Computer Support Forum

How to Protect yourself from malware Thread

Question: How to Protect yourself from malware Thread

I have read this threadhttp://forums.majorgeeks.com/showthread.php?t=44525 and i am paying particular attention to #5 AntiSpyWare Tools, and it states ONLY USE 1 REALTIME BLOCKER So my question is, i use ESET'S nod32 Antivirus to protect my machine, but it has antispyware protection included. I also have Malwarebytes Pro providing real time blocking, so am i in effect useing more then 1 realtime blocker? If so what do i do about that? I paid for Malwarebytes Pro, not using it will defeat it's purpose and be considered a waste of money!

Relevance 100%
Preferred Solution: How to Protect yourself from malware Thread

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: How to Protect yourself from malware Thread

You;re fine. One AV only, but you can have more than one AS (Anti-spyware ).

3 more replies
Relevance 74.62%

Hi

I was just wanting to know the reason why Spybot S&D was removed from the "How to Protect yourself from malware!" sticky.

I am using version 1.6.2 since I found the newer v2 to be quite bloated and annoying. Should I still be using 1.6.2 since it still downloads the lastest malware signatures? Or is there an important reason why it was removed as a recommended antispyware tool?

Cheers
Sam
 

Answer:Reason for Spybot S&D removal from How to Protect yourself from malware thread?

Just not that useful anymore and as you noted V2 is too bloated. We also never liked Teatimer.

You can still use the old version and make use of the bad download blocker and hosts file protection if you wish but I would not use Teatimer. Modern antivirus programs already included antispyware too.
 

1 more replies
Relevance 52.48%

Ok this is weird. I run Ntl netguard, and Spyware Doctor. A few days ago, SpyDoc refused to auto update. Nothing strange thought I, site must be down.

Well its been four days now. Then I noticed I couldn't connect to Microsoft to do updates either. On further investigation, I found I can't connect to ANY legit malware sites. I have run Spybot, Ntl netguard, Malware Byte's anti malware, and Norton AV, none found anything wrong.

However, I tried setting up a proxy within Firefox, and CAN connect to the sites I couldn't otherwise. (albeit incredibly slowly).

As things stand, I can't update any malware software, and assume my poor PC must have caught something new and nasty.

Please help

Hi jack this follows:-

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:08, on 19/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterSer... Read more

Answer:Help Pls! Can't update Malware Protect or Visit Any Malware Sites

sorry, bump
 

2 more replies
Relevance 48.79%

Something (Malware ? ?) locked up my PC (Windows XP). I got a pop up message that my PC was infected and click "yes" to buy an AV program. I did not click "Yes", but every program I tried to run came up with the same message. I took it where I bought it and they fixed it by cleaning my hard drive and re-loading my OS. Fortunately, I had BU'd my personal files. They called the problem an "intercept". Norton AV did not catch it. They also loaded "Malwarebytes" for me.

What is the best way to protect for this kind of problem ?
 

Answer:How to protect against Malware ?

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.


After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using... Read more

1 more replies
Relevance 48.79%

i Just bought a new PC. i have a couple questions from the 'How to protect yourself from malware' thread.

My Pc is running windows 7.

In the Firewall section it doesnt say if the windows 7 firewall is sufficent? If it isnt i will download and outpost firewall and disable the windows one.

In the Antispware tools i downloaded Micrsoft security essentials for Winbdows 7. Since i also downloaded Avast as my anti Virus is it ok to run both these?

In the disable the autoruns feature there is no update for windows 7?
 

Answer:How to protect yourself from Malware

avilo4u said:





In the Firewall section it doesnt say if the windows 7 firewall is sufficent? If it isnt i will download and outpost firewall and disable the windows one.Click to expand...

While the Windows 7 firewall is better than what was in previous versions of Windows, it is still very inadequate.





avilo4u said:





In the Antispware tools i downloaded Micrsoft security essentials for Winbdows 7. Since i also downloaded Avast as my anti Virus is it ok to run both these?Click to expand...

No! MSE is and antivirus and antispyware. So is Avast. You can only have one of them installed.





avilo4u said:





In the disable the autoruns feature there is no update for windows 7?Click to expand...

Microsoft has never updated their info ( from here http://support.microsoft.com/kb/967715 ) for Windows 7 so I'm not sure if everything that is used for Vista would apply.

You can just run this >> Autorun Eater
 

6 more replies
Relevance 48.79%

How would you protect yourself from a fud?
 

Answer:How to protect yourself from a FUD malware?

LukeNukesEm said:





How would you protect yourself from a fud?Click to expand...

Supplement your security with something besides signatures.
 

34 more replies
Relevance 48.79%

Make sure you get your system protected from ocurrences of malware problems. Below are some simple steps you can take to reduce the chance of infection in the future. I strongly encourage you to do them all. There is no perfect solution for totally preventing malware from getting on your PC, however, these steps will help.

Please do not make the false assumption that this thread is old or out of date based on the date the thread was started ( 10-10-04 21:52 ). Look at the Last Edited date at the bottom of this message as this procedures does evolve with time.

IMPORTANT NOTE: It is getting more and more difficult to find real true freeware these days that does not include bundleware, toolbars...etc and junk you just don't want. Make sure you pay attention during installation of anything you download and read license agreements. Be sure to uncheck check boxes for the bundleware and toolbars where you can so that you opt out because the defaults are always to opt in.


1. Visit Windows Update: Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS. For anyone who is not yet running at least Windows 7 (which you really should be running at a minimum if your PC supports it) see the below link before updating. Note: Windows XP is not longer supported by Microsoft and is hence a security risk.

Windows 7 Upgrade Advisor
You should check for Windows Updates at least once a ... Read more

More replies
Relevance 48.38%

Hi. I am rather a person with basic knowledge about computers so don?t be surprised if my question will sound stupid to you.
I have a Windows PC and I often use my thumb drive to print some documents in my university. I?m afraid that it will become infected someday so I thought it would be a good idea to use it only with Puppy Linux when I'm at home. This is why I made my thumb drive a bootable one with Puppy on board. What I want to do is to boot to Puppy, copy the files I need to print or use at the university to the USB drive, then close the system and disconnect the USB drive. To be clear, only one USB stick is involved in this process (Puppy and data are on the same USB stick). Would that prevent infecting my Windows PC? If not then how can I avoid viruses spreading through USB? Can malware do any harm to Windows OS when Puppy is booting?
 

Answer:Can puppy protect me from malware?

Good idea if I understood correctly
 

7 more replies
Relevance 48.38%

I continue to get the "SysProtect" download window on both I.E. and Mozilla. Followed your steps listed to clean my system, but same "Virtumonde" files appear each time I run Ad-Aware. Here is the Hi-Jack this log (after running Ad-Aware, see end of log for HijackThis log generated after restarting computer w/o running Ad-Aware):Logfile of HijackThis v1.99.1Scan saved at 9:48:28 PM, on 5/18/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\System3... Read more

Answer:Malware - Virtumonde & Sys Protect?

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.Step #1Scan again with HijackThis and check the following items:R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\system32\jkhhe.dllO20 - Winlogon Notify: jkhhe - C:\WINDOWS\system32\jkhhe.dllAfter checking these items, close all browser windows except HijackThis and click "Fix checked".Step #2Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Put a check next to Run VundoFix as a task.You will receive a message saying vundofix will close and re-open in a minute or less. Click OKWhen VundoFix re-opens, click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will shutdown your computer, click OK.Turn your computer back on.Please go HERE to run Panda's ActiveScanOnce you are on the Panda site click the ... Read more

7 more replies
Relevance 48.38%

We maintain several PCs from a library, a research lab for students in a university. Just recently bunch of malwares swarm inside the lab and nearly affected all the machines. Most of these malwares are being imported from student's flash drives in which they're freely allowed to plug on the PC's. So cleaning the infections was really tedious. We cloned the drives and some were fixed using anti-malware softwares. 
 
Each computer is running a Microsoft Security Essentials for virus protection, and that's it.

Our main problem is, how should we setup each PCs so that we can prevent those viruses from porting inside the system? Is there any particular software or windows configurations that can offer such functionality? MSE merely detects all these viruses and most of it already infiltrated the system and removing each as I said is very tedious and time consuming.
Maybe you guys got some efficient workarounds with this type of predicament.NOTE:
All PCs have the same hardware and uses Windows 7 32bit.
 

Answer:How to protect PCs from USB-malware carriers?

Simple, look at:
 
http://www.bleepingcomputer.com/forums/t/541639/security-suggestions-post-3-of-7/
 
Have a great day!

 

11 more replies
Relevance 48.38%

Hello,

Is there any thread for "How to protect yourself from malware (for vista)" as the one written by chaslang for windows xp.

Another question plz. Is there any site to give ranking for antivirus softwares like matousec for pro-active internet security softwares.

