Computer Support Forum

Malware Removal - Initial Scans completed

Question: Malware Removal - Initial Scans completed

Hello
I read the Read and Run Me First and followed the correct link to the Windows XP Malware Removal page and I think I have all the logs required which I will attach here. Firstly, thank you for such a well written and elaborate set of instructions.

Now, to the problem. I had this problem 2-3 days back and basically a virus seem to have struck my external HDD. Its capacity is 1 TB and now the name is all scrambled and is made up of strange characters. Also the contents of the HDD have been converted to these strange files and folders with scrambled character names. I am posting screenshots of all these pages to show you exactly what I mean.

I would really appreciate if you could help me with not only removing the malware/virus that has struck the HDD but also preferably recovering most if not all the data.

Thank you,
Sohum-Bilawal

Relevance 100%
Preferred Solution: Malware Removal - Initial Scans completed

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Malware Removal - Initial Scans completed

And here are the screenshots I told you about in the last post.

"H virus1.jpg" is a screenshot of the name of the corrupt drive and "H vius2.jpg" is a screenshot of the now damaged contents of the said external HDD - which is a Seagate GoFlex 1TB External HDD, the kind which needs an external power supply : http://www.seagate.com/external-hard-drives/desktop-hard-drives/goflex-desk/

Hope this helps.

Thank you,
Sohum-Bilawal

8 more replies
Relevance 97.99%

My computer began directing my searches to non-google sites and bringing up popups. I was running windows defender and AVG. I use firefox for browsing. All are up to date. Running Windows Vista Home in a newer HP desktop, wired connection. I was not able to update any programs (ad aware, spybot, AVG, windows defender, etc). Also, when I run hijack this I get an error message indicating that hijack this was "denied write access to the hosts file". Hijackthis automatic analyzers do note some problems files but when I check them and click fix, they are still there after I scan again (including after a reboot). That line is:"O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe"I (ignorantly) ran combofix already as directed by a related forum post. It indicated that there was a trojan infection, restarted the computer and instructed me to re-run. I did and it created a log, though I understand I'm not to post that unless directed. It helped, now I can update my programs and I have not been redirected when searching, but I'm sure I have not completely addressed the problem(s) yet, thus, the request for your help (thanks in advance).Below is the DDS log and attached is the, er, attach.txt file per these instructions:DDS (Ver_09-03-16.01) - NTFSx86 Run by Bedroom at 16:53:36.05 on Sat 03/21/2009Internet Explorer: 7.0.6001.18000Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3582.2192 [GMT -7:00]AV: AVG Anti-Virus Free *On-access scanning enable... Read more

Answer:Unknown malware or trojan - initial steps completed per initial posting instruction

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Relevance 95.94%

Thanks for your help. Chrome stalls and when closed it takes 5 or 6 tries to re-open. Start-up is also VERY slow? I completed the logs you need, I don't have a Windows Install disc or a Boot CD, but I have made a backup. thanks, - Jason



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.13.2
Run by Jason at 14:00:44 on 2013-02-09
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3957.1656 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:... Read more

Answer:Completed initial scans/steps -- browser stalls and slow start-up

bump, please :)

3 more replies
Relevance 81.18%

Hi guys,

first off, wanna say thanks in advance for the help i got from the very detailed tuts om malware removal...specially here
http://forums.majorgeeks.com/showthread.php?t=139313

OK...so followed all steps and wanted to see if i actually did get rid of all the crud the pc had running !!

Ran all the recommended softwares..and attached 3 logfiles... Combofix / superantispyware / MgTools


Thanks in advance for any assistance

Please advise as to what speps i need to take now
 

Answer:Malware scans completed..attached log files to verfy cleaned

Opps..almost forgot...heres teh mgtools zip also....


thanks guys
 

11 more replies
Relevance 75.44%

Hi Guys,I have completed steps 1-6 of  removing Malware it took forever!! I am still getting a message when i boot up the computer telling me to install updates. I have also been told to post the following logs.... I am sorry but i had to copy the contents of one of them and save it in Word (i did not alter any of the contents).thank you again for helping me out with this problem - most appreciated.[recovering disk space -- attachment deleted by admin]

Answer:Malware Removal completed

Lorraine, are you running Norton AV?

14 more replies
Relevance 74.62%

I just completed the Windows XP malware removal guide from this site and was hoping somebody here could go through my logs to ensure that I'm clean.

Thanks in advance.
 

Answer:Completed Windows XP Malware Removal - Need Log help

Here's the last log. Thanks again!
 

3 more replies
Relevance 74.62%

Im having problems with my Windows 7. The machine has been behaving odd lately, a few random bluescreens, the display drivers seem to be buggy as in windows aero is not working and I cannot view any videos in vlc, having a considerate amount of missing .dll issues and I cannot access device manager to check anything. I suspect some kind of malware. I have the 5 logs attatched to my post.
 

Answer:Help with malware removal - have completed steps in FAQ

Your logs are clean. You may need to post in the software forum for further assistance. You should remove either AVG or Kaspersky Internet Security.

Have you tried doing a system restore?
 

7 more replies
Relevance 74.62%

i completed the malware removal process step by step(i think). attached are logs. please check and advise. thanks in advance...bridgeman001
 

Answer:Malware removal steps completed, what now

Welcome to Major Geeks!

It would be more helpful if you explained what malware problems you are having. Also have you been working on malware removal in another forum. I see you have BFU installed and I wondered why.

You forgot to attach the log from SUPERAntiSpyware. Did it find anything?


The only items I question right now are the below two files which appear to be drivers. Do you know what these are from?
Code:

2008-10-11 23:32 .2008-10-11 23:32 11,264 -a- H:\WINDOWS\system32\drivers\uzi0ote5.sys
2008-10-10 22:24 .2008-07-08 14:54 148,496 -a- H:\WINDOWS\system32\drivers\21466736.sys

R1 is-H3JRUdrv;is-H3JRUdrv;H:\WINDOWS\system32\DRIVERS\21466736.sys [2008-07-08 148496]
R1 uzi0ote5;AVZ-RK Kernel Driver;H:\WINDOWS\system32\Drivers\uzi0ote5.sys [2008-10-11 11264]

 

1 more replies
Relevance 74.62%

Here are the reports. Let me know what to do next.

Also, I play online rpg's a lot (particularly City of Heroes/Viallains). I find myself getting a lot of "lag" when I play. Any way to put an end to this annoyance?

Thanks
 

Answer:Malware removal steps 1 - 6 completed

Hi Bookman1269!
Welcome to Major Geeks!

I'm missing 4 of your scans and the ones you ran weren't installed correctly. There is another way to do this which is a bit easier and produces less logs. Please go to this link NEW READ & RUN ME FIRST WITH MG TOOLS and follow the instructions. I suspect part of your lag may be from too many temporary files, which should be aided by running CCleaner at the beginning of the instructions in this link. You may also have malware, but I can't tell you that without seeing the logs.
When you finish with the instructions, you should have 4 logs:

- AVG Antispyware 7.5
- BitDefender (BDScan)
- Panda (activescan)
- mglogs.zip

Please make sure to follow the instructions for your operating system. Once we have a chance to look at these logs, we can tell you a little more about what's going on with your computer.

abri
 

1 more replies
Relevance 74.62%

I am still getting a virtumonde and a double click error on spy bot. Also i know during the scans several items were not able to be fixed. The computer is still running pretty slow. Thanks ahead of time for your help.
 

Answer:Completed Malware removal guide... Now what?

I'm new to this but I will follow your instructions to the "T".
 

10 more replies
Relevance 74.62%

I did all the steps in the Vista Cleaning Procedure thread. I'm still have issues and I dont know what to do to solve it. Ive had problems for a long time, pretty much since I got my comp. I think i double clicked on an open comp to comp wireless network at school and i think it may have something to do with it.

I know i have problems because when I'm on campus I get banned for having spyware activity. The ban is temporary (2hrs) but a pain nonetheless. The wireless network i was talking about shows up as 'uwo 2' (greasy because the school network is 'UWO ##') and is always available even if i know i'm not within range of anything.

I have Kapernsky 2009 updated and installed on my computer and my drivers are also up to date.

I can't seem to find the other logs, I searched and restarted. In the programs respective folders there doesn't appear to be anything, i don't really understand whats going on with it.

I would also note that I have had a ton of issues with my wireless card and I've had to reinstall the drivers a few times. I still have to constantly repair my connection. Its always the same thing, that the wireless capability was turned off. Ive tried changing the settings via an online fix but it didn't do anything. This last part may just be because my wireless card is just a whack product.

I would really apreciate help! I really dont want to have to wipe my computer.

Thanks in advance. ... Read more

Answer:Completed Malware Removal Guide: Please Help

Your SAS and MBAM logs are here:




"C:\Users\David\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\"
supera~1.log 2009-02-25 465 "SUPERAntiSpyware Scan Log - 02-25-2009 - 16-34-19.log"

"C:\Users\David\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\"
mbam-l~1.txt 2009-02-25 896 "mbam-log-2009-02-25 (17-28-45).txt"Click to expand...

But the look to be clean by the size. I do not see where you ran ComboFix.

But I am not seeing any issues in your logs.
 

