboot I get either continuious cycle of reoccuring blue screens that reboot the computer or anytime I trying running a program the a physical memory dump occurs and the computer restarts this way. I've been working on this for about 2 weeks now and its really starting to get annoying. Please help.

Answer:Can't remove generic rootkit.d rootkit NTOSKRNL-HOOK

Hello and Welcome to TSF.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 34.85%

I've tried almost everything to get rid of this trojan and I alway end up with one of two results. First either when the computer reboots it automatically reboot through a continous cycle once it hits the window screen. Second, I log onto windows and start to run a program, a physical memory dump occurs. I also think my external hard drive has the virus on it, although none of the hundreds of virus scans I've completed show a virus on the drive. Please give me some insite on what to do. Thanks



DDS (Ver_09-07-30.01) - NTFSx86
Run by paul at 19:41:12.95 on Sat 08/01/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.527 [GMT 4.5:30]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
c:\WINDOWS\system32\ZuneBusEnum.exe ... Read more

Answer:generic rootkit.d rootkit NTOSKRNL-HOOK problems

Hi there,

Looks a lot better, but lets run a few more checks.

1. Please open Notepad Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:


Code:
FileLook::
c:\windows\S0A0D9E6F.tmp
c:\users\paul\cc_20090725_201550.reg

DirLook::
c:\program files\My-Proxy
c:\users\paul\APPLIC~1\lsptttiq
c:\users\NetworkService\Application Data\lsptttiq

RegNull::
[HKEY_USERS\S-1-5-21-436374069-1715567821-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{52432C9E-AC35-115A-59A8-20D2B4352033}*]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

RegLockDel::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{d620a955-eb2d-4b83-8024-1840b1f2d536}]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.



5. After reboot, (in case it asks to reboot), please post the Combofix.txt report into your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download RegQuery by Noviciate to your desktopCopy the following registry keypath by highlighting the text an pressing CTRL and C at the same time
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogonDouble click RegQuery.exe to run the program
Paste the text you have copied using CRTL and V, into the textbox
Cli... Read more

5 more replies
Relevance 34.85%

Currently system shows to have ntoskrnl-hook - generic rootkit.d!rootkit 5. The only AV that seems to detect it is Mcafee. It states that it has removed it and it keeps coming back. System restore is off. The different scans I have ran have seemed to taken most of it out but it just starts over and infects more. Below are the reports. Thanks for any and all help in advance. Below is DDS and I have attached the other DDS "Attach" and the RootRepeal report "ark".
DDS (Ver_09-07-30.01) - NTFSx86
Run by Bryan Miller at 20:30:32.37 on Tue 08/18/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.399 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft Offi... Read more

Answer:Infected with ntoskrnl-hook - generic rootkit.d!rootkit 5

Hello.One of the infection is a rootkit.Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?Although the rootkit has been identified and may be removed, your PC has l... Read more

11 more replies
Relevance 34.85%

64 bit, Windows 7I was having issues with youtube. Streaming was very slow and would often times stop altogether. At first, I thought I had an issue with flash player and so I uninstalled it, installed it again, and checked on updates. I still had the same issues.I ran Spyware Doctor and Malwarebytes to see if the issue was malware. Previously, when I ran either program, it would show a lot of infections, but now there were none. I then thought that it could be a browser issue so I downloaded Google Chrome. Though it downloaded, Google Chrome would not open any sites. I got an error code. This is what it says:"This webpage is not available. The webpage at http://google.com/ might be temporarily down or it may have been moved permanently to a new web address. Error 102 (net::ERR_CONNECTION_REFUSED): Unknown error."It said a couple of times that I wasn't connected to the server, but to me that didn't make sense because I was online and surf the web with Firefox.I downloaded other types of anti virus and malware programs to see if it would help. This is a list: spybots, ad aware, bitdefender, avg, kaspersky.None downloaded. I received messages saying that the files were corrupted. There would be a bunch of programs opening while doing this. They were moving so fast so I couldn't catch any of them.I tried to do online scans. Those didn't work either. Same message.I tried to download these programs in safe mode with networks. They did not download. I trie... Read more

More replies
Relevance 34.44%
Question: from bad to worse

please help-got a new laptop trying to use the wi fi.there is no wireless connection icon any where.maybe there no driver,im guessing. do i need to use the disc that came with my router.my other laptop works fine.maybe i need to use another keycode,i dont know please help.thanks

Answer:from bad to worse

I think you're already running a thread on this: click herePlease don't double-post.

1 more replies
Relevance 34.44%
Question: Bad to Worse.

Hi all,  So not only does the Control Panel on my T520's nVidia card fail to work, but safe mode doesn't either. It gets stuck in a reboot loop for memory reasons. Using last known boot configuration I can get it to boot normally but the networking cards/drivers don't work. They are detected in Windows 7 but ipconfig only gives the Tunneling adapters.  Any ideas? Or should I just send it in for servicing?













Solved!

Go to Solution.

Answer:Bad to Worse.

Hi kingofthering
 
If you need to use the machine temporary or to ensure your Nvidia GPU is defect, you could change the graphics settings in the BIOS to Integrated Graphics.
 
If you are not technical savvy or / and wish to save the hassle, it's probably good to send it in for servicing.
Have a nice day!
Peter
W520 (4284-A99)
Does someone?s post help you? Give them kudos as a reward, as they will do better to improve | Mark it as solved if the solution works for you, so it could be reference for others in the future
=====================================
Sound Enthusiast and Enhancement (Post comments, share mixes, etc.)
http://forums.lenovo.com/t5/General-Discussion/Dol?by-Home-Theater-v4-for-most-Lenovo-Laptops/td-p/6...
http://forums.lenovo.com/t5/IdeaPad-Slate-Tablets/?IdeaPad-Tablet-Sound-Enhancement-Thread/td-p/7150

9 more replies
Relevance 34.44%

Hi. I hate to be a nooge, but I posted a problem I had a week ago with a single search term being redirected in Google -- only that one search term was redirected. That much has stayed constant -- I've been using Google all week and only that one search term is redirected. My post has dropped down to page 12 and I think it's pretty much off the grid by now.Tonight I tried to run Hostsman to update my Hosts file and Avast! immediately put up the Warning notice that:12/2/2009 11:40:42 PM SYSTEM 2016 Sign of "Win32:Delf-MZG [Trj]" has been found in "C:\Program Files\HostsMan\hm.exe" file.I quarantined the file, but now I'm very concerned. When it was just the one redirect it was interesting, but this has me a bit panicked.I've copied last week's post here.Can anyone help?EDIT: Okay, it looks like Avast! may be reporting false positives right now with virus database 091203-0, the one I'm using right now, according to what I read in the various forums. I'll keep a good thought, anyway.But my redirect problem IS still there, and I'd like to get to the bottom of it, if anyone can help. Thanks!Hello again -- I was here with a severe problem about a year ago. It took several weeks, and a lot of help, but I got cleaned.I also learned a few things. I have since installed the NoScript and Cookie Whitelist addons to Firefox, I installed the free version of ZoneAlarm, and I installed a Hosts file manage... Read more

More replies
Relevance 34.44%

Like all AOL software, I'm wondering if the new AIM version is worse than the previous. Has anyone tried it yet?