Also kindly tell me plz that avast antivirus is better or comodo internet security with antivirus is better.

Thanks.
 

Answer:How to protect yourself from malware (for Vista)

ablaze said:





Is there any thread for "How to protect yourself from malware (for vista)" as the one written by chaslang for windows xp.Click to expand...

It was not written for Win XP. It is for all versions of Windows althoough obviously there is more in there that relates to WinXP and older since they have been around longer.





ablaze said:





Another question plz. Is there any site to give ranking for antivirus softwares like matousec for pro-active internet security softwares.Click to expand...

You should ask in the Software Forum. But reviews of AVs are typically out of date by the time they are published. This happens because many programs update 3 to 5 times per day and even just one update can drastically improve or reduce an AVs test score.





ablaze said:





Also kindly tell me plz that avast antivirus is better or comodo internet security with antivirus is better.Click to expand...

You are not comparing apples to apples. Avast is just an antivirus. Comodo Internet Security includes all of the below:

firewall
antivirus
Host Intrusion Protection System (HIPS)
BOClean Anti-Malware is not being included in CIS

 

3 more replies
Relevance 48.38%

Hello - First, let me say thank you for helping me rectify a really poor choicesof opening software I wasn't 100% certain was verifiable. As a result I have the Virust Protect Pro problem (at a miniumum) which seems to tie up my machine a lot and causes problems with my wireless network adapter. I have used Spybot and Adware to no avail. I've copied and pasted the Hijack This log below and won't make any changes until I hear from you.
With great thanks for your help!
K

Logfile of HijackThis v1.99.1
Scan saved at 3:52:29 PM, on 8/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program F... Read more

More replies
Relevance 47.97%
Question: New Malware thread

Sorry about the last one here is the new one...
Ok So I'm running windows xp media center on my laptop.

When I boot up I get numerous dll errors with nawupoho.dll for every program that opens.

Then after whenever I try to open any program I get another box for nawupoho.dll saying

"The application or DLL C:\WINDOWS\system32\nawupoho.dll is not a valid Windows Image. Please check this against your installation diskette."

Just keeps happening. After I click OK or the X the program opens. I've tried several various spyware programs with no results.

DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 12:26:09.35 on 10/03/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1216 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files... Read more

Answer:New Malware thread

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please explain why this computer has no antivirus program installed and running. This is an open invitation for infection.

It can take as little as eight seconds to infect an unprotected computer.

Please keep this computer offline except when downloading tools and posting in the forum until we get one installed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.... Read more

10 more replies
Relevance 47.56%

I just got my degree and have not been able to find work so I can only thank all the people at MajorGeeks.
I am 'Gunk Free' but was reading the chaslang's post "dated 10-10-04, 21:52, How to Protect yourself from malware! - MajorGeeks Support Forums"; and under the firewalls to use "Outpost Firewall Free" is listed when I went to download it, it is Dated: 2009-05-08 is it still a good firewall to use?
Thank you in advance for your help.

At a point in time I was 01 of them that understood some binary.
 

Answer:How to Protect yourself from malware! post question

Yes, it is still a good firewall. Just make sure you keep it updated as you would with all other protection software.
 

1 more replies
Relevance 47.56%

QUESTION _Sticky:" How to Protect yourself from malware! "

In the below instructions, Is it necessary if I *NEVER* use IE, only Firefox?

Thanks!


"6) Adjust Active X security settings

* In Internet Explorer, click Tools, Internet Options, Security. Click on the Internet globe. Then select Default Level, then click OK. Now select Custom Level and scroll down to the ActiveX controls and plug-ins section (some may already be set correctly):
o Set Download signed Active X controls to Prompt
o Set Download unsigned Active X controls to Disable
o Set Initialize and Script ActiveX controls not marked as safe to Disable
o Set Installation of desktop items to Prompt
o Set Launching programs and files in an IFRAME to Prompt
o Set Navigate sub-frames across different domains to Prompt
o Set Allow paste operations via script to Disable (see: http://support.microsoft.com/kb/224993 )
o Click OK and OK again. "
 

Answer:QUESTION _Sticky: How to Protect yourself from malware!

Re: QUESTION _Sticky:" How to Protect yourself from malware! "



jilter said:





In the below instructions, Is it necessary if I *NEVER* use IE, only Firefox?Click to expand...

Yes! Some applications will automatically launch IE sessions since that may be all the can use. Also you need to use IE to be able to get all of your Windows Updates. And some websites (just like some applications) do require IE.
 

1 more replies
Relevance 47.56%

Will Ad-Aware only detect the malware in its definitions during a scan, or does it also prevent it from being installed on your computer in the first place? What about A2? Many thanks. - Tye

Answer:Does Ad-Aware protect your computer from malware?

No on both counts. Try Spywareblaster click here

3 more replies
Relevance 47.56%

Hey!
I am a web designer and I just got permission to work from home for the next week. I am allowed to take my work laptop home for it. I would like some advice regarding the security concerns before I start the work.
I have heard about spyware and malware attacks that can cause severe loss of data. I don't want such things happening to me in my work system. As of now it's clean and no malicious files are present in the system. It's installed with Kaspersky Internet Security and ExpressVPN when connecting to the Internet. Will it help in protection from spyware and malware? I have seen articles mentioning not clicking on emails and installing antivirus softwares will help, but still I have heard a lot about such attacks. What else can I do to ensure nothing harmful will happen?
 

Answer:Will Kaspersky and VPN protect from malware attacks?

It being a work laptop, you shouldn't replace any of the pre-installed software, correct?
 

3 more replies
Relevance 47.56%

I have somehow acquired some malware titled system tool protect your pc. It comes up randomly, asks if I want to scan, says I have over 800 Infections, and constantly prompts me to sign up for it to erase my viruses. I know this is malware, and I aquired it after my Norton expired. How can I remove it? Thank you!

I am using a Hp Pavilion Vista.
 

Answer:System Tool Protect your pc (malware)

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.


After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using... Read more

1 more replies
Relevance 47.56%

Topic title pretty much says it all. How can i prevent hijacking of my browser or even worse my entire computer? Last night i made a stupid move and attempted to download something off Pirate Bay, i read the comments and it looked legit. Since i didn't have a software that downloads the torrent i clicked on whichever one Pirate Bay offered me. The software was successfully installed and was downloading the program but it froze the halfway and my google chrome completely stopped working, Later on i found out that Conduit is a malware that sometimes installs itself without the user's permission and takes over the browser. Now i'm paranoid about downloading anything. By the way i have a supposedly good anti-virus : Bitdefender for which i paid good money! Very disappointed that it pretty much welcomed the bad malware with open hands and allowed it install itself. 

Answer:How to protect your computer from malware like CONDUIT??

attempted to download something off Pirate Bay : < Anything off these Torrents sites is 50 to 90% infected and not usually legalWinPatrol Free is one of the better programs to warn you if there is going to be an attempt to change your Home Page. This may help after you do a full scan with your Antivirus -Please download AdwCleaner by Xplode onto your desktop.*Close all open programs and internet browsers.*Double click on adwcleaner.exe to run the tool.*Click on Delete.*Confirm each time with Ok.*Your computer will be rebooted automatically. A text file will open after the restart.*Please post the contents of that logfile with your next reply.*You can find the logfile at C:\AdwCleaner[S1].txt as well.  Thank You -  

1 more replies
Relevance 47.56%

Malware Protection is a rogue anti-virus application that runs a fake system scan and then concludes that your computer has a malware infection or serious security/privacy issues. To fix the malware infection you must pay a fee, about $50. The rogue program copies user interface elements from real programs and it looks like a legitimate application. Plenty of people shell out $50 to register this fraud and that's a big problem because if you're transacting with these guys online you're offering them your credit card details. Cyber criminals can later user that information to their benefit. You should protect yourself with common sense and legitimate anti-virus software because such fake anti-virus applications as Malware Protection now represent about 20% of all malware in circulation. If you made a mistake and purchased it, please contact your credit card company and dispute the charges. And if you still have this fake AV on your computer, please follow the removal instructions below to remove Malware Protection and related malware for free.

Manual Malware Protection removal instructions:

1. Right click on the "Malware Protection" icon, click Properties in the drop-down menu, then click the Shortcut tab.

The location of the malware is in the Target box.

NOTE: by default, Application Data folder is hidden. Malware files are hidden as well. To see hidden files and folders, please read Show Hidden Files and Folders in Windows.

Under the Hidden f... Read more

Answer:How to protect and clean your computer from malware

Is this a removal guide for this rogue or ?

 

1 more replies
Relevance 47.56%

If I visit a malware site with latest version of Firefox with the NoScript extension without allowing any scripts, whats the chance of me getting infected if I don't download anything?
 