1 more replies
Relevance 74.62%

HelloI have completed the required procedures for malware removal as your post described and am now going to post the logs here for your analysis. Thanks for the help. I am using a HP Pavilion Entertaimnet PC with windows vista. I have been having problems with opening window files. If I open too many of them in a row, the computer responds very slowly, so that the window opens slow as a tutle, or it does not even open at all, leaving me with a white window with no data shown.Here are the logs:Malwarebytes' Anti-Malware 1.38Database version: 2297Windows 6.0.6001 Service Pack 105/07/2009 11:39:30 AMmbam-log-2009-07-05 (11-39-30).txtScan type: Quick ScanObjects scanned: 77745Time elapsed: 6 minute(s), 35 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\SSDPSRV (Backdoor.Bot) -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\Windows\System32\ssdpsrv.exe (Backdoor.Bot) -> Quarantined and deleted successfully.C:\Windows\System32\serauth1.dll (Trojan.Agent) -> Quarantined an... Read more

Answer:Malware removal procedures completed

Scan Suspicious File(s)Please go to VirusTotal.com(If more than one file needs scanned they must be done separately and logs posted for each one)1. Copy the file path in the below Code box:Code: [Select]C:\Program Files\Kaspersky Lab Tool\is-226OJ\is-226OJ.exe2. At the upload site, click once inside the window next to Browse.3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.4. Next click Send FileYour file will possibly be entered into a queue which normally takes less than a minute to clear.This will perform a scan across multiple different virus scanning engines.Important: Wait for all of the scanning engines to complete.5. Copy and then Paste the link to the results in the next reply----------Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)* XP users Double click on dds to run it.* If your antivirus or firewall try to block DDS then please allow it to run.* When finished DDS will open two (2) logs.1) DDS.txt2) Attach.txt* Save both logs to your desktop.* Please copy and paste the entire contents of both logs in your next reply.Note: DDS will instruct you to post the Attach.txt log as an attachment.Please just post it as you would any other log by copy and pasting it into the reply.

1 more replies
Relevance 74.62%

Hi.In the last week or two, i have noticed that my computer is running slower than normal, as in taking a long time to open web pages, and on a few occasions i have been viewing a website, only to find that it dissapears and a completley different website appears.I have ran windows defender, that turned up nothing.I also have spybot, that turned up a load of usage tracks, which i removed anyway.So i just thought i would post these three logs to you to see if there is anything interesting in there.I am new to all this, but i have printed the "self help" pages out for the computer hope hijack this process  tool, to try and understand it a bit more.I am running windows xp pro sp3.internet explorer 8Thankyou for your time at looking at the logs.[attachment deleted by admin]

More replies
Relevance 74.62%

and here are my results. let me know if you see anything funky.

attached:
bitdef resluts
avg anit spy
hijack this
 

Answer:Completed the Malware removal guide...

attached:
getrunkeynow
shownew
 

4 more replies
Relevance 73.8%

I have followed the removal guide to the letter and I am still getting the trojan downloader BHO.BHG or BHO.BGL thing anytime I hit a webpage, its making my AVG work overtime. I am also getting website redirects. I did have the virtumonde thing and tried the alternative scan for that, it keeps trying to fix the same thing every time I reboot.
the spybot scan: "couldn't fix all problems, associated files in use (memory)", I never saw that before.

Attached are the requested files when asking for help, everything was done in order.

I appreciate any help that you folks could provide and thank you in advance.

Brian
 

Answer:Malware removal steps completed, problems still around...

Additional scans requested
note, the AVG scan saved in the .tab format, it will not upload.

Thanks in advance
Brian
 

11 more replies
Relevance 73.8%

Hi....I'm new, and not very PC smart. It's taken me a week to go through all your steps for malware removal, but I'm still getting them!

My OS is Windows XP Professional service Pack 2 (build 2600) version 7.1h.
Hard Drive is 119.96GB with 107.56 free. RAM is 254MB.

The processor is 2.4 gigahertz Intel pentium 4, 8 kilobyte primary memory cache, 512 kilobyte secondary memory cache.

Don't know what all this means, but I think you need it....

Here's the problem.

Firstly, we suddenly got an automatic Windows style dial-up connection window. This had not been the normal way for us to get on line. The dialing program window shows C\WINDOWS\system32\fd2ba95f.exe

Then a series of pop-ups which include "SYSTEM INTEGRITY SCAN WIZARD", "MALICIOUS SOFTWARE REMOVAL WIZARD", ULTIMATE WINDOWS DEFENDER" TRIUMPH ON-LINE CASINO", " BT YAHOO ONSPEED", REAL PLAYER UPDATE", "THERE IS NO VIRUS PROTECTION DETECTED ON YOUR PC", and lastly, "YOUR COMPUTER IS AT RISK. NORTON VIRUS IS SWITCHED OFF". It wasn't.

To the best of my ability, I ran all the steps as outlined in your pre-posting requirements. I don't get these pop-ups all the time, in fact, they are quite rare, but they are annoying, and I don't like the idea the PC is still infected.
The dial-up connection window is always there. We just ignore it.

I have saved, ready for sending, an Activescan log, a BD scan lo... Read more

Answer:I've completed the required steps for malware removal...now what?

Welcome to Majorgeeks!

Yes! As requested in the READ & RUN ME, attach your logs if still having problems.
 

5 more replies
Relevance 73.8%

I just completed the Malware Removal Guide and still have infections. I'm trying to clean my Dad's business computer which was infected with multiple viruses that were causing pop ups for software downloads. The one that was recurring in malwarebytes scans even after removal was AGprotect and tcpsr. I am attaching all the log files from running SUPERantispyware, malwarebytes, combofix, rootrepeal and mgtools. If I can get help as soon as possible that would be great because my dad received notice that his internet was going to be disconnected by his ISP since he had viruses.

Thanks
 

Answer:Completed Malware Removal Guide but still have problems

here's the other log
 

9 more replies
Relevance 73.8%

Whilst following the guide the following occurred also.

Didn't know what viruses I had so didn't use Special Removal Tools at this point

Uninstalled Viewpoint Media Player using add/remove programs

Had trouble restarting in safe mode for both accounts especially the non-adminstrator account. But was eventually able to run ccleaner and spybot on both

I was unable to run counterspy on both accounts in safe mode and only ran on administrator in safe mode. Ran counterspy in normal mode on the other account

Had to run bitedefender twice as the web browser closed down 3/4 the way through completion the first time. Ran Panda active scan twice as well as the web browser also closed down half way through on both occassions. Hence I just went onto the next step and did not run Panda active scan through to completion. These were both done in normal mode as unable to run in safemode with networking.

I know used the special removal tool for Virtumonde aka Winfixer successfully.

Logs are now attached.

Thanks heaps.

Rob
 

Answer:I've also completed Malware Removal Guide....Next Action?

More logs to accompany "I've also completed Malware Removal Procedures.. Next Action?

The rest of the logs.

Cheers

Rob
 

16 more replies
Relevance 72.98%

Hello All,

I am new to this virus thing but this website and forum has been extremly helpful and eye-opening! I followed the steps in the "Read&Run Me First" guide the best I could. The only item I could not complete was the Panda Scan as my Internet service has been cutting out over the last two days. I have attached the log files as requested. I will follow this post up with my attached Hijacker log which I installed and renamed per the guide.

The issue that seems to remain is that I am consistently getting pop-up adds in internet explorer with messgaes about running scripts. Also, the Counterspy found viruses and spyware and could not delete/ fix everything. Lastly, while the Panda Scan was able to run, it found 17 spyware hits. Can someone please assist me with completing the system disinfection? I already have about 6 hours into this so anyhelp would be appreciated.

Kevin

Edit by bjgarrick: Inline logs attached properly!
 

Answer:Completed Malware Removal (Thankyou!), Some Remaining Issues

Final Attachments

Here are the remaining log files I have. Thanks for any help you can offer.
 

4 more replies
Relevance 72.98%

Ok - I had a trojan try to take over my computer. It was trying to direct me to their brand of "spyware removal" software. I've run through everything in the Malware removal guide and everything seems to be working with one exception.

I'm still having trouble booting consistently into Windows (XP Pro). It will get to the screen just prior to all of the user accountings showing and will just completely start over in the boot process. Sometimes it will show me the boot to the last known good state screen and sometimes not. In any case, it doesn't seem to make a difference what I choose at that screen. Safe mode doesn't boot any better than normal, and the last known good configuration doesn't make any difference either. With all of this being said, usually after several attempts, it will boot like normal and all is good until the next re-boot.

I'm wondering if I have a hardware problem to go with my malware problems (terrible coincidence) or if my Windows installation is somehow corrupted?
 

Answer:Trojan problem --Malware removal guide completed

Additional log post
 

10 more replies
Relevance 72.98%

Looking for a review of my logs please. Not sure what is slowing down my computer. I am having lots of trouble with Microsoft Office 2007, but in general it takes super long to open up any program. My computer just started doing this recently. Before it was much faster.
 

Answer:Completed Malware Removal Guide need review of logs

Additional logs from SuperAntiSpyware.
 

4 more replies
Relevance 72.98%

Followed all steps to the word...A lot of things have been fixed. However there are still problems like pop ups and my computer is very slow to connect to the internet.
 

Answer:Computer very slow after Malware removal steps completed

Computer very slow after Malware removal steps completed...bdscan

this is my bdscan results
 

10 more replies
Relevance 72.98%

Hi,
One of my PC's was infected by Rootkit. I have completed the Malware/Spyware removal process. Please review my logs.

Thanks,
Pedz
 

Answer:Completed Malware Removal Process - Please Review My Logs

You did not run MBAM.

If you haven't already, please disable the Guest account in User accounts.

Please use add/remove programs to uninstall:
Ask Toolbar

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




O2 - BHO: C:\WINDOWS\system32\rakmdlkd83indfgnbu.dll - {D5BF4552-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\rakmdlkd83indfgnbu.dll (file missing)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Ekesop] rundll32.exe "C:\WINDOWS\Bqulijoha.dll",e
O4 - HKLM\..\Run: [Phavavinasowovon] rundll32.exe "C:\WINDOWS\ovawicozi.dll",e
O4 - Startup: is-N47O8.lnk = C:\Documents and Settings\Administrator\Desktop\Virus Removal Tool\is-N47O8\startup.exe
O22 - SharedTaskScheduler: erajhsf8743kjrngjnf - {D5BF4552-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\rakmdlkd83indfgnbu.dll (file missing)Click to expand...