It seems to have a lot of the features that AIM mods have introduced. I use DeadAIM myself, and have loved it for years. I tend to like things minimal. I've tried GAIM and Trillian, but I only use AIM, and GAIM messes up direct connections and profiles. I've tried AIMutation (sp?) and didn't like it much either.

What do you guys think?
 

Answer:AIM 6: worse because it's new?

i like it, but alot of people don't.
you just have to tweak it to the way you want it.
 

3 more replies
Relevance 34.44%

Ok my computer has been progressivly getting worse becuase before i wasnt able to enter my control panel becuase explorer would just crash. And now i started up my computer and restarted a couple of times and i cannot see my tool bar(the one with the start button) and my cousin is bringing my xp disk christmas.. what can i do in the meantime? oh and when i click my windows key it doesnt do anything.

Answer:it just got worse...

looks like a virus to me
what antivirus program are you using? and is it up to date?

9 more replies
Relevance 34.44%

I have a virus on my computer in which my Windows Defender warning pops up every few minutes I remove it and it keeps coming back. I am also getting lots of internet pop-up ads. Please help before I throw my lap top out of my window. I ran hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:47 PM, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Softw... Read more

Answer:Please help! It's getting worse

it is:
browser modifier: win32/fotomoto
 

2 more replies
Relevance 34.44%

I've had 10 for a few months now. During that time I've had several automatic updates. Most have been unnoticeable, a few others were anti productive. The first and the last (two days ago) have been horrible. When I first downloaded 10 I immediately lost my CD/DVD drive. No matter where I look my computer can't find the old one. It also disabled sound from anything I recorded. The latest update is making me log in if I leave the computer for more than a couple of minutes. It also makes me wait before the log in window pops up. I'm beginning to think that switching from 8 to 10 was not a good decision.

Answer:Just when you think it can't be worse!

Would you consider doing an in-place upgrade install, also known as Repair install ?
Repair Install Windows 10 with an In-place Upgrade

0 more replies
Relevance 34.44%

I've been trying to fix this computer for several days now, and it keeps getting worse instead of better

I know from my Ad-Aware scans that it has coolwebsearch on it, but CWShredder doesnt find anything wrong when I run it. ad-Aware does and keeps fixing it, but it's back within seconds. I've also run spybot search, about buster, and pest patrol. My HJT logs are getting worse, not better.

I would be much obliged if someone could help me; I can't figure out what else to do.
Thanks!
-Vanessa

Here is my HJT log, let me know what if anything else will help.

Logfile of HijackThis v1.97.7
Scan saved at 11:41:07 PM, on 2/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program... Read more

Answer:It's Getting Worse....

I downloaded the newer version of HJT...new log file is:

Logfile of HijackThis v1.99.0
Scan saved at 12:13:41 AM, on 2/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\iety.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\msbo32.exe
C:\DOCUME~1\ness\LOCALS~1\Temp\Temporary Directory 9 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system... Read more

3 more replies
Relevance 34.44%

Hi,
I made a post about my windows 7 explorer crashing, it seem to only happen when I move files from my internal to my external hard drive. it was still happening, nothing i tried fixed it.but NOW its gotten worse. Its crashing on a loop...every single second.this happens as SOON as I SIGN ON...in seconds it crashing and looping
and I cannot do a thing but use my internet...I get a message that tells me my program
fences (stardock program) has detected that there is problem with 7, and it disables itself, Then windows7 explorer crashes. sends info. then restarts...If I start a video or a program before it closes (which is seconds) then it will run. I have been up for HOURS trying to get this solved. I have NO clue what is going on. I ran Anti-Spyware free edition, found 8 harmful things, had them deleted. I also ran my microsoft essentials...BEFORE that..and it Finds nothing...it NEVER does. but anti does...that confuses me.

SO what is going on? what do I do? PLEASE anyone, I am computer illiterate...
I have windows 7 (genuine)
32bit home premium.
I was tryng to get the rest of the info. but I can't as the explorer is completely locked up as I type this...please help I am so frustrated, I want to make Bill Gates come fix my computer lol...who has his number!?
ASLO! After it crashes and re-opens it keeps bringing up the c drive file location library? every single time, so now i have a list of these file locations open...also I JUST get a message saying that my firewall is... Read more

Answer:Oh no its worse! Help!

Can you get into Safe mode instead? If so, does it happen in safe mode?
Safe Mode

EdiT:--------------------------------------
Do you have a system restore point you can revert to?
http://www.sevenforums.com/tutorials/700-system-restore.html

Oops sorry just read last line of your post.

9 more replies
Relevance 34.44%

Just a curiosity question. I found an old AMD K6 chip in a scrap computer.
I would like to know if it is better/faster than my "Cyrix Instead" with MMX?
Both I think are 266's and socket 7.......

It's for my first PC that is now used for solitaire and surfing the net...

And what steps, if any, should I do to swap them, if the K-6 turns out better?
 

Answer:Better/Worse? Two old CPU's for old PC..

10 more replies
Relevance 34.44%
Question: bad to worse

Now I'm getting a little spooked.First it was just some irritating re-directs from Google searchers.Then multiple windows began propagating, sometimes blaring music, voices, phone sounds.Then, trying to work my way through the instructions in the preparation guide, I discovered that attempting to run the gmer.exe crashed me, locked up the processor, prevented me to restarting, the whole thing.Now, my touchpad has stopped responding. I uninstalled and restarted to replace the driver, but no effect. I am having to use a USB mouse, which works OK, but has not improved the touchpad.What's next?!Just curious. A question, for those of you who have experience with this forum--how long does it usually take to get help? Should I assume that all topics are addressed eventually, as folks find time? If I have failed to supply some bit of information, or violated some etiquette, I'd rather know, make my amends and start over that wait on the sidelines longer than necessary.Or should I just throw this piece-of-crap netbook out the window and get a real machine?

Answer:bad to worse

Hello pfosinger,It's hard to say how long it will take for a topic to get picked up. I know how frustrating it is when your computer isn't working properly. Let me assure you that your topic isn't lost, forgotten, or ignored. We work with hundreds of logs every day, so we have devised a means of seeing only those topics that don't have responses yet. At the moment, we have nearly 300 unanswered topics, the oldest dated Aug. 26, 2010 at 5:14 pm Eastern Daylight Savings time in the U.S.A. Your log topic is dated Aug. 30 2010 at 10:00 pm using the same time zone.Our volunteer MRT team members have various levels of expertise and training, so while we try to take the oldest DDS/HJT logs, it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us would want someone to assist you who is not familiar with your issue and attempt to fix it.Please be patient. It may take a few more days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.Orange ... Read more

2 more replies
Relevance 34.44%

I have been workin on this for several days now and I am at my wits end. I am attaching my Bitdefender log and an HJT log. I have followed all of the instructions in the "Before Posting" page. And should tell you the following. My Add/Remove programs hasn't worked in years so when necessary I use the free trials downloadable from various places.
When I try and run Microsoft Windows Defender it says I need to perform an upgrade, and will not open.
I tried running Pandascan this morning and waited for over two hours and it never did complete downloading.
As I mentioned, I am at my wits end and believe it's time for some help.
Thanks
 

Answer:The more I try the worse it gets! I need Help!

Welcome to Majorgeeks!

You did not attach your HJT log. Make sure you follow all instructions in step 7 properly and then attach your HJT log.