Also, I hope this is the right place to post this.

Answer:Will using NoScript protect you from a malware site if..?

COPIED FROM NoScript:
The NoScript Firefox extension provides extra protection for Firefox, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank).
NoScript also provides the most powerful anti-XSS and anti-Clickjacking protection ever available in a browser.
NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not known yet!) with no loss of functionality...
You can enable JavaScript, Java and plugin execution for sites you trust with a simple left-click on the NoScript status bar icon (look at the picture), or using the contextual menu, for easier operation in popup statusbar-less windows.Watch the "Block scripts in Firefox" video by cnet.
 
If I were using Windows and could only have one security program/ add-on....it would be NoScript. I use it in Ubuntu, too.
There is a learning curve. It is not just install and forget. Install it and go to a popular site and then view all the scripts you never knew
were active on that site and are now blocked from running. You can click to allow just the site's scripting and still block all the others.
The ones that you want to play videos on will be one that you will spend the most time learning which script to allow only the videos to play.

11 more replies
Relevance 47.56%

I am getting three screens that come up when ever I try to do work on any program. (1) Windows Security alert (2) Spyware Protect 2009 alert (3) Spyware Alert

DDS (Ver_09-02-01.01) - NTFSx86
Run by Kim at 10:54:20.07 on Thu 02/19/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2430.1853 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)

============== Running Processes ===============

J:\WINDOWS\system32\Ati2evxx.exe
J:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
J:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
J:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
J:\WINDOWS\system32\Ati2evxx.exe
J:\WINDOWS\Explorer.EXE
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\McAfee.com\Agent\mcagent.exe
J:\WINDOWS\svcho.exe
J:\Program Files\AIM6\aim6.exe
J:\Program Files\Windows Live\Messenger\msnmsgr.exe
J:\Program Files\Messenger\msmsgs.exe
J:\WINDOWS\sysguard.exe
J:\Program Files\AIM6\aolsoftware.exe
J:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
j:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
j:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
J:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
J:\Program Files&... Read more

Answer:Spyware Protect 2009 malware

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

2 more replies
Relevance 47.56%

If you know about security in website and computer then tell me how to secure Website from Malware Attack. And what is the role of Google Webmaster in security purpose?
 

More replies
Relevance 47.56%

Microsoft said:

A view of the current landscape
Criminal attacks continue to evolve and malware has become their standard weapon against anyone who uses the Internet?on traditional form-factor devices, as well as on mobile devices like tablets and phones. Malware targets all operating systems and browsers, and in recent years, criminal attacks against applications have increased substantially.

Criminals also use social engineering to trick you into performing actions that put you at risk. An increasingly common social engineering strategy uses online advertising campaigns to lure you to a site that installs malware on your computer.

An economy has developed around building reliable vulnerability exploits, which criminals buy to help distribute their malware. Criminals make money from their malware, so they invest in ways to keep it alive such as producing a higher quantity of malware, updating it more frequently?e.g. multiples times each day?and increasing its size and complexity. Some malware is as complex as commercial applications.

Secure by design
We use the Security Development Lifecycle (SDL) to build Windows with the best security design, development and testing practices available. Some highlights include:
Threat modeling and security design reviews. During the design process we consider how criminals might seek to attack features and scenarios, and incorporate this analysis into our designs.
Writing secure code. Training and code quality tools help to pre... Read more

Answer:Windows 8 will better protect users from malware

Well its like malware writers would take time to discuss how they will bypass those features. Its like Windows 8 were built in security and could led to few vulnerability probably.
 

6 more replies
Relevance 47.56%

hello friends-i hope my title makes some sense. i wanted it to convey what i was asking about so people browsing could tell. cuz i couldn't find a question like mine.

i have a new hd completely installed and setup. my old hard drive is now the secondary master and although i still have the OS and programs installed, i never use it. lately i have been actively file-sharing via lime wire. i am behind a zone alarm firewall and running spyware blaster and AVG free. i also regularly scan with spybot S&D. i also scan each file with AVG b4 opening (thanks to majorgeeks for advising me on security)
however, i've been warned the limewire is notoriously risky as far as spyware etc. so my question is:

If i choose to open my secondary OS at start up, and browse and download these risky files to my secondary HD. will that protect my primary HD from infection?

if not, any other advice u have regarding the risks of file sharing are appreciated.

one thing i look out for is files that are too small to contain what they say they do. for example 100kb song files. i just dont download these.
 

Answer:2nd HD for dwnlds/protect primary from malware?

IMHO, I keep an operating system and a backup drive, without an operating system. Just put it on the same cable as primary slave. Frankly, if you are not dual booting 2 operating systems, theres no need to keep them both installed. That said, no any files on a second drive can, and probably will, affect the main drive, in your case, probably infect both drives. A drive formatted without an operating system for backup should be safe from virus and spyware infections, but can affect the other drive, in other words. Having that second drive is great for backups of important data in case of a need to format. I love having my spare drive. Your also correct about Limewire, but it is not specific to Limewire. Any file sharing application is a risk.

Did I answer what you needed?
 

2 more replies
Relevance 47.56%

Hello,I recently managed to aquire a virus that seems to have taken over my computer. There's a bar that appears right below the address bar for internet explorer telling me to download the latest antispyware to protect my computer. I cannot pull up my Task Manager, my computer prompts me that it has been disabled by my administrator. My desktop background has been changed to a message stating the computer has several fatal errors. and occasionally music will play at random that i've never heard before.here is my log:Deckard's System Scanner v20071014.68Run by Josh UWL on 2008-04-09 16:35:51Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --49: 2008-04-09 21:36:32 UTC - RP521 - Deckard's System Scanner Restore Point48: 2008-04-08 16:12:26 UTC - RP520 - Restore Operation47: 2008-04-08 16:08:59 UTC - RP519 - Last known good configuration46: 2008-04-08 16:08:42 UTC - RP518 - Restore Operation45: 2008-04-08 16:08:41 UTC - RP517 - Last known good configuration-- First Restore Point -- 1: 2008-04-08 16:08:11 UTC - RP473 - System CheckpointBacked up registry hives.Performed disk cleanup.Percentage of Memory in Use: 85% (more than 75%).Total Physical Memory: 447 MiB (512 MiB recommended).-- HijackThis Clone --------------------------------------------------... Read more

Answer:Protect.antivirus Malware Infection

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

10 more replies
Relevance 47.56%

Hello,
My son went to an untrusted site and the computer was infected with the conduit searchprotect.  I tried removing it with Eset Home Security.
 
However, my PC is still acting strange. I think the internet is a bit slower. As well, when I try to run some .exe files, such as Eset's ERARemover tool, windows gives me an error "this app can't run on your PC".  I have windows 8.1 64-bit and have tried both 32bit and 64bit programs.
 
I can't attach a DDS log because it's now win8.1 compatible.
 
thanks.

Answer:Conduit Search Protect and other malware?

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===These tools are compatible with your operating system.Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by click... Read more

8 more replies
Relevance 47.56%

Did you ever hired about MTR - Malware Thread Remover
Or some ?
It's local softwere for fix PC and defense against malicious software it s used in
3 -shools
10- small corps
And about 200 home ushers
I can find the website or there is none
I just meet that person his name is Peiet
And he is from I don't know where I didn't remember it I think Macedonia or bostna and Hercegovina
I am waiting for an email from him for giving me a demo of it .
If you know something more tell me !

Peace
 

Answer:MTR - Malware Thread Remover

h00lks said:


Did you ever hired about MTR - Malware Thread Remover
Or some ?
It's local softwere for fix PC and defense against malicious software it s used in
3 -shools
10- small corps
And about 200 home ushers
I can find the website or there is none
I just meet that person his name is Peiet
And he is from I don't know where I didn't remember it I think Macedonia or bostna and Hercegovina
I am waiting for an email from him for giving me a demo of it .
If you know something more tell me !

Peace Click to expand...

....You probably mean that this person is from Skopje or Bosnia and Herzegovina
Because it is impossible a person with the name Peiet to come from Macedonia, otherwise he would have Greek name..
 

5 more replies
Relevance 47.56%

Having hit an email virus on our laptop, I was desperately looking for expert advice on scanning and cleaning computers. Googling anything to do with malware will attract the bad guys as much as genuine help, so it was a difficult choice. After reading some review and forum posts I decided to put my trust in bleepingcomputer and signed up. I received great advice from Broni and hopefully now can enjoy a clean laptop again.
 
Coming back here to improve my knowledge on malware I browsed some forum topic and when opening "Attempted to run GMER..." a popup window appeared asking:
 
"Do you want to update your Adobe Reader?"
 
That looked very suspicious. This is new Win7 machine freshly built with only MSE, MBAM and SBIE installed. I was inside the Sandbox so killed everthing straight away.
 