After clicking Fix, exit HJT.

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" ty... Read more

1 more replies
Relevance 72.98%

I have scanned with AVG with the latest updates. On top of that insidious google redirect I get random pop ups even when I don't already have IE or Firefox running. Also getting sounds in the background like I'm clicking on a link, surfing the net when I'm not. And SYSTEM in task manager is hogging a ton of memory.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:52:42 PM, on 8/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeC:\... Read more

Answer:persistent malware undetected by virus scans and malware removal tools

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

2 more replies
Relevance 70.93%

Here are my scan logs. I'm not sure what, if any, problems I still have but I wanted to have them looked over just to be sure. I could not run RootRepeal so I do not have a scan log from it. I got a message saying virtual memory was too low and that it would be increased, however it didn't help and my computer eventually froze and I had to reboot it. Thanks for your help!
 

Answer:Malware Removal Scans

Hi and welcome. I am currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Thanks for your patience during this time.

Kestrel13!
 

6 more replies
Relevance 70.93%

Hi,

Recently i received an email from head of my IT department which contained an attachment called "CIS Advices on Self-Protection.pptx". Turns out the header was false and it want actually from my IT department. Anyway i clicked on the attachment, then reported it after i realized what i had done.

I then performed all of the procedural steps outlined in the read me first post.
Attached are my logs. nothing appeared as a threat in any of the scans and my main antivirus program didnt detect anything.

thanks in advance to anyone who looks into this
 

Answer:malware removal scans

What malware issues are you having ?
 

6 more replies
Relevance 70.52%

My computer recently became infected. At first, my taskmanager and regedit were locked. Next, my desktop background was locked. I fixed these problems, but continue to be bombarded with malware in my running processes which regenerate upon rebooting. Eventually, I could not startup Windows. Once the Windows loading page was finished, my computer would restart. I upgraded to XP Pro, can now log on, but still have malware. Please help! Thanks for your time!
 

Answer:completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have malware

Re: completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have mal

Here is my MGTools.zip log. Thanks in advance for your help. Any addition info needed please let me know. Take care.
 

4 more replies
Relevance 70.11%

In the beginning was getting a pop-up that I had to scan my pc and purchase AV software. I did all the steps in the read me first except for the Root Repeal. I tried to run several times but each time the pc got stuck in the initialization of the software and pc froze and was getting message "virtual memory minimum set to low". I went to the system properties and the virtualmemory settings was set to 576MB. I changed setting to let system manage virtual memory. Itried to run again but this time just freezes in the initialization stage but doesnot freeze the pc this time I can still use pc. I then continued to the MGTools. My logs are attached.

thank you for your help
 

Answer:Completed Initial steps

My system information
OS Name Microsoft Windows XP Home Edition
Version 5.1.2600 Service Pack 3 Build 2600
OS Manufacturer Microsoft Corporation
System Name PC988720711140
System Manufacturer Hewlett-Packard
System Model Pavilion zv5000 (DZ330U#ABA)
System Type X86-based PC
Processor x86 Family 15 Model 2 Stepping 9 GenuineIntel ~2800 Mhz
BIOS Version/Date Hewlett-Packard F.12, 2004-02-16
SMBIOS Version 2.31
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume1
Locale United States
Hardware Abstraction Layer Version = "5.1.2600.5512 (xpsp.080413-2111)"
User Name PC988720711140\Chuck
Time Zone Central Standard Time
Total Physical Memory 768.00 MB
Available Physical Memory 318.68 MB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 1.53 GB
Page File C:\pagefile.sys
 

3 more replies
Relevance 69.29%

hi everyone
I've been through all the steps as recommended, but there appears to be an underlying problem still with my PC running fairly slowly and the performance quite pooor.
Any help is much appreciated. I have all the logs ready, but await your instructions. Thanks

Jon
 

Answer:All initial steps completed...still slow!

jonboy75 said:





hi everyone
I've been through all the steps as recommended, but there appears to be an underlying problem still with my PC running fairly slowly and the performance quite pooor.
Any help is much appreciated. I have all the logs ready, but await your instructions. Thanks

JonClick to expand...

forgot logs rolleyes
 

10 more replies
Relevance 68.06%

When I try to run a scan from usind AVG anti-virus, Avira, Windows Defender, or SuperAntiSpyware; when the scan gets to a certain point, Windows shuts computer down with a blue window. It says Kernel_Stack_ Inpage_ Error plus some standard verbage about if you recently installed sortware/hardware,see administrator, etc. At bottom it says: STOP: 0x00000077 (0x00000001, 0x00000000, 0x00000000, 0xF79B1D24). I could sometimes run AVG scan in "select drives/folders" mode but recently it quit allowing that after I upgrade to AVG 9 (free). I uninstalled AVG and went to Avira but with same results. Scanning with Windows defender did the same. I recently installed and ran SuperAntiSpyware and was able to pinpoint problem to " System Volume Information" directory. I am unable to open to see contents as Windows shows no files in it. When I ask Ariva to scan it, Ariva says no files also but if I use AntiSpyware to scan, it shows many files during it's scan but will get to a certain point and computer will shut down. I can almost see file that shuts it down but it happens too fast to catch it. I was able to run "RootRepeal" and log is below. I was not able to run "DDS.scr".

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/30 13:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepe... Read more

Answer:Unknown malware/virus won't let any anti-virus/windows defender/malware removal progran to complete scans

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

23 more replies
Relevance 67.65%

my computer got infected with some malware so I did all the steps on READ AND RUN ME FIRST post to remove them and after doing all the scans my computer was fine. However, my Microsoft Outlook wont open it is trying to down load then it says "Error 1402 Setup cannot open the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet.....verify that you have sufficient permissions to access the registry....". Why is this happening did I delete something I shouldn't have. Can you please help me with this. thx.
 

Answer:Cant open Microsoft Outlook after doing READ AND RUN ME 1ST for malware removal scans

Re: Cant open Microsoft Outlook after doing READ AND RUN ME 1ST for malware removal s

We cannot help you if you do not attach all of the requested logs from running the READ & RUN ME.

However it does not sound like a malware problem. You should start looking at the below:

http://support.microsoft.com/kb/838687

http://support.microsoft.com/kb/236427
 

1 more replies
Relevance 66.42%

Hi,

I have just completed all of the instructions in your Read ME first thread. My PC initially became infected with backdoor.tidserv!.inf - at least thatis what Symantic AV Corporate Edition detected. The PC was behaving OK, but started having internet connectivity problems.

The Superantispyware and malwarebytes scans picked up further infections and they are documented in the logs.

I am running XP with SP2, PC Tools Firewall Free, and Symatec AV Corp Edition. I managed to completed all of the instructions with the exception of RootRepeal. I ran it, but after 36 hours it was still crawling along. I attach my logs for your review.

I am going to purchase SUperantispyware - can I run it as well as Symantec AV?

Your help is greatly appreciated.
 

Answer:Completed Scans, is my PC clean?

Hi there and welcome. I am currently reviewing your logs and will get back to you with a set of instructions in the next post I make to you.
 

4 more replies
Relevance 66.01%

XP Home SP3, ran all scans, logs attached. Found Vungo, Virtumonde, etc.
Operating much better but a couple of things happpened after running MSTools. 1) I wa sno longer able to log on as administrator, the password no longer worked, but I have fixed this. 2) what still happens however is that startup goes directly from boot screen to logon screen, the system options screen, the opportunity to select F8 for options no longer appears.
2nd post with additional logs.
 

Answer:Completed scans, logs attached

2nd set of logs
 

8 more replies
Relevance 66.01%

Hi!

I have a 512 MB Compaq, OS: MS XP Home Edition and it has been freezing up on me constantly for the last couple of weeks. I believe I have contracted some malware when I reconnected my computer via a wireless adapter when I moved. I have tried to complete all of the scans on "Read and Run Me First..." and here are my results.

-Emptied quarantine folders
-Rebooted in Safe mode
-ran CCleaner
-computer did not properly dowload MS Windows Malicious Spyware Removal Tool so was unable to run it
-Ran SpyBot - nothing found
-Ran Microsoft Windows Defender - nothing found
-Ran Bitdefender - log attached.
-Ran Panda Active Scan but computer lost connection when finished so I was not able to save the log. Subsequent tries to scan when in normal mode have resulted in the comptuer freezing before it was finished.
-Ran getrunkey.bat - log attached
-Was not successful running shownew.bat despite following instructions completely.
-Ran HijackThis - log attached.

I hope this is enough information and someone can help me. This is so frustrating! Thanks so much!

Emily
 

Answer:Computer freezing - have completed scans

You forgot to attach your logs!
 

14 more replies
Relevance 66.01%

Hi Jason,

I have followed the steps outlined in the Malware Prep Guide. I was able to run both the DDS and GMER scans. The GMER scan completed with the message 'Warning, GMER has found system modification caused by ROOTKIT activity'.

FYI, I was unable to run Defogger - after downloading, received the message 'unable to open file'. I'm not exactly sure what disk emulation software is, but I am pretty sure that I have never intentionally loaded any.

I appreciate your time and support. One thing I have not found on the site is info on what this virus maybe doing while living on my machine. Is it safe to use IE? I'm avoiding important and high-risk things like banking and other financial transactions. Are there other risks?