You should look at your Bitdefender log (change the .txt to .html and then double click on it and you can see it in your browser) You need to delete those items it is pointing out in your email.

Is your copy of Windows licensed to you and has it been activated with Microsoft?

What happens when you try to use Add/Remove programs? Be specific.
 

9 more replies
Relevance 34.44%
Question: It could be worse

I come to this forum and read all the time in search of knowledge . With the reading and help of the fine people here I have fixed many problems . Some posts I have read complain about a program taking a minute to start up . Some complain about a slow boot up . Well when I said it could be worse I found one that couldn't be . Uncle brought his PC out to me to see iffin I could make it work for him . HP Pailion with 128 ram and XP Home . Hooked it up to my monitor and turned it on . One hour and 15 minutes later I could finally do something . First thing I attempted to do was run defrag . It took 15 minutes for the menue to work enough to let me click on defrag and another 29 minutes to open defrag . Now I have it open and click on derag to run , 7 hours later it finished . Pc Was still slow . A bit better but not much . Started to empty temp folders . One temp folder took 15 minutes to empty . Emptied all the temp folders and the history then deleated some programs . Only deleted 3 small programs but with them and the temp folders I regained 17 gigs of hard drive . Did another defrag and this time it went much faster . Then I started on malware and viruses . Did the ususal scans I learned from here and took a bunch of them out . Got to the point that the PC was healthy again . Took out the 128 megs of ram and replaced it with 512 which is the max for this HP . Now it is running very smooth and probably as fast as it ever will . So when you think you are running slow do t... Read more

More replies
Relevance 34.44%

Hi,

I just wanted to start by saying a very big thankyou to all of you that help people on this forum. It is very generous of you and it is appreciated.

I have been infected by this fake security application that says "Windows Security has found critical process activity on your system". It keeps redirecting our web searches. In safe mode I have ran malware bytes, super anti spyware and created a hijack this log all before finding this forum. Both these scans found problems initially however upon following the instructions of this forum no more were found. I tightened up my zonealarm resetting it to default and searching programs that try to run as they popped up, mshta.exe was one of the programs.

I have followed the instruction on this web site to the best of my knowledge and i will attach the logs of the various scans. All scans went well except for the combo fix scan that ran through to stage 50, flashed a page suggesting it was deleting files and then restarted my computer. I repeated it with the same result.

I now have a message that says "SQL Server could not find the default instance (MSSQLSERVER) - please specify the name of an existing instance on the invocation of sqlservr.exe." whenever i start my computer and it takes a long time before all the applications are loaded and ready to be accessed. It seems to run faster if the internet is turned off?

I am posting this from another computer.


Here are the logs - Thankyou for yo... Read more

Answer:Please Help, its getting worse

I am not seeing much in the way of malware on your system. Let's do this and see where you are after:

Download The Avenger by Swandog469, and save it to your Desktop.

* Extract+ avenger.exe from the Zip file and save it to your desktop

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present --Unless you set this.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present --Unless you set this.Click to expand...

After clicking Fix, exit HJT.

* Run avenger.exe by double-clicking on it.
* -Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:



Files to delete:
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Ta... Read more

5 more replies
Relevance 34.44%

I tried to run a payment on a website and the submit button did nothing but make the cursor blink which it still is.  I looked under inspect Element and there was a JS file that downloaded.  I looked at it and it looked fishy.  I tried to run the normal cleaning techniques (ADW Cleaner, JRT, RKiill etc) and they all returned a messagge. "the service cannot accept control messages at this time "
 
It is slowly getting worse by the minute so I am not sure that this will even get to someone in tim,e cause I know u guys are backed up but if possible I dont know what to do I tried to use msconfig.exe , and the search functions to get safe mode to work but I just get either nothing happening or the same message.  I am afraid that if I turn off the computer to shift into safe mode that it will loack up..  Any helop would be appreciated.

Answer:I have something bad going on and ts getting worse byt the second

Sorry, but it seems that your pc is infected with a virus or malware which is going to take some more work and a deeper look. No sense running a bunch of tools here.Please follow this Preparation Guide, post in a new topic and include a link to this thread.Let me know if all went well.

3 more replies
Relevance 34.44%

Sorry to be such a bother but this problem is driving me bonkers!
Every turn develops into a new drama-here's the situation so far-

(1.) When I go to click on a program (any program) my computer either immediately or soon afterwards pops up a window that says "program error-process has already been exited-has generated errors and will be closed by windows. You will need to restart the program. An error log is being created." Of course restarting the process only sends me in circles-the same thing continues to happen-sometimes, obviously, I'm able to start the program but usually during the course of operation the "program error" window pops up and it's back to musical chairs again!
My system is, O/S Windows 2000 Pro, P4-1.6GHz 400MHz/P4FAN (P4-1600AR), Motherboard-D850MVL -MB Intel D850MV w/LAN, Rambus 256MB (2).

(2.) Now if I didn't already have enough problems I've apparently been infected with the Fortnight.E virus-it gets worse, in turn, I infected my ex-wife with the virus via an email (well, I'm sure you can imagine my situation-it would be better to have my nipples dipped in honey and dangled over a pool of hungry piranhas-she's pissed! Of course, the fact that the virus installed porno weblinks into her favorite file made matters even more unbearable-you'd think she was a nun or something! At any rate,
I have run a Panda On-Line AV-Scan-several Norton AV scans-SpyBot, Ad-Aware and SpySweeper-nothing works!
... Read more

Answer:Sos....from Bad 2 Worse!

6 more replies
Relevance 34.44%

 Can anyone help??? It all started when I installed a new game (well new for my old PC) the other day, when ever I tried to load it, once it got past the intro video it just returned to the desktop, most of the time, it did occasionally work. So I went to look on the web for advice and was told to update my sound and video drivers. My PC is an old PII 350 with windows 98. I went to ATI and downloaded what it said was the latest driver for my card, now when the game does play the colours are all wrong and blocky (I have also updated direct X above the one the game needs). So I tried a sligthly older driver, which was even worse, so I put the newer one back on. To add to this the company who made my sound card (Aureal) have gone out of business, so don't give drivers now. I have found on another page what was supposed to the the latest driver they did release, but when I load the diagnostic tool on my computer (some sort of direct X thing) when I test the sound, it says there is a fault there too. It seems that what ever I try to do, the thing just gets worse, I am starting to think about getting another PC, but when it works, it does everything I need. Does anyone have and advice how I should try and fix all this? Thanks James

Answer:It just keeps getting worse

Did you simply overwrite the videocard drivers? If yes, you may wish to thoroughly clean your computer by uninstalling them and running a program such Advanced System Optimizer V2 or Advanced Uninstaller Pro 2004 There is also a useful tool that removes drivers for you.. I'll get back to you on that once I recall the name. Even though your soundcard manufacturer has gone out of business, use Google to search for drivers. There is quite a high chance of still finding them.As for DirectX, see to it that you have the latest version from Mirosoft.Buying a new PC will not solve your problems. It is not the PC's fault, it is the users fault. Your problems will just start anew if you donot know what you're doing.