Can this thread be compromised? is my brand new machine compromised or what else?
 

Answer:Malware on bleepingcomputer.com thread?

Hi -Any new computer that is just set up may not have all of the software updated. Please run this quick scan first ang we can see -It may, or may not give you a warning, but that only depends on your Security settings and programs. See my NOTES - It is 100% safe - Download Screen317Security Check from Here and save it to your Desktop.* Double-click SecurityCheck.exe* Follow the onscreen instructions inside of the black box.* A Notepad document should open automatically called checkup.txt;* Please Copy / Paste the contents of that document back here. NOTE 1. If one of your security applications (e.g., third-party firewall, etc) requests permission to allow DIG.EXE (or a similar file) access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me. Thank You -

4 more replies
Relevance 47.56%

Couldn't reply to my existing thread. here are the logs i was told to provide from AdwCleaner and FRST:

# AdwCleaner v5.008 - Logfile created 25/09/2015 at 11:45:47
# Updated 18/09/2015 by Xplode
# Database : 2015-09-23.1 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Chris - CHRIS-PC
# Running from : C:\Users\Chris\Downloads\AdwCleaner(1).exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[-] Folder Deleted : C:\Users\Chris\AppData\Local\Mobogenie
[-] Folder Deleted : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xampi2j7.default\StumbleUpon
[-] Folder Deleted : C:\Users\Chris\Documents\Mobogenie

***** [ Files ] *****

[-] File Deleted : C:\Users\Chris\daemonprocess.txt
[-] File Deleted : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\xampi2j7.default\sea... Read more

Answer:Malware help thread went inactive

and the Additional.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by Chris (2015-09-25 12:03:00)
Running from C:\Users\Chris\Downloads
Windows 10 Home (X64) (2015-07-30 22:50:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-802191358-1188049126-1924190515-500 - Administrator - Disabled)
ASPNET (S-1-5-21-802191358-1188049126-1924190515-1005 - Limited - Enabled)
Chris (S-1-5-21-802191358-1188049126-1924190515-1000 - Administrator - Enabled) => C:\Users\Chris
DefaultAccount (S-1-5-21-802191358-1188049126-1924190515-503 - Limited - Disabled)
Guest (S-1-5-21-802191358-1188049126-1924190515-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-802191358-1188049126-1924190515-1002 - Limited - Enabled)
Jeff (S-1-5-21-802191358-1188049126-1924190515-1006 - Limited - Enabled) => C:\Users\Jeff

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag coul... Read more

1 more replies
Relevance 47.56%

My computer is running sluggishly. I have installed Windows 10 (I believe about 3 weeks ago) which may be part of the issue. I also believe my computer may have been without virus protection for a couple days (subscription for Norton expired). When I try opening mozilla firefox, the browser freezes a lot and makes it difficult to perform simple tasks. My computer has a quad core processor, 16 gb ram, etc. so it should not be slowed down by menial tasks. Start up takes quite a bit longer than it previously did (maybe partially due to Windows 10 upgrade?).

Thank you in advance for your help!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10240.16412 BrowserJavaVersion: 11.45.2
Run by Chris at 18:37:06 on 2015-09-10
Microsoft Windows 10 Home 10.0.10240.0.1252.1.1033.18.8161.5456 [GMT -4:00]
.
AV: Norton 360 Premier *Enabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Ad-Aware Antivirus *Disabled/Outdated* {B0CC18C6-E527-6EE6-874C-9D19920E5619}
SP: Ad-Aware Antivirus *Disabled/Outdated* {0BADF922-C31D-6168-BDFC-A66BE9891CA4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Norton 360 Premier *Enabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Ad-Aware Firewall *Disabled* {88F799E3-AF48-6FBE-AC13-342C6CDD1162}
FW: Norton 360 Pre... Read more

Answer:Malware help thread went inactive

one other issue, my computer used to sleep after 30 minutes automatically, it will not do that since upgrading to Windows 10. This may be unrelated to the sluggishness, but wanted to add it just in case.

7 more replies
Relevance 47.56%

I started a thread and posted the scan results asked for and received a message that my post should be here. Here is the original thread (titled Windows Repair pre-repair log) with the scan results:

http://forums.majorgeeks.com/showthread.php?t=291340


I have since been able to download Malwarebytes by using Chameleon and ran it - it found no Malware.

I also didn't post the TDSS results as it also did not find anything. I have done nothing else or tried to fix anything per instructions.

Thanks for any help!
 

Answer:Malware help - moved thread

Your problems may not be due to malware, but I see some junk to cleanup so let's take care of this and see what happens.

Rerun Hitman Pro and the allow it to cleanup all the Malware remnants and Potential Unwanted Programs that it reported. Reboot immediately after.

After reboot please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Attach JRT.txt to your next message.

How is your PC working now?
 

8 more replies
Relevance 47.15%

How does comodo firewall protects against signed malware at cruelsister's settings? Also i can disable its processes via task manager. How its self protection?
I am going to use it on my system with cruelsister's settings but these issues are my main concern which do not let me believe in comodo's power.
So,help me out and give the required info.
Thanks.
 

More replies
Relevance 47.15%

I would really appreciate some assistance with "Internet secruity designed to portect" malware and/or virus.  I have attempted to remove this with no luck.  I did install and run Malware Bytes.  Initially it listed several virus which I removed.  However, I still have a problem.  Anytime I try to run/download anything it is blocked by this annoying virus.  What can I do? Any and all help would be greatly appreciated.

Answer:Internet Secruity Designed to Protect Malware Help Please

Hello, I moved you from WIN7 to the Am I Infected forum for now.
Please try following this GUIDE.

1 more replies
Relevance 47.15%

I finally found a fix to the malware the the Virus Protect Pro created and it cleaned out everything. The free software (to use and clean) is called Super AntiSpyware (that's quite some name) and you can download the free home version at http://www.superantispyware.com/superantispywarefreevspro.html
I'm going over there now to donate some money as it was my stupidity that had me lose about 6 hours trying to fix what I did. It's always nice to find a hero.

With blessings for a great day.
K
 

More replies
Relevance 47.15%

My computer is infected with a malware program called "Spyware Protect 2009" how do I get rid of it? I followed instructions and have copied DDS and Attach files below. popup windows keep appearing saying my computer is infected with a virus and I need to install their software.
DDS (Ver_09-03-16.01) - NTFSx86
Run by John Schlatterer at 2:44:20.15 on Mon 03/16/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.96 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files&... Read more

Answer:remove malware, Spyware Protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any scri... Read more

2 more replies
Relevance 47.15%

Hi Folks, Yes I've got the privacy protection Malware, currently running windows XP on a dell laptop and I cannot start up in the safe mode, no Internet start up or execution of any programs allowed. Looks like I can strip documents & information off but thats about it. Can anyone share my options to cure this problem?

Thanks in advance - L

Answer:OK I've got the Privacy protect malware & no safe mode

Hello LarsLind,I moved this to Am I Infected.For the connection try these...Please click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.Now check if the internet is working again.ORGo to Start ... Run and type in cmdA dos Window will appear.Type in the dos window: netsh winsock resetClick on the enter key.Reboot your system to complete the process..Please follow our Removal Guide here Remove Privacy Protection (Uninstall Guide) .After reading how the malware is misleading you ...You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Also the other tool log.. A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.

1 more replies
Relevance 47.15%

> I am using sify ISP with limited data tarnsfer package.
>My ISP is showing that i have downloaded 1200 MB which is not true.
>I did'nt turned on the PC on the date prescribed by ISP but it showing i have downloaded 1200 MB and has cut down 20 valid days
>I think some one has hacked my system.
So i am requesting you to tell the best way to protect my system from malware and internet
Thanks in advace.
 

Answer:Best way and best software to protect my system from malware and Internet?

Security is a wide topic. If you browse aound on this forum, you will find recomendations on Anti Virus and Anti Spyware and Firewalls.
If you have Windows XP Professional, MS published an XP Security Guide v2 and tells you how to harden XP Pro. It is available here:

http://www.microsoft.com/technet/security/prodtech/windowsxp/secwinxp/default.mspx#ETE

If you have Vista, there is a Vista version of the Security Guide:

http://www.microsoft.com/downloads/...ed-7f35-4e72-bfb5-b84a526c1565&displaylang=en

Hardening an OS gives the attacker a smaller attack surface by disabling unnecessary features. XP after a fresh install is quite bloated and has a lot of places for an attacker to poke at.

Also you should consider running it daily using a limited user account, as that prevents some malware from working and prevents malware from making system wide changes. In the Unix world, nobody runs a machine daily using the admin account. MS acknowledges that and has made UAC for Vista to achieve the same end.