Thanks again,

Jane

DDS log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Jane at 17:39:04 on 2012-03-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2940.292 [GMT -4:00]
.
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\install... Read more

Answer:Redirect Virus - scans completed

Original post was in 'Am I Infected' forum, dated 3/13, 9:46 am.

17 more replies
Relevance 65.6%

I have been having problems with my computer for two weeks now..when none of the other software removed the infection I knew I had a big problem...I found your site and I've gone through the "Read & Run Me First malware removal guide," but still have problems. (troj/virtum-gen)
 

Answer:I completed the "Read & Run Me First malware removal guide," still problems

tonymiggs said:





I have been having problems with my computer for two weeks now..when none of the other software removed the infection I knew I had a big problem...I found your site and I've gone through the "Read & Run Me First malware removal guide," but still have problems. (troj/virtum-gen)Click to expand...

I have submitted to you my logs...I thank you in advance
 

19 more replies
Relevance 65.19%

I recently moved to a new house, set up my office and everything was running fine. About a month ago my computer seemed slow, maybe longer because I stopped using it because it seemed I was always in a hurry. Anyway, after the lag in speed can the inability to click on links inside emails and on web pages. I tried all the usual maintenance stuff (most of what was suggested on your site a general) and still have the problem of not being able to follow links. And, now I have noticed that I cannot launch McAfee. Please help! And, like I said in my first post on the Welcome Forum, I am very nervous about doing this myself but am willing to give it a try. Geeez, I can't click on the link to add my logs or do spell check....maybe it's a MG setting, I don't know.
 

Answer:Have completed all scans and am ready for Major Magic!!

Welcome to Major Geeks!




FileMakerMom said:





Geeez, I can't click on the link to add my logs or do spell check....maybe it's a MG setting, I don't know.Click to expand...

It is not the forum. It would be at your end. Try a different browser. Use Internet Explorer if you are not using it already. Otherwise, shutdown all protection software and try it. In fact, since McAfee will not even launch, it may be the cause of all your problems and you probably should just uninstall it to see if that cures your problems. We have seen issues like this dozens of times when protection software gets broken.
 

9 more replies
Relevance 64.78%

I've been through the steps as pointed out in the 'Read and Run This' thread and was wondering if anyone is kind enough to have any advice about where to go from here.

A quick summary of the problem - my CPU is maxing out at operations and programs are opening slowly, especially Firefox and Media programs (WMP, RealPlayer), but all operations seem 'hungrier' than before and there never seems to be a single culprit. Also my RAM is consistently high and when I free up space and switch off/block applications it runs high again within a short space of time.

This has occured in the past few weeks when I have joined a local LAN network (I live in Poland), set-up and installed Norton 2007 and started using Azureus for bit-torrents - I'm not sure if this is significant or not but I guess the more information the better?

So the results:

0) Nothing found in Add/Remove Programs - although Viewpoint has been removed in previous weeks.
5) Windows Malicious Software - nothing found
Spyware Blaster - Microsoft.WindowsSecurityCenter - disabled - I have been using SB before now and have found this problem on a number of occasions, and of course fixed it each time.
Windows Defender - PowerRegScheduler found and fixed
6) Bitdefender - log attached
Panda ActiveScan - had some problems here, but eventually ok - no problems found in search on 'My Computer' or 'Local Disk' but unfortunately I couldn't get a... Read more

Answer:Results of Initial Scans - any help appreciated

And the other logs as promised...
 

12 more replies
Relevance 64.78%

r removed screen freezes.

Answer:when i delete photo scans..after initial

Once again when I delete photo scans, after initial 2 removed to recycle bin...screen freezes......help.

3 more replies
Relevance 64.78%

First of all, thank you in advance for your help.
t
I was following the instructions of what to do before proceeding, and I had a few problem with the first step running Hijack This.

When it started, it quickly stopped and said I did not have access for some reason. It told me to find the Hijack report and delete them. I pushed "ok". Then the scan resumed.

A huge log came up, with no line item of "HijackThis reports" so I could not delete the report as the instructions say to do. and when I went to save it as "hosts", it told me I did not have access as Administrator to do so, even though I do and am logged in that way. I had to save the huge log of info as a txt file in "My Document"

Since things were not proceeding as the instructions indicated they would, I stopped and am sendin this info to you now to know how to proceed. This computer has been acting very strangely for over a month how, and I am hoping you can help me.

Thank you and I look forward to hearing from you.
 

Answer:Problems With Initial Scans Told To Run

12 more replies
Relevance 64.37%

Windows ME, all updates loaded.
Norton updated, scanned, clean.
Trend Micro Housecall run, came up empty handed [clean]
Stinger run, came up clean
Trojan remover run, found 5 trojans, cannot remove some [cabs]
Adaware run, cleaned up
Spybot run, cleaned up
Hijack this run, cleaned a few of the obvious
Startup list still includes what appears to be malicious code that cannot be defeated, and does not show up on Hijackthis log to my knowledge [if its there, the names are different than in the startup list]

Have fresh Hijack log and would like to post

Zapp
 

Answer:Request permission to post Hijackthis log: Win ME, scans completed

Hi there, I am not one of the true experts in here, but I can tell you that they will not want to see you post the log unless you have completed all, or at least as many steps in this link >>> http://forum.majorgeeks.com/showthread.php?t=35407 <<< as possible. Also you will want to be sure that you have run HJT correctly as in this link >>> http://forum.majorgeeks.com/showthread.php?t=38752 <<<. I cannot stress enough emphasis on following these procedures in correct order. Read all information carefully and read it again to make sure. They will not want your log unless you have done as many steps and in correct order as possible. If you don't understand something or have problems with any steps, post back with specific details and be as clear as possible. These people can and will get you out of trouble, but you must follow directions exactly, or you waste valuable resources and make things frustrating for them. Good luck
 

5 more replies
Relevance 64.37%

i ran an mse quick scan today, and when i ran it, the progress bar went unusually fast. and when the progress bar was about halfway, it completes and says it only scanned about 13,000 files.

does anyone know it does this? is this because of a virus?

Answer:mse quick scan only scans 13k files and completed halfway

They just released an update to the program itself. Did you install this update? Have you updated the definitions?

3 more replies
Relevance 57.81%

i ran the malware removal. i just finished the last , which was mgtools. how do i know from that log whether or not i need to do anything else? please help.
 

Answer:need help-completed mal removal

Welcome to Major Geeks!

Are you still having problems?

If you want us to tell you if you are clean then attach the 4 logs that were requested in the READ & RUN ME.
 

10 more replies
Relevance 56.99%

Before I start I want to thank chaslang for helping me with my last computer. It was deeply compromised. Chaslang, you are the best!

I have inherited a used computer from my parents. It needs to be cleaned of any viruses that are present and I believe the registry has some problems. It has Windows XP Professional (32-bit) with SP3.

I have run all the scans and have attached the logs.

The main problem that I have noticed happens when I right click icons on the desktop. When I right click icons, the start menu, etc..., the Windows Installer box opens with the message "Preparing to install....". Then after 15 seconds it vanishes and the right click menu opens up. This Windows Installer box also opens when I highlight a file and press delete.

Also when trying to remove programs in the Add/Remove Programs utility, a message box opens up claiming that the Windows Installer Service could not be accessed.

Another problem is the slow start-up when I turn the computer on. I think there are a number of programs that load at start-up that are useless to me. But I really don't know which ones are necessary. I want to streamline my computer and get rid of all the useless garbage on it.

I have searched extensively for solutions to these problems but I thought I should leave it to the professionals at Major geeks.

Yes this is an older computer but I can't afford a new one. If it can be fixed, it will serve all my needs.

Thank You
 

Answer:Scans Completed on "Hand me down Computer" - Please Help!

Attached is the Mg Tools log.

Thank You
 

9 more replies
Relevance 56.99%

I've completed all the recommended steps and I'm wondering what to do next. I think I've attached all the necessary logs. Any help would be greatly appreciated!
 

Answer:Completed removal steps, what next?

Welcome to Major Geeks!

You forgot to attach your ComboFix log which I see is extremely large. You will need to put it into a ZIP file so that it gets compressed to be small enough to attach. Then attach it. We will get started without it but I do need to see it.



Okay now we need to use a new tool.

Download and save to RenV.exe to your Desktop (must be on the Desktop)
Now Copy the bold text in the below code box to notepad. Make sure you scroll thru all of the code box to get all lines selected. Save it as Log.txt to your desktop. (It must be on your Desktop).

Code:

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
C:\Program Files\Apoint2K\Apoint .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Lexmark 2300 Series\ezprint .exe
C:\Program Files\Lexmark 2300 Series\lxcgmon .exe
C:\Program Files\Lexmark Fax Solutions\fm3032 .exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent .exe
C:\Program Files\ltmoh\Ltmoh .exe
C:\Program Files\McAfee.com\Agent\mcagent .exe
C:\Program Files\McAfee.com\Agent\mcupdate .exe
C:\Program Files\McAfee.com\Agent\MCUPDA~1 .EXE
C:\Program Files\McAfee.com\Agent\MCUPDA~2 .EXE
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe
C:\Program Files\Microsoft ActiveSync\wcescomm .exe... Read more

8 more replies
Relevance 56.99%

A neighbor brought over his computer since he knows I help folks with infections.  It appears he already ran and removed infections found with SAS Portable and MBAM.  I can include those logs if you like so let me know.
 
DDS Log
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by HP_Administrator at 12:32:46 on 2013-08-16
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.958.456 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalS... Read more

Answer:Infected PC with some Removal Completed

Attached file ...

3 more replies
Relevance 56.99%

Im running windows xp. service pack 2
only started having problems tonight. i had searched for an episode of "flashforward episode 6" on google. got a link that look trustworthy on ask yahoo. clicked to dl video controller so i could watch. problems occured after that. i get redirected on all searches etc. spybot wont run. avg completely disapeared from my computer after a restart..
found this site.