1 more replies
Relevance 34.44%

Hello, I never write posts to ask questions when it comes computers, but this time I saw myself having to do so.
I have had many problems recently, and it just got to the point where stuff just doesnt work anymore.
I upgraded to Win 10 about 10 days after its launch. I loved it. I had that often problem everyone had but I could solve it.
About 20 days ago, everything worked greatly. Then, I don't remember what exactly happened, but all of a sudden I couldn't access the Groove Music App. Then I realized I couldnt open any other Windows built in apps, not even store worked. However, Edge and apps like calendar for some reason do work. So in an attempt to repair this, I messed up the Appdata folders's permissions. I had recently installed this context menu button when I right clicked, that let me take ownership of a folder, so I took the ownership "administrators."
Then, the hidden items check box in the View Tab on Explorer suddenly unchecked itself when I checked it. I looked up online and there it said it had to do with the Administrator account, but hell, I am the admin account on my PC, so this just didnt make sense. Then I read a simple reboot would help, so I rebooted and it was fixed.
This is where I mention my recent installs. Around the time, I installed this now piece of software on my pc, and this software was Bit defender Total Security. I had replaced my previous antivirus, Avast Internet Security, with this. Now, I highly doubt this program contributed to this in ... Read more

Answer:Help! My pc is getting worse

That last part went wrong somehow, here are the links:
click here
href
10-windowsstore/store-not-opening-in-windows-10-this-app-cant-open/c0de1565-9c33-4604-a1cd-b4ce18b72117?page=2&auth=1
10-windowsstore/windows-10-app-store-will-not-run-cannt-add-a-user/682d6bd8-39ae-4ee4-b0fc-c19027b44552?rtAction=1444233209744&auth=1
storeandappswontopenreregistering/
1-windowsstore/windows-store-app-not-opening-in-windows-81/9882357f-ae86-4e4d-ba37-209aa960063c

7 more replies
Relevance 34.44%
Question: Getting worse

I followed your advise to rid my computer of a BHO and virus (red circle w/white X in system tray). Now my computer takes 20 minutes to boot, asks what mode to load in, (safe, normal, MS-DOS, etc), and only loads in 640 x 480 video. I've also lost the printer driver.

Logfile of HijackThis v1.99.1
Scan saved at 12:49:56 PM, on 12/12/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\ATIPTAAB.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant ... Read more

Answer:Getting worse

hi, welcome to TSG.
you don't appear to have a firewall, even if you have a router you still need
a software frewall, downlaod the one from the link below!
Filseclab Personal Firewall Professional Edition

http://www.filseclab.com/eng/download/downloads.htm

http://www.wilderssecurity.com/showthread.php?t=92710
Download the pocket killbox

http://www.bleepingcomputer.com/files/killbox.php
Download A2

http://www.emsisoft.com/en/software/free/

update A2 and run a full scan.
*Download Cleanup from Here

http://www.stevengould.org/software/cleanup/download.html

* A window will open and choose SAVE, then DESKTOP as the destination.
* On your Desktop, click on Cleanup40.exe icon.
* Then, click RUN and place a checkmark beside "I Agree"
* Then click NEXT followed by START and OK.
* A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
* Click OK
* run cleanup

have hijack this fix these entries. close all browsers and programmes before
clicking FIX.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Ex... Read more

1 more replies
Relevance 34.44%

I've had 10 for a few months now. During that time I've had several automatic updates. Most have been unnoticeable, a few others were anti productive. The first and the last (two days ago) have been horrible. When I first downloaded 10 I immediately lost my CD/DVD drive. No matter where I look my computer can't find the old one. It also disabled sound from anything I recorded. The latest update is making me log in if I leave the computer for more than a couple of minutes. It also makes me wait before the log in window pops up. I'm beginning to think that switching from 8 to 10 was not a good decision.

Answer:Just when you think it can't be worse!

Would you consider doing an in-place upgrade install, also known as Repair install ?
Repair Install Windows 10 with an In-place Upgrade

9 more replies
Relevance 34.44%
Question: From Bad to Worse

Hello to all the experts here at Bleeping Computers.

I was in the process of following your steps from the "Preparation Guide" when my computer decided to crash big time.
Initially I had my homepage hijacked by something called start.search.us. That by itself didn't seem to be a big deal. I was proceeding through the steps and made it to step 8 (Create a GMER Log). Approximately 5 minutes into the scan my entire screen went all screwy. It looked like the GMER scan program filled the screen and scrambled itself.

Now my computer won't work at all. After a restart, the computer locks up on the black screen with the green progress bar (Microsoft Corp underneath). I tried a safe mode reboot but it stops loading at the following line of text, "Windows\System32\Drivers\avgidshx.sys" This was the same line of text that was being scanned during the GMER scan.

After another restart (so many I lost count) my computer reads the following, "Windows failed to start. A recent hardware or software change might be the cause. To fix the problem:...." Several options are listed but even after inserting the original operating disc to repair, I can't get past the green progress bar thing.

Help!!! I'm moments away from turning this laptop into a very unaerodynamic flying brick.

(I'm typing this on my wife's Macbook, in case anyone was wondering how I could post)

More replies
Relevance 34.44%

i now cannot access my e-mail since doing an update every time i click on the e-mail icon nothing happens its just blank, nutty norm again

Answer:its seems to get worse

What email icon?????????????

3 more replies
Relevance 34.44%
Question: It's worse

my computer has been acting up for awhile running really slow, but now it's started this trick of adjusting the screen every little bit. It either moves up or down. It changes the sizes of the window as well. Then i noticed down at the bottom in the task bar, a button appears for just a second with a little icon in it. Then it disappears before i can do anything. Now, my email has started bouncing and i can't get outlook express to connect. Also, i was kicked off yahoo messenger and then all i could get was page cannot be displayed on even my home page. Here is my HJT log. I would appreciate your help.

Demi

Logfile of HijackThis v1.99.1
Scan saved at 1:01:23 AM, on 3/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Dig... Read more

Answer:It's worse

6 more replies
Relevance 34.44%
Question: Gotten Worse...

I know i posted about it a couple days ago with my computer going down the pooper. Well it was running real smooth untill recently. i had lots of disk drive space open now today it says i have 55.6GB of free space now i have a total of 74.5. I have been running virus protectors and spyware programs but its not working and there are icons showing up on my desktop that i cannot get rid of.... Do i have to re install windows or something? Sorry to ask again but i need help. Also i forgot to mention in my add remove programs there is a new program called search plug in and also micromedia flash player which im unfimiliar with and they are the biggest files in there.
 

Answer:Gotten Worse...

Please don't start a new thread for the same issue

If you are not getting any responses bump the original back to the top by simply posting to it...

here's the oiriginal... http://forums.techguy.org/t313054.html

closing this one

buck
 

1 more replies
Relevance 34.44%

new note pad mesgwhen I boot up.
[.ShellClassInfo]
[email protected]%SystemRoot%\system32\shell32.dll,-21787

I get this on start up and firefox is giving me an error

Well, this is embarrassing.

Firefox is having trouble recovering your windows and tabs. This is usually caused by a recently opened web page
Can any one help me out?

Thank you so much
 

More replies
Relevance 34.44%
Question: Bad to Worse

Friends,

It appears my browser (IE/XPpro non-sp2) has been hijacked - at boot time I get an IE page that advertises WinAnti-Virus and demands I purchase. I can close the window and continue, but there are 37 processes running and the drive is constantly active, where an identical box has 28 processes running. I have downloaded (but not run) all the software you recommend, but apparently nudged the wrong bad actor and now the system won't boot at all. I have backed up some data, but don't want to loose everything if I can help it. I don't know how to use command line recovery and I can't remember the Admin password to use it anyway.