Here's more details about that:
http://www.mechbgon.com/build/security2.html

Also along the lines of protection and prevention, use Mcafee's Site Advisor, available here:

http://www.siteadvisor.com/

It places a site rating besides every google result and tells you about malware infested sites before you go clicking on them and instantly infecting your machine.
 

3 more replies
Relevance 47.15%

Hello. My kid's PC -- an HP (Model M7567C, with 2, 260 GB hard disks and 2 GB RAM) is infected by "Spyware Protect 2009" malware. The malware repeatedly displays at least 3 different pop-ups saying there's a spyware infection and offers to sell a fix; the program also prevents Explorer from working properly. There are no obvious programs/processes to shut down from the control panel. The machine has Zone Alarm Security Suite installed - I'm not sure if my kids ignored a warning or if the software mistakenly let something in. Zone Alarm technical support said to try running Malwarebytes' Anti-Malware automated removal tool, but the program doesn't seem to run (nothing happens after the program is downloaded and launched). I tried running Zone Alarm virus and spyware scans, but the program runs slowly and eventually hangs (I think I ran the Zone Alarm scan in the Windows Safe mode). I can boot the PC in Windows Safe mode, but unfortunately there is no useful restore point. I can boot the PC in the normal Windows mode but it takes 2 or 3 cold starts. I can use Microsoft Explorer (through a wireless LAN connection), but in the normal Windows mode Spyware keeps hi-jacking Explorer and displaying its rouge messages.

Before I give up and reformat the hard disk and re-imaging the disk from the backup system disks, I would like to try a less time consuming solution. Any suggestions are welcome! Thanks!

I ran the DSS scan as instructed. Here are the res... Read more

Answer:"Spyware Protect 2009" malware problem

I wanted to add some new information to my original posting that seems to be related to my problem.

When my spyware infected PC boots, I get the following messages:

"The application or DLL c:\windows\system32\digeste.dll is not a valid windows image."

"View Manager has encountered a problem and needs to close."

"Error loading c:\windows\griwapaxim.dll. The specified module could not be found."

I noticed that there was a Windows update available today (the February update of Microsoft's anti-spyware program). I installed this application; after this, Zone Alarm Suite was then able to run (up to now, it just hung up), and 2 items were quarintined: WIN32.SYSGUARD adn WIN32.TROJAN.FAKEALERT.IEH

However, there are still problems with my PC. I still can't get Malwarebytes' program to run, even when I rename the *.exe file to *.bat. It seems like whatever is still injecting my PC interferes with any anti-spyware/malware program from running properly and interferes with the operation of Explorer.

Thanks.

4 more replies
Relevance 47.15%

Hi everyone,
I want to tell my story about protection of ESS on my computer. Today, when my friend plug in his USB into my computer, I noticed that his USB shows only 1 USB shorcut in explorer. Before, my previous machine is infected by this malware type (malware creates USB shorcut) so I have experience with it. And when he plug his USB in, I run ESS Smart Scan but it found nothing. This afternoon, when I plug my USB in my machine, I saw that all things in my USB turn into 1 USB shorcut, I run Smart Scan again with my USB and found nothing, too (I also run a scan by Zemana AntiMalware, and it found nothing, too). After that, I installed MCShield AntiMalware Tool, and scan my USB with it. Magically, It found .ink malware in my USB and cleaned it sucessfully! This is screenshot about log of MCShield:

And now, I'm very disapointed with my ESET . It makes me got infected easily! . How do you think about my problem, please share with me.
 

Answer:ESET Smart Security can't protect me from .lnk malware

ESET protects against malware coming from USB devices.
Probably did not recognize the malware that caused the problem.
You have done well to use McShield.
 

71 more replies
Relevance 47.15%

To start let me thank you for putting all these great programs in one easy to download area! Just following this guide has cleaned out several items from my supposedly secure system.

I did find one broken link however and got lost going through the giant comodo forum trying to find another thread with a similar ease of use allure.

This one: Configuring CIS for Maximum Security with ZERO Alerts for Novices

If you could give me an updated link it would be much appreciated.
 

Answer:Broken link in: Sticky How to Protect yourself from malware!

Thank you for bringing it to our attention. We will see what can be done to fix that issue.
 

2 more replies
Relevance 47.15%

> I am  using sify ISP with limited data tarnsfer package.>My ISP is showing that i have downloaded 1200 MB which is not true.>I did'nt turned  on the PC on the date prescribed by ISP but it showing i have downloaded 1200 MB and has cut down 20 valid days>I think some one has hacked my system.So i am requesting you to tell the best way to protect my system from malware and internetThanks in advace.

Answer:Best way and best software to protect my system from malware and Internet?

Before anyone tells you that,   it may be that someone connected to your internet connection, via wireless?How are you connected to the internet?Because if your computer was off on those dates, even if a hacker got into the system the computer needs a physical connection to the internet, while the computer is off, there is no way of obtaining an internet connection.

3 more replies
Relevance 46.74%

Hi Guys

Great site thanks up front for any help.

Problems aren't that major i don't think. I have run all the malware removal stuff and got all the logs sorted and attached as per instructions.

I have only ran the scan for Rougekillers and not 'fixed' anything yet. There were a few issues on there as you will see. I didn't really have any major problems i don't think, i have just followed the advice of a friend to run your protocol.

I think my main problems are

1. I only have about 8 GB of space left on my hardrive (have one coming but went to wrong abode and is list in post somewhere)

2. I was running Spybot search and destroy which i think was slowing things down a little seems to be a bit better since i removed it???

3. I have foolishly managed to download a "Globasearch" addon or whatever it is, a quick search didn't reveal a resolution to this one. I've had stuff like this before but figured i'd follow the instructions of the experts.

So my guess is i run Rougekiller again and fix problems as there aren't any major threats on my system. I hope anyway.

Then go and have a proper look to get rid of the globasearch BS.

Any further direction you can provide from looking at the logs or to help clean my system and remove the globasearch will be gratefully received my knowledge is certainly limited.

Peace

Don
 

Answer:malware thread followed logs attached

Rerun RogueKiller and have it remove these items:

Code:
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : [URL]http://www.globasearch.com/?serie=32[/URL] -> Found
Now Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globasearch.com/?serie=32
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)Click to expand...

After clicking Fix, exit HJT.

Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.




REGEDIT4
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
Click to expand...

Make sure that you tell me if you receive a success message about adding the above
to the registry... Read more

9 more replies
Relevance 46.74%

applications closing by themselves? Help please

Hi there, Firstly Hi, I hope that I am posting in the correct forum!
I am fairly hopeless when it comes to computers and I have been having this problem for sometime...it originally started when I was using internet explorer, I now use Firefox and it didnt happen for a couple of months but has started again and now happens whilst I am in other programs such as word, or window explorer or anything really...

this is what happens..... everything goes crazy, it is like the mouse has had an attack and randomly starts opening and closing programmes and prompting me and beeping and acting as if I have clicked a million things (which I havent)
It is very hard to explain... we have tried nearly every free virus checker under the sun. Spyware, and malware detectors.. and then yesterday I found your site. I found a thread which took me through all the scans I need to do to get your advice.
I have followed the instructions to the best of my ability. I have copies of the logs from counterspy, bitdefender, but I was unable to get a report from the panda activescan although it said I had one spyware. It only gave me an option to buy the program not to print a report..so I dont have a report for that one.
Anyway here are all the things I have collected....
counterspy.txt
bdscan.txt
runkeys.txt

and I will repost on this thread to add the other two
thanks
sammi
 

Answer:question re: malware removal thread..

Re: applications closing by themselves? Help please

here are the other logs..


I hope I have done everything correctly I was petrified the entire time. lol

I would appreciate any help that you may be able to give me...

ps. my computer is very very old but cannot afford to upgrade at the moment.

If you need any other information I will be happy to try and supply it.

thank you very very much in advance
cheers
sammi:wave
 

16 more replies
Relevance 46.74%

Hello. I was trying to figure out what the average waiting time usually is for malware clean-up and if it is possible for a thread to accidentally be forgotten. I have no way to message the person who initially said they would get back to me with directions seeing as how I do not have 50 posts.

I posted my logs on the 4th, and dr.moriarty said they would get back to me with some directions on the 6th. It's now the 9th and I'm starting to wonder if they forgot about me! Most threads I look at on there seem to have directions after about 2-3 days. I'm working on the 5th day now. I realize it's free and so I have certainly been being patient as I realize it's pure volunteerism. It just sucks because I have to give back the computer to the owner with it still freezing as mentioned in the thread http://forums.majorgeeks.com/showthread.php?t=204800. I have no further ideas on how to proceed with it!

I did not know where else to post this so hopefully this gets to the right channels!

Thank you.
 

Answer:Question about thread in malware clean-up

Yes for some threads this can be normal time frame. Just wait little longer.. someone will see this new thread you made (here) anyways. They do work in order like they said and bumping threads can cost you more time.
 