Followed all steps possible.
I have a 64 bit computer so i had to skip a the parts listed.
completed all steps in registration email. got to the xp cleaning section.
installed and used superantispyware. when rebooted and tried to run again for log file. I got message: windows cannot access the specified device, path or file... i tried to use alternate start and nothing happens. used repair and got message that i dont have privaliges. how can i retreive log file. i cant even find any txt files in superantispyware folder..it did find and delete 5 trojans and 1 other file

moved onto install of mb.exe
i renamed files as told to. started program after install. chose quick scan as told. program closed on its own. reinstalled program, double checked re-naming of files etc. and used full scan this time, program closed again.
cant run other programs because im on 64 bit processor...

installed mgtools to c:\mgtools.exe
double clicked .exe with no av running and black window briefly apears, then disapears. nothing happens..

ran win32diag.exe
program stops
... Read more

Answer:Completed all steps for removal. please help

why is my post completely gone? i followed all steps in the registration email. i was up till 1:30 am doing all the things asked of me. i wake up looking for good news and i have my whole post gone?

Kyle
 

15 more replies
Relevance 56.58%

trying to remove search assit. and other virus and malware, trojans,spyware. been working on the problem as per instructions since yesterday, with a little sleep. Iam posting hjt as per instructions becouse still having problems with highjacking, redirecting, trojans still showing up on virus scans.
 

Answer:completed read and run me and simplified removal

Okay you have a load of problems that need to be fixed not just an HSA problem. Give me a few minutes.

Did you run both HSremove and About:Buster?

Do you have the log from About:Buster?
 

46 more replies
Relevance 55.76%

Hi, I am new to this....posting for the first time. I ran all of Read Me Run Me First for Maleware Removal. When my AVG ran last night it still detects threats stating objects are inaccessible:
C:/windows/system32/SVchost.exe(652):/memory-001a0000
C:/windows/system/32/csrss.exe(772):/memory-00270000
C:/windows/explorer.exe(208):/memory-001a0000

I will attach my logs for you to check. I could not run Combofix.exe due to the AVG. I did disable it but it gave me an error message that it needed to be unistalled but I couldn't get it to unistall so I skipped running it as per your notes.

It took hours but I did not skip ANYTHING.
Can you help me rid the computer of these Trojan viruses?
Thank you from the bottom of my wiped out heart!
GerylH
 

Answer:Completed Maleware removal, still have Trojan Virus

Please go here and download and run the AVG Removal Tool.

Then try to run ComboFix.
 

9 more replies
Relevance 55.35%

I just want to verify my pc is clean and I want to be able to download service pack 3.  i have a dell xps 400 with windows xp. DDS log:.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-06-23.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume2Install Date: 1/6/2012 9:04:06 AMSystem Uptime: 1/9/2012 10:05:35 PM (0 hours ago).Motherboard: Dell Inc.           |  | 0FJ030Processor:               Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhzProcessor:               Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 228 GiB total, 170.344 GiB free.D: is CDROM ()E: is CDROM ()F: is Removable.==== Disabled Device Manager Items =============.Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: Linksys WMP110 RangePlus Wireless PCI AdapterDevice ID: PCI\VEN_168C&DEV_0023&SUBSYS_00721737&REV_01\4&5855BE9&0&20F0Manufacturer: Linksys, A Division of Cisco Systems, Inc.Name: Linksys WMP110 RangePlus Wireless PCI AdapterPNP Device ID: PCI\VEN_168C&DEV_0023&SUBSYS_00721737&REV_01\4&5855BE9&0&20F0Service: WMP110.==== System Restore Points ===================.RP1: 1/6/2012 9:15:55 AM - System CheckpointRP2: 1/6/2012 10:15:25 AM - Software Dist... Read more

Answer:need someone to read logs- completed all steps on virus removal.

Malwarebyte logs:1/9/2012 10:12:06 PMmbam-log-2012-01-09 (22-12-06).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 197467Time elapsed: 16 minute(s), 46 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)

13 more replies
Relevance 55.35%

Hi

I've tried removing ads by Saver On using the steps outlined on the blog. The next step was to comment here if it didn't work. (Unfortunately it hasn't.)

I hope you can help me!

Flick
 

Answer:Completed removal process for Saver On and it is still infecting my computer

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

15 more replies
Relevance 54.53%

I followed the steps in the Windows XP Malware Removal/Cleaning Thread, with the exception of Hitman Pro. It continually crashed at start of scan. All logs attached. Thank you very much for your help.
 

Answer:Completed Removal Thread Except Hitman Pro (crashed). Other Logs Attached.

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:

[RUN][SUSP PATH] HKCU\[...]\Run : Ohovabq ("C:\Documents and Settings\User\Application Data\Arub\omgey.exe" [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Adqyag ("C:\Documents and Settings\User\Application Data\Zygoib\yxbiy.exe" [-]) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Run : SMBHelper (C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\4481\SMBHelper.exe [-]) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Run : udsed (rundll32.exe "C:\Documents and Settings\User\Application Data\udsed.dll",CloseDatabase [x][-][x]) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Run : rewrl ("C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\User\Application Data\rewrl.dll",read_init_2 [7][-][x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-4094170921-3905128688-456205478-1007\[...]\Run : Ohovabq ("C:\Documents and Settings\User\Application Data\Arub\omgey.exe" [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-4094170921-3905128688-456205478-1007\[...]\Run : Adqyag ("C:\Documents and Settings\User\Application Data\Zygoib\yxbiy.exe" [-]) -> FOUND
[SHELL][SUSP PATH] HKCU\[...]\Winlogon : shell (C:\Documents and Settings\User\Application Data\mcafee.ini,explorer.exe [-][x]) -> FOUND
[SHELL][SUSP PATH] HKUS\[... Read more

3 more replies
Relevance 54.53%

Hello,Great forum by the way! I have found tons of useful information here but unfortunately I am still experiencing some issues. A few days ago the computer was infected with Antispyware Soft. I received all of the typical infection signs and went through the manual self-removal steps. This stopped the issue of the false warnings but shortly after I noticed that I was experiencing the same redirect issue that others have experienced with this infection. I went through the manual steps including removing the Doc&Settings folders it created as well as the registry values. In the registry, there were some values listed as Antispyware Suite in addition to the 'Soft'. I also went through the steps on another forum's post before finding this one. None of the removers can locate anything now and I even ran a rootkit download tool that was recommended. It found one item, removed it and everything worked normally for a few minutes then more of the same redirect issue. Nothing so far has found anything else. Yet every time I try to perform a search, I get redirected. Sometimes without even running a search: just scrolling on a page will cause a redirect to one of several different sites but all seem to pertain to shopping, advertising or search sites.I have run so many things that I cannot remember them all now but I do know there is something definitely still on the computer but nothing is finding it. This is even causing the internet connection to go undetected a... Read more

Answer:Antispyware Soft Infection: Removal steps completed but still having issues....

Hello, KarenReyWelcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.If you do not make a reply in 4-5 days, we will have to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if th... Read more

13 more replies
Relevance 54.12%

Hi there!

Thanks in advance for your help.

My laptop has been infected by Antimalware Doctor. This was not detected by my McAfee anti-virus. After Googling this, I removed the offending exe files and the associated RUN registry entries, as described in various posts. Since then the laptop now BSODs soon after login. I suspect the BSOD is triggered by network activity of some sort as a) it lasted for 2 hours on one occasion after I had removed most Startup/RUN items and it then crashed soon after opening a browser, and it never BSODs in safe mode, however it did BSOD in safe mode with networking soon after browser activity (trying to run an online Malware scanner).

The BSODs have almost always been 0x0000007E (0xC0000005, 0x824475D8, 0x8B167B94, 0x8B167890) although I noticed an 0x8E once. Examining the minidumps always shows the blame with ntkrnlpa.exe, and on (only) one occasion ntkrnlpa.exe and hal.dll.

Please find DDS logs and the GMER log attached. When running GMER, the 'Devices' option caused a BSOD, so I have run GMER with 'Devices' unchecked as well.

Thanks again,
Neil.

Answer:Infected with Antimalware Doctor and now BSODs after initial removal

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!These instru... Read more

18 more replies
Relevance 54.12%

can someone please help me with this? Her are my logs:http://www.filedropper.com/superantispywarescanlog-06-01-2009-18-45-28_1http://www.filedropper.com/mbam-log-2009-06-0120-19-35_1http://www.filedropper.com/hijackthis_3[attachment deleted by admin]

More replies
Relevance 54.12%

Have windows vista, 32 bit. Have tried numerous malware and virus scans, and they found the virus and quarantined it. Malware is still there because when i try to go to google and do a search, when I click one of the result pages, it redirects me to a fake site. Also, sometimes, not all, when I open internet explorer into Google, google gives me the "we're sorry" page and asks me to confirm that I'm human. When I enter the crypt code, it doesn't register, and brings me back to the same "were sorry" page

Ran Read & Run me first with all except root repeal (would shut down computer when I tried to run it). Logs are attached.

thank you so much!
kristin
 

Answer:HELP!Completed Read & Run Me first, still have malware!

Run this as I review your logs.