This happened once before and I let the system just run and reboot itself and after about 4 hours it was successful. I have about 4 hours on it now and no luck. I will let it run all night to be sure it doesn't heal itself.

If I reload XP, will all my data still be there?

Things started to go south about 2months ago when McAfee found Vundo and couldn't seem to kill it off.....

thanks, GearHead.
 

Answer:Bad to Worse

Hi GearHead,

Check out this link and try the removal tool from Symantec.

READ ME: Virtumundo Problems/Resolution Threads

Should that fail, I would suggest following the steps here:

READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Best luck
PP
 

2 more replies
Relevance 34.44%

Hi, I have been using PC tools for the last couple of years with no bother. However, when I wanted to put it on my laptop I lost the ability to access the internet. They told me (eventuallY) to reboot using my windows XP home edition disc. having done that I was initially able to access the internet, but I could not open links or download any thing, and now explorer won't open at all, I just get error reporting. Things have gone from bad to worse and I need some help.Thanks

Answer:going from bad to worse

sorry - spyware doctor

2 more replies
Relevance 34.44%

Hey all.
I am loaded with popups. I went through all my prelim scans, booted safe mode, all that jazz. I didn't notice anything for about three minutes, then it all came back. If anything, they just seem to be getting worse. Anyway, here's my log, thank you much for your time.

Logfile of HijackThis v1.97.7
Scan saved at 11:43:05 PM, on 11/27/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\mllcrap.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
C:\WINDOWS\system32\vmss\vmss.exe
C... Read more

Answer:Keeps getting worse.

Hi
You will need to get rid of the Peper Trojan first so run the PeperFix from my list..

After that
Make sure you have already run Adaware, Spybot S & D(check for updates) as these will do a preliminary clean first.Some files below may not be present after running the above programs.

Then....
Turn off your System Restore SEE HERE Reinstate it when your log is cleaned and then create a new restore point.Close your browser window and run hjt in safe mode... HOW TO RUN SAFE MODE and have "Hijack This" fix all the following items by placing a check in the appropriate boxes and selecting "fix checked".
Folders that have been highlighted RED in the log will need to be uninstalled.Check first as some folders maybe uninstalled via the Add/Remove program. Files highlighted in BLACK in the log will need to be removed from your hard drive. Make sure to have your system set to show hidden files and folders.. HOW TO SHOW FILES ..Please post a new log when finished...

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\SearchBar.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O4 - HKLM\..\Run: [W7ABA] c:\documents and settings\... Read more

5 more replies
Relevance 34.44%

dear all, any softwares that can fix this...

3 men go into a hotel for the night. The clerk informs them that it's $30 for the room, so they each take out a $10 bill to pay for the room. So far they paid $30, correct? You with me so far? Good.

A few moment after the men went up to the room, the manager reminds the clerk that there was a special promotion that night, and that the room was only $25. So the clerk gives the bell boy five dollars to bring back to the men. On his way up to the room, the bell boy says. "Hey, I'm not stupid, I'll give each of the man a dollar back and keep two for myself, $5 right, 30-5=25.

Well, since the bell boy gave each man a dollar back, that means each man only paid $9, correct?

Well, the last time I checked, 9x3=27, plus the 2 that the bell boy took makes 29, what happened to the other dollar??????

[This message has been edited by kokaik (edited 07-03-2000).]
 

Answer:the more you think, the worse it gets

7 more replies
Relevance 34.44%
Question: Bad to worse

I posted a previous problem in regards to my computer shutting down at random and suspect virus. It seems things have gone from bad to worse in rapid time. I have lost internet connection, I open a program "regedit" and it closes, same with "msconfig" I cannot boot in safe mode. Suddenly all that was in my "connections" are completely gone, that folder is now blank. I know in the past I have tested your patience here but am throwing myself at your mercy once more. Sorry if this should have been posted with my previous question but I am unsure as to how protocol is.

btw forgot to give the basics.
Winxp
Medion computer.
should be current on updates.
again tia.
 

More replies
Relevance 34.44%

I just finished a download that had some pretty nasty side effects. I am getting a pop up saying "It is recommended to update you antispyware protection to prevent data loss. Please install the most up-to-date antispyware for you" then an ok button. This isn't the only one, there are about 2 or 3 that seem random, none of which seem encouraging at all. Please help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:48:46 PM, on 1/26/2009Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20935)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\LSI SoftModem\agrsmsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\TVersity\Media Server\MediaServer.exeC:\WINDOWS\explorer.exeC:\Program Files\Unlocker\Un... Read more

Answer:pop ups and probably worse

Hi,Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts. Actually, this doesn't suprise me at all.I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!This is somewhat suicidal in today's digital world.That's why I want you to install one first!!* Please install Avira Antivirus: http://www.free-av.com/This is a free Antivirus.Perform a full scan with Avira and let it delete everything it i... Read more

18 more replies
Relevance 34.44%

Is a 635 slower than a 640? Is the camera worse? Is there less internal memory? What are the differences?

Answer:How much worse is a 635 than a 640?

Here's the differences compared to the 640...
The 635...
...has half the RAM, which meant Facebook and Messenger refused to run in my case on W10M, multitasking is less smooth and whatnot. But it works for the basics.
HOWEVER, there are some 635's that have 1 GB of RAM, matching the 640.
...is not supported currently so you won't be getting Windows 10 Mobile easily, although some 635's have indeed been getting it with little effort oddly enough.
...has an inferior, lower-resolution 5 MP camera with no LED flash. (the 640 has a flash and an 8 MP shooter)
...is smaller than the 640.
...does not have a proximity sensor.
...does not have double-tap to wake or Glance.
...has a smaller and lower-resolution display.
...has a smaller battery.
Although the 635 and 640 share the same Snapdragon 400 processor and 8 GB of storage + microSD.
The 640 is the better all-around phone but I your needs are very basic and the 635 is significantly cheaper then the 635 may make sense.

2 more replies
Relevance 34.44%

my topic is here http://www.bleepingcomputer.com/forums/t/134217/virus-and-rootkits/ and it has been a couple days since a reply, and i was told not to reply again until i get a reply from someone to help me. but my computer is now losing the whole task bar whenever i close anything...i can bring up the task manager and see everything there, and i can ALT+TAB between programs and they will come up, but when i press the windows button will not bring up the start menu. the HJT log is in that other topic. thank you for looking

Answer:I Think My Pc Is Getting Worse

Hi dizz15,I know it's frustrating, but please be patient. It may take a while to get a response, because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible.If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".To avoid confusion, I am closing this topic.

1 more replies
Relevance 34.03%

First of all, hello to everyone.
I got infected just like him: http://forums.majorgeeks.com/showthread.php?t=157182
Any anti-malware program finds exactly the same files. Should I proceed the same way? In my case, the rootkit disabled my soundboard.
cheers,
Filipe
 

Answer:Rootkit.Agent and Rootkit.Bugle, yeah I know...

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.
READ & RUN ME FIRST. Malware Removal Guide

If something does not run, write down the info to explain to us later but keep on going.

Do not assume that because one step does not work that they all will not.
Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

 

12 more replies
Relevance 34.03%

Rootkit.TDSS Hacktool.rootkit

just showed up, have not had a problem for a few months. Please Help with removal. and is someone hacking me or is this common virus floating around? THANKS!