5 more replies
Relevance 46.74%

Hi

Here is the First Info about Malwarebytes Anti-Malware 2.1

https://forums.malwarebytes.org/index.php?/topic/161112-ui-changes-for-malwarebytes-21/

With Best Regards
Mops21
 

Answer:Malwarebytes Anti-Malware 2.1 Thread

Smileybytes Anti-Sadness. lol

Wonder if the scan will take long hours to complete since from what I have read that was one of the major disappointments for some users(Personally I don't have a major problem with it)
1.75 - Quick scan: 5-10 minutes
2.00 - Threat scan: 2 hours or more
 

3 more replies
Relevance 46.74%

I had gone thru a malware removal thread thaqt required me to install about 5 programs, rum them, and post the logs.

This thread is gone!!!!!

The malware removal thread that is stickied, only has u run CC CLeaner. The previous thread had that as the 1st step, then u had u do others, (one required you to download the program directly to C drive, and installing it from there).


HELP!!!!!!!!!
 

Answer:Malware removal thread is missing!!!!!!

found it! whew....
 

2 more replies
Relevance 46.74%

Hello, I am a new member and I found you through a google search and noticed that you had help for "System Alert" Malware Threats" please help me as I can't get that annoying baloon popup to go away. I followed your instructions to hijack with trend micro and here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:39:07 PM, on 7/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.e... Read more

Answer:HELP Malware Threats LOG INCLUDED in this thread

6 more replies
Relevance 46.74%

ran DDS wil post DDS.txt along with other instructions from referral (gmer etc) but can't get attach.txt file to show up on notepad.

But, making progress and it is much appreciated!

Answer:Referral from XP thread - Malware Removal

As mentioned above, couldnt get/see the attach.txt file from DDS. Here are the DDS.txt and Gmer files and the answer regarding cd boot disk

Issue started as repeating boot loop, got past that through use of boot cd but was unable to run and .exe files. I fixed that using xp_exe_fix but still can't access IE or other files. I tried a regedit fix recommended by a contact but that proved to be too confusing, concerned I may have hurt more than helped with that effort.

1. DDS

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_21
Run by HP Owner at 20:38:04 on 2012-01-23
.
============== Running Processes ===============
.
\??\C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
\??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\ctfmon.exe
E:\dds.scr
C:\WIN... Read more

2 more replies
Relevance 46.74%

Hello,
Would someone kindly review my Log Files. HostGator had sent me this majorgeeks malware removal link. I completed all the steps and would like to know if I'm at risk.
Much gratitude for such a thorough Malware post. It was very well laid out easy to follow!
Warm Regards,
Paul
 

Answer:Malware Log Review removal thread

Re-run Hitman and have it fix what it found. Then rescan with Hitman and attach the log. Be sure to tell me what issues you are having, if any.
 

3 more replies
Relevance 46.74%

I am trying to clean up my husbands Windows 8 PC for the installation of Windows 10. Only problem is he has so much crap on his PC I can not even open Major Geeks website to Download the tools to fix it. My question is....Can I download the tools to a zip from my PC and move them and run them on his pc to hopefully fix it that way? I have to do something cause I went to the MG's site and I had to repeatedly close ad after ad after ad and I have literally waited for 10 mins and the page still has not loaded. So the only thing I can think of is to download from here and move them to his.
 

Answer:A quick question about doing the Malware thread...

Yes, you can download to a flash drive and move the tools to the infected machine.
You may have to run them in safe mode.
 

25 more replies
Relevance 46.74%

Hello

I was requested to get a MALWARE check from here.

Reason for MALWARE help:

1. Netbook screen abrupty goes blank (HDD lights are OFF, Wi-fi/Power lights are ON)
2. Error in Event Viewer (seen in log! I don't have a CD drive!)
3. Rather slow startup (very few startup items)
4. MSE after scanning "ddr.scr" stopped. But, okay after re-enabling it.

System Configuration:

Brand & Model: Acer Aspire One AO751

Motherboard:

Motherboard Chipset: Intel
BIOS Type: Phoenix (05/12/09)
Manufacturer: Acer
Model: JV11-ML (U3E1)

Processor: Intel Atom Z520 @ 1.33GHz Silverrthorne 45nm Technology

Graphics:

Generic PnP Monitor ([email protected])
Intel(R) Graphics Media Accelerator 500

RAM: 2.0GB

Hard Drives: 156GB Seagate ST9160310AS ATA Device (SATA)

Audio: Realtek High Definition Audio

Operating System:

OS Shipped: Windows XP Home Edition SP3 x86
OS Upgrade: Windows 7 Home Basic SP1 x86

PSU:

Input: 100-240V-1A
Output: 19V-1.58A 30W

My DDS scan report is posted below:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Sheela Shaji at 7:27:33 on 2012-05-23
Microsoft Windows 7 Home Basic 6.1.7601.1.1252.1.1033.18.2038.1070 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Di... Read more

Answer:[SOLVED] MALWARE request from thread

Hello Babbzzz,

How was Comodo installed - I'm not seeing it in your installed programs list. Also, I'm seeing the full COMODO Internet Security in the logs. This could very well be in conflict with Microsoft Security Essentials.

10 more replies
Relevance 46.74%

Hello,

TimW states:
Your logs are clean.....You may just be having problems with your NIC card. I suggest you post back in either networking or software.

You need to run McAfee Removal Tool.
Then install a firewall from the below link...
------------------

I'm assuming "MCPR.exe" is a file already on my PC for I can't access the Internet. I'll look it up at home since I have to use someone else PC.
Will be back in touch. Thanks.:confused
 

Answer:Exposed - Responce from malware thread

I gave you a link to the Mcafee removal tool. You will need to download it ( to a different computer and transfer to the other.)

Go to start / run / type "cmd" without quotes and when the command prompt come up, type:
ipconfig /all

Note the space and then tell us what it reports.
 

5 more replies
Relevance 46.74%

  
Quote: Originally Posted by richc46


... Download MSE, Microsoft Security Essentials for anti virus and use that in conjunction with malwebytes to avoid future problems


Hey Rich, nothing personal so I hope you don't take that way. But, the continuing MSE recommendations here are not well serving the OP and beginning to border on nonsense! Sure it's a good Free-ware alternative but hardly a complete solution that in my mine doesn't deserve all the Kudos it receives here. Again IMO.

Everyone is looking for free, but the are many outstanding "complete solutions" that include (antivirus -malware - spyware -spam) that are extremely economical, like $30.00 to $40.00 annually...

At this price point why would anyone want to load multiple apps that need to be run manually just to save $30.00? I don't get it...

Didn't mean to highjack the thread, so carry on and flame away if necessary.

Regards-

Answer:The off Topic Anti-Malware Thread ;)

  
Quote: Originally Posted by win7clutz









  
Quote: Originally Posted by richc46


... Download MSE, Microsoft Security Essentials for anti virus and use that in conjunction with malwebytes to avoid future problems


Hey Rich, nothing personal so I hope you don't take that way. But, the continuing MSE recommendations here are not well serving the OP and beginning to border on nonsense! Sure it's a good Free-ware alternative but hardly a complete solution that in my mine doesn't deserve all the Kudos it receives here. Again IMO.

Everyone is looking for free, but the are many outstanding "complete solutions" that include (antivirus -malware - spyware -spam) that are extremely economical, like $30.00 to $40.00 annually...

At this price point why would anyone want to load multiple apps that need to be run manually just to save $30.00? I don't get it...

Didn't mean to highjack the thread, so carry on and flame away if necessary.

Regards-


No offense taken, but each member is free to share his or her opinion. Mine is shared by many at this forum. The OP, of course is free to choose mine or yours.

9 more replies
Relevance 46.74%

Hi, I've been having a problem with iexplore.exe running and playing audio ads in the background. I started to follow the read and run me first thread, but after running the program to disable cd emulation when my computer restarted it now crashes to Bsod after the user log in. This happens with both normal and safe mode.

The error code is 0x0000007e (0xc0000005, 0xe2084430, 0xb4c07c70, 0xb4c0796c)

Any help would be appretiated.
 

Answer:BSOD after following read and run malware thread

Hmm, how long does Windows stay up before crashing?
 

49 more replies
Relevance 46.74%

Hey guys, I am sure you can relate to my current woes here. I have a family member who is just always getting malware on their computer. Getting tired of cleaning it up so frequently and I wanted to ask you guys what you do. Personall I install Chrome and MSE, and set MSE to a Full Scan once a week with real time monitoring. I also preach safe web surfing, but honestly, it's like telling a Crack Head that crack kills.

So what do you guys do to try to ease the pain of fixing a family members computer?
 

Answer:How do you Setup your family members computer to protect from malware?