Go to TDSSKiller and Download TDSSKiller.zip to your Desktop


Extract its contents to your Desktop so that you have TDSSKiller.exe directly on your Desktop and not in any subfolder of the Desktop.
Now double click the TDSSkiller.exe file to run it ( if using Vista or Windows 7 do not double click on it but rather, right click and select Run As Administrartor.
Allow the application to run and a window will open showing that it is TDSSkiller from Kaspersky
Click Start scan
It will run rather quickly and will notify you of whether anything is found or not.
Follow the instructions to delete/quarantine if asks you what to do when if finds something.
Whether an infection is found or not, a log file should be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post )
 

11 more replies
Relevance 53.71%

My Windows 8 computer has been infected with malware/adware. When I browse the internet there are ads displayed by edeals. I've followed many guides to removing it, but none have worked. I've scanned my pc with malwarebytes, adwcleaner, and junkware remover.
Here is the result of the scan with Adwcleaner: 
# Updated 21/05/2015 by Xplode
# Database : 2015-05-21.2 [Local]
# Operating system : Windows 8.1  (x64)
# Username : Jed - JEDPC
# Running from : C:\Users\Jed\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;*origin.com;*ea.com;*akamaihd.net
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:12289
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [2109 bytes] - [24/05/2015 11:15:26]
AdwCleaner[R1].txt - ... Read more

More replies
Relevance 53.3%

Hi guys,

Hopefully you will bear with me - i'll keep it short.

I've had a problem with an AV8 redirect - usual story, a fake 'scan' of files appears in an IE window, a pop up to download a 'remedy' appears.

I hope this won't annoy anyone - but i did ALL the readme malware removal instructions two weeks ago. None of the programs found anything (but i found that i did not have privileges to open some of my own folders afterwards? - i thought because of the settings the anti-malware programs tweaked?). Anyway, i found nothing after following the malware removal guide from start to finish. I also restored my system to an earlier time then. And i've been sailing along since, thinking that it must have been something very simple that was deleted by CCleaner (which i use daily) or Spybot (which i use regularly) or one of the programs recommended in the readme (which i then removed, because they didn't find anything anyway and i had similar products). Anyway, as i result i don't have any logs from the recmmened programs (as they didn't find anything, and i removed them shortly afterwards, thinking, as i say, everything was fine...)

And then last night it happened again so i went back to the malware removal guide, and yes, i did cherry pick it this time - i downloaded superantispyware again - which again found nothing. I also installed Window Essentials, which also found nothing.

So now i'm in the predicament - do i have... Read more

Answer:Malware guide completed, but still an AV8 problem

Yes, you need to do the scans all over again. Attach those even if they don't show anything. Be sure you have updated the programs before you use them ( SAS and MBAM ).
 

7 more replies
Relevance 53.3%

I completed all of the steps tp the best of my knowledge and I'm still getting the same pop ups... HELP
 

Answer:Malware On Laptop- Completed Read& Run Me- Still Get Pop Ups

Welcome to Major Geeks!

Is your copy of Spy Sweeper a paid version or free trial? If trial, uninstall it now.


Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\rxjddnvj.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file... Read more

3 more replies
Relevance 53.3%

Hello all, I'd like to start off by saying that I just can't tell you how helpful your site has been to me. I called myself safe before for just virus scanning and using AdAware, but there was so much I was (obviously) missing. I have completed all the steps and I have found a lot of things I didn't even know I had.

I'll start off with what led me to your site. A few days ago, I booted up my computer, instantly my SpyBot resident scanner went off saying that there has been a registry change. I did not recognize it, so instantly I punched in my query into google, and there you were.

Now, after looking up the file, I saw that it could possibly be the sign of my computer being infected by a rootkit. I panicked, but luckily, your sticky thread on what to do first helped tremendously.

The problem lies here: I did not notice any signs of a virus or rootkit on my own, so I do not know if my problem has been truly fixed. Yes, the scans did find things, and yes, I did repair and fix as needed. This is for my peace of mind on the safety of my system. Attached are my HijackThis log, my CounterSpy log and my Panda: Active scan log.

If you could, just check them and see if I still have any problems, please.

Once again, I am TREMENDOUSLY grateful for this website and all of your help, present and future. Thanks so much!

//t3hCyborg
 

Answer:Malware Help:All steps completed, Just making sure...

My computer also seems to be running a little slower than usual... What do you think this could be?

Some of the new Anti-Malware programs run on start-up, but I don't think they would consume that much memory...
 

7 more replies
Relevance 53.3%

Hi, I followed the instructions to remove malware from this forum, but I'm not sure if it's all gone or not. I had the windows security alerts virus thing, and I've managed to stop it popping up all the time and blocking my access to the internet and other programs, but the internet is running more slowly than usual still. I'll attach my logs that I could figure out how to find, I might need help.
 

Answer:Need help removing malware-have completed steps

You only attched a Combofix log. You also need to be attaching logs from:


SUPERantispyware
Malware Bytes
Root Repeal (If it ran successfully)
MGTools

 

1 more replies
Relevance 52.89%

Hello, I'm new in this forum and I'm seeking help in cleaning my computer.
I did some recommended scans, and I'm attaching them.

Thanks
 

Answer:Need help with removal-att. my scans prt.1

Part 2 of attachments
 

2 more replies
Relevance 52.89%

Hello and this is my first post.. I'm using an account a friend let me use.

Earlier this week I was viewing a page in Internet Explorer(Mind that I don't prefer IE, I mainly use Firefox) and something attacked my system and started bringing up popups about a "free spyware remover" program, telling me my computer was infected. Knowing this was a hoax, I closed them, only to find that they'd uploaded something to my system. It seemed like adware. There was an icon in the taskbar that would not go away, saying the same thing as the popups- "Your computer is infected! Click here to download spyware remover!" On top of that, the files or whatever have disabled most administrative capabilities I once had, like the Control Panel, Add/Remove programs, and even the Desktop Properties menu.

Now I've tried at least 4 programs to rid myself of this annoying problem- Norton, SpyBot S&D, and none have fixed it.

A friend recommended me to you guys and it looks like you really know what you're doing. I've completed steps 1-5 to the best of my abilities as of now. I couldn't even do step 1 due to the fact that the malicious stuff has disabled my Control Panel. Step 2 concerning the Panda ActiveScan was unsuccessful, as the popup window doing the scan mysteriously closed part-way through the scan.

Anyway, here's the DSS and HijackThis reports. Any help is greatly appreciated. I want my computer back! And REVENGE!

Deckard's System Scanner v20070826.66
R... Read more

Answer:Spyware/Malware/SOMETHING Steps 1-5 completed(kind of)

Sorry for the double post, there doesn't seem to be an edit button.

Also try to keep it in layman's terms, I'm not that much of a computer wizard- just a gamer.

16 more replies
Relevance 52.89%

Found some suspicious things in my email, so I ran the sequence of malware detection/removal. I'm attaching my logs and waiting for instructions on what to do next. Thanks for your help!!

I have one last file to upload, so I'll comment on this post and add it there. Your procedure gen's 6 logs and we can only attach 5.
 

Answer:Malware Procedure Completed, Logs for review

Now for the TDSKiller log, attaching that. Thanks again!
 

16 more replies
Relevance 52.89%

Hi,

Originally posted in the software form and they said to do this first.

Have Vista 64Bit and friend logged on and d/led a file from a friend which turned out to be Koobface..... Ran some standard removals which clearly didn't work and computer loves to shut down at around 10am every day.

Have completed the SAS, MBam and MGLogs but not other two as 64 Bit.

I have posted SAS as small and just attached the other two logs.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/17/2010 at 04:06 PM

Application Version : 4.41.1000

Core Rules Database Version : 5365
Trace Rules Database Version: 3177

Scan type : Complete Scan
Total Scan Time : 03:56:33

Memory items scanned : 595
Memory threats detected : 0
Registry items scanned : 16887
Registry threats detected : 0
File items scanned : 92069
File threats detected : 1

Trojan.Vundo-Variant/F
C:\WINDOWS\SYSWOW64\AVSREDIRECT.DLL

Thanks for any help.
 

Answer:Malware Guide completed - Logs attached

AVG Free 8.5 <--- This is outdated, after we have finished here you can upgrade if you like to the latest version, or opt for something else instead, but first let's finish here first.

You have Teatimer running, which could block any fixes we try to implement.

How to disable Spybot's TeaTimer

Please go to Add/Remove programs and uninstall the following software:


J2SE Runtime Environment 5.0 Update 11
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Spyware Doctor 7.0 <--- If this is just a trial which is useless and won't fix anything anyway then please uninstall it.


Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:





O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - (no file)
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)Click to expand...

After clicking Fix exit HJT.

Download and run OT... Read more

6 more replies
Relevance 52.89%

Good Morning ,

I have successfully completed all steps. I started to notice a difference in my computer the last month or so. Incredibly slow and programs not running the way they should (windows wants to reinstall, missing files etc)

Please find attached my logs.
 

Answer:Malware Detected - successfully completed all steps ...

Pleaae also find my mglogs
 

4 more replies
Relevance 52.48%

Hello,

I've followed the directions for malware postings (mixed success). DDS.txt is shown below. Attach.txt is zipped and attached. When I ran GMER the first time, the scan crashed... it seemed like it had written too many lines and ran out of memory? I recall many entries with values that began with "ZW", but that's about it.

When I try to re-run it after restarting my computer, I get the following error:

LoadDriver("C:\DOCUM~1\erhardt|LOCALS~1\Temp\leaotqpm.sys") error 0xC0000061: Access is denied

Then the first 8 boxes on the right in GMER are greyed out, and I can only check/uncheck Services, Registry, Files, and ADS.

Anyway, maybe this info can be a start for you guys. Let me know what else I should do. I appreciate this help greatly.

Best
TimMadison



DDS (Ver_09-03-16.01) - NTFSx86 NETWORK
Run by erhardt at 18:54:33.68 on ??? 2009-03-30
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.86.1033.18.503.200 [GMT -4:00]

AV: a-squared Anti-Malware *On-access scanning enabled* (Updated)

============== Running Processes ===============

svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\erhardt\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page =... Read more

Answer:Malware problem, I've followed initial instructions

There's an update since my initial post. I'm currently running GMER again, maybe it will work. Here is the text file so far, about 1 minute into the scan. It contains many entries already.