Answer:another virus Rootkit.TDSS Hacktool.rootkit

bump

11 more replies
Relevance 34.03%

On startup:

Webroot Spysweeper gives a popup error:
"The installation has been damaged. Please reinstall the product. (105)

Followed by another popup error:
The connection to the program engine has been lost or terminated.
The program will now close and restart.
If you experience and problems please contact ....

MCAfee Security Center gives a popup error:
McAfee Virus Scan On Demand Scan has encountered a problem and needs to close. We are sorry for the inconvience ....

Followed by another popup error:
Scanning has encountered a problem from which it can not recover.
Here are the problem details:
-Error getting scan progress.
When finished you will return to the home window.

After startup:

1. I can not launch Spysweeper at all.
2. I can open McAfee and can sometimes run a scan which reports:
NTOSKRNL-HOOK Generic Rootkit.d!rootkit
3. Google searches return entries which are redirected to different sites when selected.

I was able to complete a DDS scan but not the GMER scan which would not open a user window once I downloaded it and unzipped it. It did run in the background and I could not find an ark file.

DDS (Ver_09-07-30.01) - NTFSx86
Run by warrenb at 15:42:18.87 on Tue 08/18/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.535 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FA... Read more

Answer:NTOSKRNL-HOOK Generic Rootkit.d!rootkit

Hello.

Try RootRepeal instead:

Download and run RootRepeal CR

Please download RootRepeal from the following location and save it to your desktop.
Direct Download (Recommended)Primary Mirror
Secondary Mirror
Secondary Mirror
Secondary Mirror

Zip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)Primary Mirror
Secondary Mirror
Secondary Mirror

Unzip the RootRepeal.zip file it to it's own folder. (If you did not use the "Direct Download" mirror to download RootRepeal).
Close/Disable all other programs especially your security programs (anti-spyware, anti-virus, and firewall) Refer to this page, if you are unsure how.
Physically disconnect your machine from the internet as your system will be unprotected.
Double-click on RootRepeal.exe to run it. If you are using Vista, please right-click and run as Administrator...
Click the tab at the bottom.
Now press the button.
A box will pop up, check the boxes beside All Seven options/scan area

Now click OK.
Another box will open, check the boxes beside all the drives, eg : C:\, then click OK.
The scan will take a little while to run, so let it go unhindered.
Once it is done, click the Save Report button.
Save it as RepealScan and save it to your desktop
Reconnect to the internet.
Post the contents of that log in your reply please.

~Extremeboy

15 more replies
Relevance 34.03%

Hello,Boopme directed me to this forum section, and instructed me to post the following logs. The first two are MBAM logs, and the last is a RootRepeal log. His parting statement goes as follows:You have a rootkit.As there are some new variants of rootkits in the wild right now that will require custom scripts to remove the infection, the process must be completed by HJT team member.Failure to follow the proper removal process can and will cause serious damage to a machine. Recovery of the machine may be difficult, if not impossible. Please follow this guide. Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.Let me know if it went OK.The following are the logs that I was instructed to pass onto you (the HJT Team):Here is the first:Malwarebytes' Anti-Malware 1.40Database version: 2551Windows 5.1.2600 Service Pack 3 (Safe Mode)9/1/2009 3:30:18 PMmbam-log-2009-09-01 (15-30-18).txtScan type: Full Scan (C:\|E:\|H:\|)Objects scanned: 71585Time elapsed: 23 minute(s), 26 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 1Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Compo... Read more

Answer:Rootkit "Win32/Rootkit.Agent.ODG trojan"

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.*If you have since resolved the original problem you were having, we would appreciate you letting us know. *If not please perform the following steps below so we can have a look at the current condition of your machine. *If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.**If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.----------------------------*-------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is ne... Read more

15 more replies
Relevance 34.03%

I appear to have picked up this NTOSKRNL-HOOK Generic Rootkit.d!rootkit virus whilst sufing the net yesterday. My computer is/should be protected by the McAfee Security Center, however, it hasn't stopped this one and clogged my computer.

Whenever I try to start Windows normally, I get the Blue Screen error, I cannot turn off the restore system points either. I have run the virus scanner numerous times, which has alledgedly removed the infection, however, it normally reappears after the restart.

I have done the reports that you have requested, which now follow.

Answer:NTOSKRNL-HOOK Generic Rootkit.d!rootkit

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------

5 more replies
Relevance 34.03%

Found some issues with browser redirects which may now be solved but had several instances. Extremely slow computer at first so used Ccleaner and then followed up with SuperAntiSpyware. That found 4 instances of Trojan.Agent/Gen-DocFake and 1092 pieces of spyware. Removed but still acting slow and very hesitant. Used TDSS Killer and located rootkit Pihar.b which it said it removed. Restarted and ran Combofix which found a lot of things and removed them also. Then followed up by installing Avast and using their boot time scan tool which then located rootkit Alureon.b.

The system strill appears to be haing issues and Spybot is sending me fake browser notices from my Google Search engine about certain URLs.

Below is my DDS.txt log and I'll zip and attach the Attach file for you below that.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Owner at 12:42:53 on 2012-09-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1528 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spybot - Search and Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A... Read more

Answer:Pirhap.b rootkit changed to Alureon.b rootkit

I see combofix has been run on this computer, can you please post the log(s) located at C:\ComboFix.txtNEXTdownload Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*... Read more

6 more replies
Relevance 34.03%

I have scanned over and over again, and McAfee says it is removed, but it reappears so it is not getting resolved. The browser (IE has difficulty opening and Firefox is redirected) is difficult to use. I am getting an excessive amount of popups, though the blocker is activated. The advertisements on webpages are for some sexual enhancements. Martha Stewart would have a fit if she knew about them on her site, I am sure. I ran through some preliminary steps from McAfee support by erasing cookies, temp files, history and pws. Restore will not run. Also seems to show up with NTOSKRNL-HOOK and Generic Artemis which the latter showing as potentially unwanted program. Please advise. I have taken the first steps and the information is as follows:




DDS (Ver_09-03-16.01) - NTFSx86
Run by Ann at 23:12:26.77 on Sat 03/28/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_12
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3317.2260 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
... Read more

Answer:Generic Rootkit.d!rootkit (Trojan) Infection

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read this: How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

----... Read more

16 more replies
Relevance 34.03%

My computer has been afflicted with a rootkit and associated malware according to McAfee Virusscan Version 13.3, Build 13.3.115. The DAT files used in the scan are version 5560.0000 and were created on 3/21/2009.

My computer is running XP Home Edition, with SP3 installed

The following is found when a scan is performed in SAFE MODE only. This does not show up in normal mode.


"NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"
3/21/2009 6:50:16 AM "C:\WINDOWS\SYSTEM32\UACTOHUVLQF.DLL" "Generic FakeAlert.k" "5"
3/21/2009 6:50:21 AM "C:\WINDOWS\system32\UACtohuvlqf.dll" "Generic FakeAlert.k" "5"
3/21/2009 6:50:21 AM "C:\WINDOWS\SYSTEM32\UACUDRIREJN.DLL" "DNSChanger.r" "5"
3/21/2009 6:50:26 AM "C:\WINDOWS\system32\UACudrirejn.dll" "DNSChanger.r" "5"
3/21/2009 9:11:19 AM "C:\WINDOWS\SYSTEM32\UACTOHUVLQF.DLL" "Generic FakeAlert.k" "5"
3/21/2009 9:11:24 AM "C:\WINDOWS\SYSTEM32\UACtohuvlqf.dll" "Generic FakeAlert.k" "5"
3/21/2009 9:11:24 AM "C:\WINDOWS\SYSTEM32\UACUDRIREJN.DLL" "DNSChanger.r" "5"
3/21/2009 9:11:29 AM "C:\WINDOWS\SYSTEM32\UACudrirejn.dll" "DNSChanger.r" "5"


Viruscan indicates that the rootkit is cleaned. In the quarantine area, two files show up UACTOHUVLQF.DLL and UACUDRIREJN.DLL.... Read more

Answer:Please help with NTOSKRNL-HOOK Generic Rootkit.d!rootkit

Hello dgwaltney,

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.


***************************************************

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT- Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications McAfee in particular, will interfere with ComboFix's removal of the rootkit.

Double click on combofix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the ... Read more

7 more replies
Relevance 34.03%

My computer has been having probelms for a few days now. It randomly restarts without warning, due to malware.I've scanned with a multitude of programs, which find and kill the trojan, only to have it reappear later.I've used Malwarebyes, TDSSKiller, iExplore, and Combofix (which I know I shouldn't use without supervision... I won't use it until instructed now. )Malwarebytes finds the process svchost.exe *32 and file C:\Windows\svchost.exe to be infected.TDSSKiller finds Rootkit.Boot.PihariExplore and Combofix delete various files which I don't remember.Every time I manually reboot, everything seems normal at first, but then the svchost process quickly pops up again.This has been going on for a few days now and I can't tackle it.This seems to be a deeply rooted trojan and I'm desperate to remove it. Help is much appreciated.--------------------------No GMER log is attached as I am using Windows 7 x64Here is my DDS Log:.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26Run by Jophuz at 21:20:27 on 2012-02-06Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2860 [GMT -6:00].AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}FW: PC Tools Firewall Plus *Enabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}.==... Read more

Answer:svchost.exe rootkit - "rootkit.boot.pihar"

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

14 more replies
Relevance 34.03%

Hi All,

My laptop had some unwanted pop-ups from FireFox so I scanned the whole system using McAfee and it found bunch of virus, all of which were said to be either cleaned or deleted by McAfee. I then rescanned it few times afterward and each time I get the following:

Name is "NtQueryDirectoryFile"
Detected As "Generic Rootkit.d!rootkit"
Detection Type "Trojan".

McAfee always says it is "cleaned" but it shows up each scan.

I would appreciate it if someone could help me clean it. Thanks in advance!

Answer:my laptop is infected with Generic Rootkit.d!rootkit

Hi and welcome to BleepingComputer The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Result... Read more

6 more replies
Relevance 34.03%

I recently downloaded what McAfee said was a clean file. NOT! I ended up getting a Rootkit called NTOSKRNL-ROOT. I don't know what exactly it is doing in there, but I cannot get into the normal OS (Win Vista Business) because of a blue screen of death everytime I try to boot. The bluescreen reads as follows:*** STOP: 0x0000008E (0xC0000005, 0x823E6E7E, 0x9D777010, 0x00000000) I can only get into safe mode. I did run ComboFix before I read that I shouldn't do that. Doesn't seem like I screwed anything up worse than it already is. McAfee is friggin' useless because it detects NTOSCRNL-HOOK twice and says it has removed it, but it didn't. Here is my DDS log (again, this is from a safe mode - no networking boot):DDS (Ver_09-03-16.01) - NTFSx86 MINIMAL Run by Dave at 19:00:49.15 on Tue 05/05/2009Internet Explorer: 8.0.6001.18702Microsoft? Windows Vista? Business 6.0.6001.1.1252.1.1033.18.3070.2599 [GMT -5:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\Explorer.EXEC:\PROGRA~1\Mc... Read more

Answer:NTOSKRNL-ROOT (Generic Rootkit.d!rootkit) - HELP!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Relevance 34.03%

Initially got a System Security virus that was removed using Malwarebytes. Subsequently got several other virus all removed with Malwarebytes. Got a variety of BSOD's. Right now appear to have everything cleaned except a root kit since McAfee consistently reports a NTOSKRNL-HOOK Generic Rootkit.d!Rootkit that it consistently says removed but is actually not removed. Also Malwarebytes reports a \\?\globalroot\systemroot\ssytem32\geyekrlcbmkryv.dll (Trojan.TDSS) that it reports removed but is not actually removed. I suspect these are related. Also cannot start in Safe Mode right now. Additionally when running RootRepeal I got the following message "Could Not Read Boot Sector. Try Adjusting the Disk Acess Level in the Options Dialog." I tried with several different settings and got the same message. I also got the following message on RootRepeal "Could Not Read Sstem Registry! Please Contact the Author!" The details showed Unrecognized Partition Type 6 (0x6)!.
See DDS.txt, ark.txt files below and Attach.txt attached.
Thanks for your help.

DDS (Ver_09-07-30.01) - NTFSx86
Run by Elaine at 18:27:20.10 on Fri 08/28/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.1839 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA0... Read more

Answer:NTOSKRNL-HOOK Generic Rootkit.d!Rootkit

Hello PonchyRCA,Has your McAfee SecurityCenter (Antivirus) expired? Lets try running RootRepeal a different way.Close/Disable all other programs especially your security programs (anti-spyware, anti-virus, and firewall) Refer to this page, if you are unsure how.Physically disconnect your machine from the internet as your system will be unprotected.Double-click on RootRepeal.exe to run it. If you are using Vista, please right-click and run as Administrator...Click the tab at the bottom. Now press the button.A box will pop up, check the box beside Drivers area (leave the others unchecked). Now click OK.Another box will open, check the boxes beside all the drives, eg : C:\, then click OK.The scan will take a little while to run, so let it go unhindered.Once it is done, click the Save Report button. Save it as RepealScan and save it to your desktopReconnect to the internet.Post the contents of that log in your reply please.Post those logs back in your next reply.

40 more replies
Relevance 34.03%

One of my friends managed to install this nasty rootkit on to my Vista Ultimate machine and I have had nothing but problems since. First It redirected search engines, then it installed win police pro, then it killed access to all windows executable unless you ran them in administrator mode. The rootkit was identified as a Rootkit.TDSS by Malware bytes, and Spyware Doctor, but it was identified as Rootkit.Rustock[KBI] by SuperAntispyware. Spyware Doctor and SuperAntispyware failed to rid me of the pest, but Malware bytes managed to remove most of it. Right now im stuck with 4 TDSS regkeys that wont delete. Malware detects them, but will not remove them. I've tried manual removal, and checked the added approprite registry permissions. The just wont go away and im afraid I havent removed the infection. Although, the computer appears to work perfectly.

Malwarebytes' Anti-Malware 1.40
Database version: 2723
Windows 6.0.6000
Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbiwkmfqnmkfeu (Rootkit.TDSS) -> Delete on reboot.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbiwkmlhphykoy (Rootkit.TDSS) -> Delete on reboot.