They now have Macs
 

46 more replies
Relevance 46.74%

I've been using AVG, and have bought the full version, yet was confused with what I had to do.  Can anyone tell me which product is user friendly, yet a good system choice.  Thanks,
Would be appreciated. 
 

Answer:What is a good product to buy to protect and remove virus, malware etc...

My personal choice is ESET NOD32 Anti-Virus if choosing a paid for program as it leaves a small footprint...meaning it is not intrusive and does not utilize a lot of system resources. Kaspersky Anti-Virus is also a good choice if looking for a paid for program. If you don't want to pay then I recommend avast! Free Antivirus.For more specific information to consider, please read:Choosing an Anti-Virus ProgramSANS Institute Choosing Your Anti-virus SoftwareImportant Fact: It has been proven time and again that the user is a more substantial factor in security than the architecture of the operating system or installed protection software. Therefore, security begins with personal responsibility and following Best Practices for Safe Computing.

6 more replies
Relevance 46.74%

I have recently been infected with a fileless malware. I have run a scan with ksc and it reported some memory detection. So,i run a scan with fully updated avast free and emsisoft eek but they didn't find anything. Finally, i have to scan with zemana and only after it detected and removed a fileless malware,ksc was able to give my system a clean sheet. Does kaspersky and zemana the only one to protect against such attacks? I need a free tool to protect my system against such attacks. The detection by zemana was "trojan poweliks: fileless malware". I don't need any whitelisting software and i also sincerely think that even they cannot counter such attacks.
 

Answer:Do you know any free software to protect against fileless malware attacks?

avast and bitdefender free are both goof
 

23 more replies
Relevance 46.74%

Hi, i'm having a problem with my web browser since using the malwarebytes anti-malware scan. Before I ran the scan and removed the infections it found, I was able to open webpages and go to sites although when i would try to search it would redirect the page. After I ran the scan and deleted the infections, I tried to open a webpage and it said it couldn't display it although I was connected to the internet. One of the things the scan found said "adware.mywebsearch" I would assume that was the reason it was redirecting the page. As of right now, I have done a system restore to a point before i removed the infections so i could display a webpage to get help. If someone can please help me, I would be very grateful.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Leslie at 14:54:14.01 on Wed 05/06/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.496 [GMT -4:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEn... Read more

Answer:malware agents/koobface,spyware protect removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Relevance 46.33%

Hello,

We've just released a new beta of Emsisoft Anti-Malware & Emsisoft Internet Security 2017.9.0.8006 ? with BETA updates enabled:

This update will require an application restart.

Please note that Emsisoft Internet Security will automatically migrate to Emsisoft Anti-Malware. This cannot be reversed. Please don?t switch to Stable update feed after the update. Emsisoft Internet Security licenses will be extended on Oct 2nd, 2017, as announced.
Improved: Connection with Emsisoft Enterprise Console from client side. Available at Settings -> License.
Improved: Migration procedure from Emsisoft Internet Security to Emsisoft Anti-Malware.
Click to expand...

Beta Thread

Dedicated Thread
 

More replies
Relevance 46.33%

i had a few error windows that kept coming up over and over that said something about sysvsd.exe and NTVDM error.  my computer's been running pretty slow for a while.  when i control/alt/deleted i found a two processes, both called ntvdm.exe, that were eating up all of my memory usage, so i ended them.  the next day they were back and running again, even though i never powered down my computer.  i went through the "read this before requesting malware removal" thread, and followed all the instructions, and as of yet have not seen any error windows, nor ntvdm.exe running in the processes list.  so that's a good sign.  i'm including in this post the logs from malwarebyte's anti-malware and hijackthis.  the anti-malware found a file called sysvxd and several other things, which it removed.  i'm not posting the superantispyware log because there wasn't one.  nothing came up in that search.  if i have any more problems, i'll be sure to comment, but either way, i would love feedback from someone who knows what to look for in the hijackthis log.  thank you!anti-malware log:Malwarebytes' Anti-Malware 1.34Database version: 1849Windows 5.1.2600 Service Pack 33/14/2009 9:53:17 PMmbam-log-2009-03-14 (21-53-17).txtScan type: Quick ScanObjects scanned: 86010Time elapsed: 15 minute(s), 3 second(s)Memory Processes Infected: 1Memory Modules Infected: 0Registry Keys Infected: 0Registry Value... Read more

Answer:followed the instructions on malware thread. have logs. waiting for help

Download ComboFix? by sUBs from one of the below links. Be sure top save it to the Desktop.Link #1Link #2**Note:  It is important that it is saved directly to your DesktopClose any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts.When finished ComboFix will produce a log for you.Post the ComboFix log in your next reply.Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.If you have problems with ComboFix usage, see How to use ComboFix

14 more replies
Relevance 46.33%

Previous topic that was closed located here: http://www.bleepingcomputer.com/forums/t/293047/dns-changer-trojan/ This topic in response to the instructions in that topic. ~ OBHi there,Thanks so much for your advice, sorry it took me so long to do it, I'm a teacher so always so busy. Below is a copy of the log you requested in step 2 after combofix scan had run. i have not completed step 2 yet but will do this straight away after this.Thanks again ComboFix 10-02-11.04 - Laura 12/02/2010 16:51:29.2.1 - x86Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.1015.275 [GMT 0:00]Running from: c:\users\Laura\Desktop\quackduck.exeAV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}.((((((((((((((((((((((((( Files Created from 2010-01-12 to 2010-02-12 ))))))))))))))))))))))))))))))).2010-02-12 17:08 . 2010-02-12 17:09 -------- d-----w- c:\users\Laura\AppData\Local\temp2010-02-12 17:08 . 2010-02-12 17:08 -------- d-----w- c:\users\Public\AppData\Local\temp2010-02-12 17:08 . 2010-02-12 17:08 -------- d-----w- c:\users\Default\AppData\Local\temp2010-02-12 11:43 . 2010-02-12 11:43 -------- d-----w- c:\programdata\SITEguard2010-02-12 11:40 . 2010-02-12 11:40 -------- d-----w- c:\program files\STOPzilla!2010-02-12 11:40 . 2010-02-12 11:40 -------- d-----w- c:\program files\Common Files\iS32010-02-12 11:40 . 2010-02-12 17:09 -------... Read more

Answer:trojan/spyware/malware removal - new thread

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

2 more replies
Relevance 46.33%

The Trovi malware has invaded my Windows 7 netbook. I read the Trovi Malware Thread from July 2014 and am following the tips from Machiavelli_G2G, so hopefully he (or someone at his same level) can view this post and help me. The following is the OTL Scan from my computer:

OTL logfile created on: 2/3/2015 10:50:28 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thomas Kaufmann\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.73 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 68.23% Memory free
3.70 Gb Paging File | 2.46 Gb Available in Paging File | 66.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.99 Gb Total Space | 208.10 Gb Free Space | 73.02% Space Free | Partition Type: NTFS

Computer Name: ROMAN | User Name: Thomas Kaufmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/02/03 22:26:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas Kaufmann\Downloads\OTL.exe
PRC - [2014/12/18 17:23:51 | 001,676,344 | ---- | M... Read more

Answer:TROVI Malware (using Thread from July 2014)

16 more replies
Relevance 46.33%

Hello,

I had previously posted a thread about some problems, but didn't receive a reply, so the moderator/analyst amateur removed it for me (THANK YOU!!!) so I could start again (i uninstalled everything and started over) & run new logs.

I previously was able to run almost all 5 steps. I couldn't download spyware blaster last time, could only run it from a flash drive. This time, I can't even do that. Any program or word or file containing the word "spyware" shuts down as soon as you attempt to access it, including browser windows. I also updated everything for XP except SP3. Is that advised? It failed last time, repeatedly, so I didn't try this time.

And this time when I ran Deckard there was no file anywhere called extra.txt that I attached previously to my old thread.

I found the bugs screensaver, but have not been able to find the virus/malware, whichever is causing all the problems: we have a blue screen, disabled display settings (no desktop or screensaver tabs) on all XP administrator accts and at times, military time is showing.

Other problems: upon restart my own acct (no blue screen yet on mine), was completely disabled, said it was in use by another process, and when it let me in, it was a fresh new XP acct, all my settings gone. I was able to get it back after logging on & off a couple times. Something is also trying to install unknown hardware. I've refused.

I hope this is specific enough. I am posting the one log I was able ... Read more

Answer:2nd thread, malware: blue screen, bugs &amp;amp; more

Hi,

The extra.txt is only produced the first time when DSS is run as default. For now, we'll begin with the Combofix and we can get the extra.txt later.

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.When finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

19 more replies
Relevance 46.33%

Hi Guys,

First I want to thank all of you for helping me in the past. I've implemented lots of basic computer safety features that you all have suggested except for being on a restricted account. I will take this seriously from now on and will look through the updated procedures for what I should be doing to stay safe.