1 more replies
Relevance 52.48%

Greetings all -
Suspected a malware infestation. Followed instructions in the "Read & Run 1st" post. Log files attached. Would greatly appreciate a review and assessment of next steps.

Currently have uninstalled Norton 360. SuperAntiSpyWare is still installed from the 1st instructions phase.

Will await further instructions - huge thanks to all for your help!

S2
 

Answer:malware detected, ran initial SW, need assessment

Welcome to MajorGeeks.com!

It looks as if you missed a step in the READ ME, go back and download MGTools.exe and attach the log it produces.
 

4 more replies
Relevance 52.07%

Hello,

I recently started having some trouble with my Windows 7 (64 bit) HP laptop. I use Avast and Comodo for antivirus/firewall protection. I was watching TV online through Putlocker and received a message from Avast about a threat being blocked, but my computer suddenly began running slowly. When I opened Avast to run a scan, it said that it was turned off and wanted to turn itself back on, and I got a message from Comodo asking if AvastUI.exe was a trusted program. I've been running both of these programs for years and definitely did not manually turn off Avast. Thinking that perhaps this was malware masquerading as Avast, I clicked No on the Comodo window, but Avast turned itself back on anyway.

This all seemed suspicious so I downloaded Malware Bytes and ran a quick and a complete scan. It found one threat (Pup.Bundle.IIQ) and supposedly got rid of it. Computer was still slow, though, so I decided to run an Avast boot scan. It found a few Java files that were supposedly infected, so I removed them. However, the computer was still running slowly and taking 10 minutes to boot fully. I then uninstalled and reinstalled Avast, to no avail. Ran Malware Bytes again and it found the same file, which it again supposedly removed (this time it prompted me to restart, though). I've attached this log for reference.

Then I found this lovely site and began the malware cleansing process posted here. I have all of the software downloaded (including a new ... Read more

Answer:Malware help - completed half the process, scared of Combofix

If you are hesitant to run CF then run this instead.

Scroll down until you see MGTools Scroll even further down and it explains how to run it. Please attach the MGlogs.zip once done.
 

13 more replies
Relevance 52.07%

***EDIT**** Could someone please look at the info below and let me know if I should be worried about passwords being compromised? I have reformatted the drive, so I don't need help with removal, but I want to make sure I'm not in trouble some other way. ThanksHey guys, I'm hoping you can help me out. I've gone through the prep, however I was not able to activate the windows Firewall. I have unplugged the PC from the internet and I'm using a flash drive to move files and logs back and fourth to another PC to post on here.Initially I was infected with Digital protection and Internet Security XP. I used malwarebytes to remove both of those, but I'm still infected. Sites are re-directing and I received a warning from ATT today that my pc is being used to send spam. I would just reformat my PC but it's about 5 years old Compaq Presario and I've lost the recovery disk, so I don't have an OS. I'm including the DDS log belowCODEDDS (Ver_10-03-17.01) - NTFSx86  Run by Compaq_Owner at 11:31:18.56 on Thu 04/29/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.499 [GMT -5:00]AV: Digital Protection *On-access scanning enabled* (Outdated)   {28e00e3b-806e-4533-925c-f4c3d79514b9}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchs... Read more

Answer:Infected with unknown Rootkit malware, Prep completed

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 52.07%

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
Run by Home at 17:20:04 on 2014-03-08
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7928.5523 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files (x86)\Flip Video\FlipShareServer... Read more

Answer:Windows 7 completed infected with malware/trojans/virus

Hello and welcome to Bleeping Computer,please run the following:Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

21 more replies
Relevance 52.07%

I attached the log files for all programs except RootRepeal since it didn't find anything. If this log file is needed I can rerun it. The Combo Fix required a couple restarts of the computer because it found rootkit activity

If you want a description of the problem, here's my version of it. This is my work laptop that I received a little over 1 month ago and it seems like this problem started about 1 week after I got it. Every so often, usually an hour to couple hours in between, it will pop up a window that usually talks about making money from home with Google, and it pops up a second window with other advertisements. The second window is not an internet explorer window, rather the icon on the taskbar is kind of like a square with a blue top and is says: Advertisement
The problem has gotten worse over the weeks and now the computer can freeze up doing common tasks, like internet browsing. Sometimes the minimize/maximize/close button at the very top right of windows screens are not visible, the boxes are look kind of like a colorful static. I dont think I have seen that problem much recently. Yesterday it shut down like 3 times on me, all I was doing common was internet browsing. This is my work computer and it is extremely important to conducting my job so I do not browse into questionable sites. I did download a couple trial versions of syncing programs to auto-backup onto the network drive. I guess maybe I ot something from this, any help is appre... Read more

Answer:All Scans Attached for virus removal, Thanks

I meant to add how I knew it was stilla active. When trying to remember my password to this site, internet explorer crashed on me 3 times when trying to log into my email. Since then the advertisement has come up once. Internet explorer also jsut seem to have a hard time and lock up for 30 seconds or more on any screen where I have netered log in info. Otherwise, everything is fine as usual. I have been working the last couple hours and everything is normal speed unless work involves internet explorer.
Thanks again
 

2 more replies
Relevance 51.66%

Dds.txt pasted below, and the other two files zipped and attached.

Running windows XP on a 2005 machine. Hard drive crashed about 3 weeks ago, have new hard drive. Had dawdled on re-installing Norton since I haven?t been wild about all the botched installs I have suffered through with Norton. I am very very sorry and will never do it again!

Details of Problem:

We (actually my kid) landed by mistake on a sleeze-ball movie page. She left it quickly, but not quickly enough ? immediately got:
Internet explorer launching many many many windows, both pop-ups and pop-unders.
Various ads for a spyware cleaner and an anti-virus program.
Big flashing sign on the wallpaper in not-exactly-english saying that your computer may be infected (no kidding!)
I managed to get to Norton and download Norton 360. Installed it, ran it several times. Got notice of 6 threats. 5 cleaned up, one sort of hanging.
Then noticed that both browsers (internet explorer and firefox) were no longer responding to anything typed in the address bar ? IE page showed ?unable to access the page? message, Firefox just showed a blank page. Can still get to gmail and google via ?most frequently accessed? button in Firefox, but absolutely nothing in IE.
Deinstalled Norton.
No change in the behavior of the browsers, and the flashing wallpaper is still there. Fewer ?launch 95 IE windows? behaviors, but still see them every now and then.

Sigh. Sincerely yours, dumb mother??


DDS (V... Read more

Answer:Initial instructions followed for Malware, dds, attach, ark included

Hi -

I don't see that the gmer log or attach.txt have been posted. Perhaps the attachment failed. If you still have the zip file, please try to attach it once more...if not, please run the tools again, and provide the gmer log, and the attach.txt

19 more replies
Relevance 51.66%

I have been trying to follow the READ & RUN ME FIRST thread - and all of its spinoffs - so that I have all of my ducks in a row before asking for help, but I can't connect to the internet on the effected computer. Or at least the connectivity is severely limited. I've gotten updates for my AVG antivirus (after a really long time!! -- I mean after a really slow connection yesterday and a long wait, not a long time since updating the AVG) but can't get updates for other things. I am able to download files onto a memory stick on a different computer and then upload it that way, but I am unable to get updates once I install the software. I'm currently in the middle of a spybot installation and the progress is stalled because I can't get the updates.

Suggestions??

(Whatever happened to Ad Aware SE in the R&RMF to-do list?)

TIA,

Esther
 

Answer:Malware suspected but can't comply with initial instructions

Hi Computer Intolerant!
Welcome to Major Geeks!

Without seeing what's going on with your computer, I can't tell you for sure if you are having a networking problem or a malware problem. Please try to get the Combofix and MGTools.exe run, which you'll fine on the second page of the READ & RUN ME FIRST

The link to those instructions is at the bottom of the page and depends on your operating system. You should be able to load those onto a transfer device (cd or flash drive) and then try running them on the infected computer. Once you get the logs, please attach them to us with your next post so we can help you further.

abri
 

3 more replies
Relevance 51.66%

Computer infected two days ago. Ran all of the required programs, now computer is very sluggish, not sure if I got rid of everything. Also, continue to have Google redirect virus.

Here are the logs.

Thanks for your time.

Mike
 

Answer:Computer infected with Malware, Steps from Read Me First thread completed

Additional log.
 

5 more replies
Relevance 51.25%

I need help getting rid of the source of these spyware and constant pop up ads from IE. I have already done 4 scans with Spybot and found a few spyware that have the same name. Please look at my hijackthis log and see if there is anything wrong.

I run a vista home premium just in case you need this information.

Logfile of HijackThis v1.99.1
Scan saved at 11:42:27 AM, on 4/12/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\S... Read more

Answer:Continuous Spyware after constant scans and removal

Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer.

Please visit this webpage for download links, and instructions for running ComboFix


When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new HijackThis log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a security analyst.

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

3 more replies
Relevance 51.25%

My PC is infected. A program "MS Removal Tool" pops up when I boot and scans my computer and then asks if I want to remove the threats. It has blocked my viris software from running. I followed the Bleepingcomputer Forum preparation guide and ran DDS.txt and have attched attach.txx and ark.txt Logs to this topic. I am posting them here. Please help.Thank you.DDS.DDS (Ver_11-03-05.01) - NTFSx86 Run by Robert at 18:02:41.05 on Sun 04/24/2011Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3574.2324 [GMT -4:00].AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k Netw... Read more

Answer:Infected with "MS Removal Tool" Popup "scans PC"

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

16 more replies
Relevance 51.25%

I'm very computer literate but this is my first time using HijackThis.
Please tell me if there are any obvious entries in this log that suggest a BOT or anything that would
be causing my internet connection to slow considerably to the point of timeouts.