I can view these 2 keys but not delete them, they are where the injector is held. Although, i did manage to delete SOME of the files contained in there.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ytasfwqespetxa (Rootkit.TDSS) -> Quara... Read more

Answer:Rootkit.TDSS or Rootkit.Rustock[KBI] Trouble

We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check only the Files box: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

2 more replies
Relevance 34.03%

I have used Rootkit Buster, Kaspersky Scan, TDSKILLER, Rootkit Unhooker, Malwarebytes, Hijackthis and pretty much any program you can think.

I cannot get rid of this rootkit. Every Time I restart, Symnantec Endpoint Protection Detects it.

The name of it in Endpoint is: Hacktool.Rootkit

Then name in Kaspersky is: Rootkit.Win32.ZAccess.C

Answer:Hacktool.Rootkit/Rootkit.Win32.ZAccess.C

You have a serious malware infection. Disinfection will probably require the use of more powerful tools than we recommend in this forum. Before that can be done you will need you to create and post a DDS log for further investigation.Please read the "Preparation Guide".If you cannot complete a step, then skip it and continue with the next.In Step 7 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.When you have done that, post your log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the Malware Response Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day. Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, please reply back here with a link to the new topic so we can closed this one.

1 more replies
Relevance 34.03%

G'day,Having some malware issues - I assume the TDSS rootkit.Symptoms are:*Redirecting IE and Firefox results from google*At any given time, 2xIE processes running (they come up again when closed)*The other day before this all happened, another bit of malware snuck up (fake notifier) - possibly leading to the download of this?*I kept getting "Hard Drive Failure" messages with the previous issue. When I rebooted, everything form the start menu was gone, as well as the desktop. It has all restored back to normal, but half of my files scattered through my computer have transparent icons (as if they're hidden)*I ran memtest (from unix GRUB) and used computer management to check the health of my hard drive - A-OK apparently.I foolishly didn't have any other protection on my system as a while ago AVG failed upon install and i never got around to it again.Steps taken so far:*Firewall was already on (Windows) - didn't reinstall zonealarm which was stupid of me.*Run AVG Thorough Scan + Anti-Rootkit, Kapersky antivirus, TDSSKiller, Spybot and as expected, nothing came up besides cookies, a couple of temp files, etc.*Used DeFogger, and got all the logs, and will paste below.Any help is greatly appreciated all! Thankyou very much =============================================================================================================================.DDS (Ver_2011-06-03.01) - NTFSx86 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20Run by Aa... Read more

Answer:Rootkit issue - assumedly TDSS.rootkit

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 34.03%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:17:21 AM, on 2/13/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\TechSmith\SnagIt 8\SnagIt32.exeC:\Program Files\TechSmith\SnagIt 8\TSCHelp.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ht... Read more

Answer:rootkit.pakes rootkit.agent..., too many to list!!!

hi all... saw the 5 day thread and judging by the number of posts today, i would probably still be in line tomorrow, so at the risk of offending i will pass on my request for help if nobody gets to me in the next 12 hrs or so

i have to get my system back up, so if fdisk is my only option i will need to start down that path... again, not meaning to be indignant, i am just in need of moving forward with repairs so if someone does have time, thank you... if not, thank you as well

6 more replies
Relevance 34.03%

Hi, I was wrestling with an infection of W32.trats!inf on a laptop - Windows XP home.

Norton Antivirus keeps finding it and has been unable to get rid of it, so I was attempting to remove it manually.

vtstr.dll is in the Windows/system32 folder along with various registry entries related to it

I just tried to boot into safe mode, and it now will not log in and says "Unable to log you on because of an account restriction" in both safe and normal boot modes

Any suggestions?

Thanks!
 

Answer:W32/Trats!inf gone from bad to worse

16 more replies
Relevance 34.03%

ok....i give up LOL
 

Answer:Problems are getting worse = new log

oh and also, the nortons "clean sweep/smart sweep log" picked up this
=
File 'C:\HP\KBD\PS2.DLL' added.
=======
and a lot more things, but the log is way to long to add here. Is the PS2 ok?
 

3 more replies
Relevance 34.03%

I've tried everything I can to get rid of them and I figure It's time to let someone else take a look see at the problem. Here is my Hijackthis log.

I also tried to complete the 5 step process but was unable to get any scans from programs that I don't currently have since anytime I try to access the internet from the computer my windows get redirect with pop-ups on top of them.

Also It's my girlfriends computer I'm trying to fix so I'll have access to the internet on my computer if you need information as It's trying to do something thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:38 AM, on 3/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\m... Read more

More replies
Relevance 34.03%

A very interesting article on whether anti-virus software is getting worse in detection of both new and known threats.
What do you think?

Is anti-virus software getting worse at detecting both known and new threats?

Earlier this week, Stu Sjouwerman, CEO of security awareness training company KnowBe4, looked at the data published by the Virus Bulletin, a site that tracks anti-virus detection rates. And the numbers didn't look good.

Average detection rates for known malware went down a couple of percentage points slightly from 2015 to 2016, he said, while detection rates for zero-days dropped in a big way - from an average of 80 percent down to 70 percent or lower.

"If the industry as a whole is dropping 10 to 15 points in proactive protection, that's really bad," he said. "Anti-virus isn't exactly deal, but it sure smells funny."

According to Sjouwerman, the Virus Bulletin is the industry's premier testing site. The tests are comprehensive, and consistent from year to year, so that a historical comparison is valid.

? RELATED: 14 tips to secure cloud applications
Several major vendors aren't included in these statistics, he said, because they declined to participate -- and implied that there might be a reason for that.

What's happening is that current anti-virus vendors aren't able to keep up with the attackers, he said, who can generate new malware on the fly.

"The bad guys have completely automated this... Read more

More replies
Relevance 34.03%
Question: Worse product ever

I spent $400+ on my Acer Aspire V 11 touch and I couldn't be any more disappointed in this product. My space bar doesnt work unless i press on it hard and directly in the middle of the bar which is irritating and time consuming when im trying to write an essay or along email or message. My touch screen barely reads my touch and sometimes does the opposite of what i try to do. I tried to download the free windows 10 upgrade onto my laptop and it gets almost to the end of the download and tellsme there is an error in the download and it cannot be downloaded. my store on the laptop where im suppose to be able to download gameseither doesnt load or when it does load and i try to search a game it doesnt even work and just loads forever to try and find the game ive searched for and it doesnt ever stop loading i tried to contact someone directly but of coursei get put on hold or hung up on and the live chat option doesnt load on my lapto, shocker. i am a AppleProduct advocate but ive heard so many good things about acer so i tried it out.i loved the fact it was a touch screen and was apparentlyfast buti wish i had never bought this laptop. it was a waste of money and i tried to get mymoney back for it but because i boughtit on sale they wouldnt do it. i also tried to see if i could trade it in for a tablet instead but that was out of the question. i got told i have to buy the new product i want and keep the laptop or try to sell it to someone. but no bo... Read more

Answer:Worse product ever

Sorry to hear your having problems. I can understand your being upset. Sadly with everything there are lemons. Now why the company you bought it from won't let you trade or return it is where I would be upset. Unless it was bought as a return/refurbished sold as is then sadly it's one of them things lesson learned. Sounds like the keyboard may have something stuck under the key. The good thing is there are always usb backup keyboards to be had. I have one on one of my Acer Ones because my wife was hard on her laptop and have missing keys that I use. Soon I will have a replacement. Until then I will use the usb one.James

3 more replies