I'm running WinXP SP2, IE7 and McAfee.

Answer:Possible malware - Infection unknown - Initial HijackThis Log post

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

2 more replies
Relevance 50.84%

Os: win xp, browser: explorer, virus protection is Mcafee

Have malware on my laptop. It's taken over my search engine and all protection. crackajacksearchsystem.com keeps popping up. Did a system restore and eliminated some of the anoyance and have since tried to clean up the malware using malwarebytes and and SAS free with no luck. It takes over the program even if i rename the files and extensions also tried to do the same in safe mode, hijacks them there also. Tried Rkill with no success, disables it instantly. It also wont let me delete any of the original or renamed files
Had a few error messages pop on startup as well. All attempts at removal have failed as the threat hijacks the program before it gets a chance to do anything.

In setting up and gathering the logs for this forum post it even disabled the GMER scan after about 20 seconds so I cant get the log posted. The DDS i did get and is included below. Everything it hijacks gives me a message "windows cannot access the specific device,path, or file. You may not have the appropriate permissions to access the item" If I reload the file or rename it it will work again but gets hijacked again.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by C Coyne at 12:20:08 on 2011-10-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.487 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall ... Read more

Answer:Unknown infection disables scans and attempts at removal

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Please download DummyCreator.zip and unzip it.Run the tool.Copy and paste the following into the edit box:

C:\WINDOWS\335673691
Press Create button and post the content of the Result.txt.

Important: Restart the computer.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is no... Read more

32 more replies
Relevance 50.84%

I need to know what the best free spyware/virus scans is that I could run in or out of windows or online that will remove the spyware/viruses. Any help would be greatly appreciated.
 

Answer:What is the best free spyware/virus removal scans or software.

A combo of Avast! Home Edition and SUPERAntispyware is what i use and recommend, btw, both are freeware
 

9 more replies
Relevance 50.43%

Well lets see here where to start. About 2-3 weeks ago our computer system completely crashed and I had to reload almost every driver that exists on our computer. We are running windows XP home edition. Then a few days ago my husband picked up some viruses. We think that the source of the viruses, malware and spyware came from a myspace friend request that my husband opened. When he went to look at the supposed user profile it sent him to a pornography website and a few minutes later began receiving pop up "system alerts" that redirect us to a website to download "trusted anti virus and spyware removal tools" which we did not download because our McAfee security center tells us that they are not trusted sites. We have run our McAfee virus scan and it originally detected 38 items 5 of which were trojans, but since has not detected anything else. I also ran the scan in safe mode which detected another 8 items, but still we are receiving pop ups that say "system alert: [email protected]" "psw.x-virtrojan" and "spyware.cyberlog-x". Wwe have also tried loading additional spyware removal from www.ewido.net/en/download called AVG anti-spyware 7.5 which picked up an additional 27 items, but still are getting porno pop ups and error messages with supposed trusted removal tools. I have a hijakthis log below. Any help or ideas would be greatly appreciated!!

Logfile of HijackThis v1.99.1
Scan saved at 11:07:22 PM, on 10/26/2006
Plat... Read more

Answer:Spyware and Trojan-Virus scans and adware removal not helping

7 more replies
Relevance 50.43%

Greetings,

I've picked up a couple of bugs. First symptom was fake virus alert. I tried to close using Task Manager, but didn't succeed. Then Task Manager quit and Start Menu blew out--filled with data filenames etc. I tried to run MBAM but couldn't find it, so rebooted into Safe Mode and ran MBAM quick scan. Found Trojans, etc. MBAM log:

Scan type: Quick scan
Objects scanned: 192386
Time elapsed: 3 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\xnvsvgjlmc.dll (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\ckbapr.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\documents and settings\Dad\application data\Adobe\plugs\kb30287125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Dad\application data\Adobe\plugs\kb30328734.exe (Trojan.Age... Read more

Answer:Reinfection after scans report successful removal of Trojans/Rootkit

Hello geeceem, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4
Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how. Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator) A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed. If nothing ha... Read more

16 more replies
Relevance 50.43%

i ran all of the steps in the "Read me first..............." i am having problems trying to delete files, it says the program is in use or access denied, etc, i have looked in the task manager and se nothing out of place, i do see more svchost.exe there than i used to, also computer is running extremely slow and sometimes have to restart 3 or 4 times to get it to work halfway decent, please help! thanks
 

Answer:Still having problems after running all online scans and virus removal programs

Download HijackThis 1.99.1

Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

Run HijackThis and save your log file.

Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

Need help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting
 

21 more replies
Relevance 50.02%
Question: malware scans

When I perform a malware scan is it enough to limit the scan to the registry and cookie file? Often I find malware software seaching all of the files on my C drive.
 

Answer:malware scans

Let me add to my previous post. Is malware ever found in text and picture files in My Documents or My Pictures? I once heard about a virus in jpegs. How about in Program files? Most of what my ad aware and spybot find are in the registry and cookie file.
 

2 more replies
Relevance 50.02%
Question: Malware scans

Here are malware scans one one of our comp. This computor works online,the other two do not.One other runs Vista of which if i may will post logs when i can find them.Thanks in advance.
Wild.
 

Answer:Malware scans

Hi there. Your Mglogs.zip is very incomplete, and I don't have enough to work off there.

Please run MGTools.exe again making sure that you don't interrupt it, and also note down any error messages you may/ may have received. Referring to this if need be:

Using MGtools (scroll about half way down to possible error messages section.

Then once finished simply attach the new Mglogs.zip into your next reply here. Thanks

Kestrel13!
 

18 more replies
Relevance 50.02%
Question: malware scans

havent done a scan in a while, just doing it to play it safe, ill post logs
 

Answer:malware scans

Logs look ok to me, one thing I was curious about. Are you familiar with "VstPlugins"?
 

7 more replies
Relevance 50.02%

Okay, I ran all of the programs, I still get redirected if I try to access MG support forums directly, but I can get here if I go through the main portal. I got the BSOD when I ran MG Tools but I'll attach the MGzip.logs with what ever came though. Avast is not happy, it keeps telling me it is blocking malicious sites on Windows explorer and Firefox.
 

Answer:Ran scans still have malware

And here is the MGlogs.zip
 

22 more replies
Relevance 50.02%

After scanning with Spybot S&D, Ewido and Ad-Aware with clean results, I was surprised to find that aČ reported 371 infected files! On investigation of the log, two files were minor things whilst the other 369 were all Incredimail related. I updated all of the scanners before running them and I have not had Incredimail flagged up like this before...so I can only assume that it is the latest aČ update which is the culprit. For those of you who use aČ and Incredimail on the same machine, be sure to check your log prior to deleting any 'infected' files!!!

Answer:Just Ran Several Malware Scans...

After having many past problems with incredimail,i uninstalled it a long time ago.Could it be possible that a2 has scanned and found infected files within your email For example,known spam ?Just an idea,as ive not used Incredimail for a while.

4 more replies
Relevance 50.02%

First post on this board.

I have a Window Security Alert that has shown up in my start up tool bar. It has disabled Mcafee and even when I attempt to remove it with malware removal tools (emisoft, kasperick, rkill, malwarebytes, ccleaner) it keeps coming back. What do I need to do?

UPDATE: Just updated emisoft program that is still running and it blocked the malware to the internet with the following message:

Anti-Malware has detected a connection attempt to the suspicious host:

speed.pointroll.com

The connection has been blocked automatically.
Anti-Malware has detected a connection attempt to the suspicious host:

www.lynxtrack.com

The connection has been blocked automatically.

Anti-Malware has detected a connection attempt to the suspicious host:

leadback.advertising.com

The connection has been blocked automatically.

Answer:ran several scans and still have malware

Hello,lets do this and see how it is after. Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill... Read more

1 more replies
Relevance 49.61%

Hi. I've got an infection of some kind that has a rootkit component that is still there even after Avast and/or MalwareBytes run a boot-time scan to eliminate it. Immediately after the reboot, I scan my computer with Avast and the infection is still there. Avast reports the infected file as "C:\WINDOWS\SYSTEM32\zuyinuni.dll" and classifies it as "Rootkit: hidden file". Initially the infection affected my search results on Yahoo! search engines, redirecting all links in the search results to malicious pages, and for a time it also blocked MalwareBytes from operating properly at all. I was able to get around that problem by reinstalling MalwareBytes and downloading a randomly renamed copy of mbam.exe, which the infection was deleting during the install process. Once fixed and renamed, MalwareBytes was able to repair the search engine problem, and now the only sign of the infection is when it shows up on my scans with Avast and MalwareBytes, but it appears to survive these programs' attempts to delete it during boottime. Any assistance in finishing off this pernicious beast would be appreciated.

EDIT: Oh, yes. I'm running Windows XP.

Answer:Rootkit infection resisting removal by boottime scans with Avast and MalwareBytes

See this topic:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

2 more replies
Relevance 49.2%

Hi all! I have run most/all scans, but I'm still having problems with malware/trojans. I'm n hot a big expert with HijackThis logs, but any help would be most appreciated:

Edit by chaslang: Unrequested inline log removed. Please read and perform sticky thread steps.
 

Answer:Have tried most/all scans, but still problems with malware. Please help

Please read the announcement and sticky threads. HJT logs should only be posted when requested and then they must be attachments to your message. HJT must also be installed and run properly. You are currently running it directly from the ZIP file by using WinRAR. Don't do that.

Please run the steps below.

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem, boot into normal mode and make sure you follow these directions:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
... Read more

7 more replies