Would you all please take a look at my logs and the following screenshots?

Screenshots:

https://gyazo.com/e526870e5999e5c9da6c72037c9feb08
https://gyazo.com/bf4df7cd7c78a9da1bfff09a263398b0
https://gyazo.com/cba84f0c8c2d0069a481bac7031a6098
https://gyazo.com/9778fdfe50edf0bea07b90fd7c9b4582
https://gyazo.com/94e770c4dc5f6c88f1af18bd37cd4e32

The final screenshot shows a txt log, which has text saying "Polled" in it with dates and times. Strange to say the least. Then again, I don't know much about software or why it would be there. The other screenshots show that Malware Bytes was hung up on a thread. It literally stopped executing so there is something preventing it from working.

Here is the original post I made in the other section of the forum:

http://forums.majorgeeks.com/index....om-skype-queued-download.316208/#post-1990013

Problems:

1. Flashplayer.hta file tried to drive by download
2. Router may have been breach/pwnd
3. May have viruses

Solutions I would like:

1. "Hardened" windows 10 OS
2. "Hardened" router because of said issues
3. Reliable VPN
4. Scan and clean cellphones
5. Remove Skype, EverNote, an... Read more

Answer:Followup To Malware Post In Non-specialist Thread

Rerun RogueKiller and have it remove these items:

Registry : 3
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8FA5A8E8-F435-411F-9902-2086A00AD3A5} : v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\remmi\AppData\Local\Temp\7zS4E6E\setup\hpznui40.exe|Name=hpznui40.exe|Desc=C:\Users\remmi\AppData\Local\Temp\7zS4E6E\setup\hpznui40.exe| [x] -> Found

Files : 1
[File.Forged][File] C:\Windows\System32\drivers\agilevpn.sys -> Found

Reboot and rescan with RogueKiller and attach the new log.
 

8 more replies
Relevance 46.33%

Anti-Malware:

A Squared Free- A squared, A very powerful Malware-removal tool, provides full-sytem scans for free. Detects most malware infections.

Ewido Security Suite- Ewido Security Suite, another very powerful tool, alot like A squared, also provides free full-system scans. Detects most malware infections.

Anti-Trojan:

TrojanHunter- Brand new anti-trojan, considered most-powerful trojan-remover on the market.

Trojan remover- Trojan Remover was written to aid in the removal of Trojan Horses from a computer where standard anti-virus software has either failed to detect the Trojan Horse or is unable to effectively eliminate it.

Anti-Spyware:

SpyBot- Search and Destroy- A very commonly used spyware-removal tool, no need to spend big bucks on expensive spyware-removal tools, just download SpyBot- Search and Destroy!

Ad-aware SE personal- Another Anti-spyware tool, works well with SpyBot, searches for and removes many different types of Spyware.

Microsoft Anti-Spyware- Spyware-removal tool by Microsoft.

Anti-Virus:

AVG Free Edition- A free real-time protection tool from Grisoft, very recommended Anti-Virus tool.

Avast!- Another Anti-Virus tool, I use it myself.

AntiVir PE Classic- Free anti-virus, well-known, commonly used, what more could you ask for?

WinPatrol- with Scotty the Windows Watch Dog will sniff out Worms, Adware, Spyware, Cookies, Trojan horses and other virus type, malicious, nasty programs that may attack your computer. WinPatrol puts you back in c... Read more

Answer:RheTrOs Anti-Malware Tools Thread

14 more replies
Relevance 46.33%

Hi

This is a repost of another thread which i replied to with an update and therefore caused it to be overlooked, can the other one please be closed?

"Extremely slow laptop - freezing and unable to download/save documents"


My laptop has been running extremely slowly lately. I have cleared out old programs and also Norton (which i couldnt get to run or update) and Firefox amongst others

It starts up ok, but if i am online or running a program it starts to run extremely slow or freezes altogether. I have been unable to run norton antivirus or superantispyware without the machine turninng off, even during safe mode.

I have run the first steps but GMER freezes and i have been unable to save the file log. I have run it 3 times, during the second attempt, the machine shut down with a BSOD (not had this problem previously) I havent been able to save the text document reports from any of the programs - i recieve an error message that there isnt sufficient memory.

The DDS log is below. I cant upload the ATTACH file here as it is already on the other thread, can you download it from there? If not, please let me know and ill upload it here too if i can


DDS (Ver_09-12-01.01) - NTFSx86
Run by Mikey at 23:16:03.94 on 15/12/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.2814.1997 [GMT 0:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1A... Read more

More replies
Relevance 46.33%

As per instruction from Jacee

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:59:44, on 18/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\hp\support\hpsysdrv .exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\spool\drivers\w32x86\3\printray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\System32\rundll32.exe
C:\Users\Steve\AppData\Local\Plaxo\2.13.1.2\PlaxoHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Users\Steve\AppData\Local\Plaxo\2.13.1.2\PlaxoHelper .exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Progr... Read more

Answer:Reply to thread 'Win32/Fotomoto malware'

Download SDFix from here and save it to your desktop.


Please then reboot your computer in Safe Mode by doing the following :
Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.

It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.

Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.

Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).

Finally paste the contents of the Report.txt back on the forum.


=========================================


Download Combofix from any of the links below, and save it to your desktop. For information regarding this d... Read more

14 more replies
Relevance 46.33%

Anti-Malware: A Squared Free- A squared, A very powerful Malware-removal tool, provides full-sytem scans for free. Detects most malware infections.Ewido Security Suite- Ewido Security Suite, another very powerful tool, alot like A squared, also provides free full-system scans. Detects most malware infections.Anti-Trojan:TrojanHunter- Brand new anti-trojan, considered most-powerful trojan-remover on the market.Trojan remover- Trojan Remover was written to aid in the removal of Trojan Horses from a computer where standard anti-virus software has either failed to detect the Trojan Horse or is unable to effectively eliminate it.Anti-Spyware:SpyBot- Search and Destroy- A very commonly used spyware-removal tool, no need to spend big bucks on expensive spyware-removal tools, just download SpyBot- Search and Destroy!Ad-aware SE personal- Another Anti-spyware tool, works well with SpyBot, searches for and removes many different types of Spyware.Microsoft Anti-Spyware- Spyware-removal tool by Microsoft.Anti-Virus:AVG Free Edition- A free real-time protection tool from Grisoft, very recommended Anti-Virus tool.Avast!- Another Anti-Virus tool, I use it myself.AntiVir PE Classic- Free anti-virus, well-known, commonly used, what more could you ask for?WinPatrol- with Scotty the Windows Watch Dog will sniff out Worms, Adware, Spyware, Cookies, Trojan horses and other virus type, malicious, nasty programs that may attack your computer. WinPatrol puts you back in control of your compu... Read more

Answer:Rhetros Anti-malware Tools Thread

All the information you have here, can be found here:Freeware Replacements For Common Commercial Apps

3 more replies
Relevance 46.33%

I've been having problems with MyWebSearch and other malware/spyware ever since my younger brother used my computer. I only go into trusted sites i.e. microsoft, cnet, hotmail, etc... Here is my thread:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:04:34 PM, on 6/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://... Read more

Answer:HJT thread: Problem MyWebSearch and other malware problems

Hi threekoins and Welcome to TSG!

I would like you to generate a "Add/Remove Software list" log using the HijackThis application. Here is how you can do this:

To get an Uninstall List from HijackThis:

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

 

3 more replies
Relevance 46.33%

Hi there
Angelfire gave me the all clear a few days ago from malware on my comp, but it has been worse than it ever has with no responding to clicks, cranking on high all the time etc. I just went and did a kapersky scan again, and the 4 infected objects it mentioned last week duruing my forum fix is back again. I have the scan report if you want to see it.
Thank you

Answer:Malware back after forum fix but thread is closed!

Hello seal123,

Your logs were indeed clean on 11/21. Yes, I'd like to see the Kaspersky report along with a fresh dds.txt

2 more replies
Relevance 46.33%

Hi Guys,
Can I begin by saying a MASSIVE thank you to you all-I'd be totally lost without your help
Ok, down to business-I've done as the guide suggests, performed the XP clean up, ran the programs and I've got all the logs which are hopefully attached. The problems started a almost a week ago when the dreaded "spyware protect 2009" screen started popping up and the icon lodged itself in my system tray and I got suspicious when there was no option to get rid of it-it's disabled my windows firewall, is blocking/redirecting my IE browser with it's phony msgs etc. If you need any more info or if I've somehow left something out/attached the wrong logs just let me know-it's purely out of ignorance and not laziness if that's the case!!!:-o

Thanks again- Cheree :wave
 

Answer:vundo/spyware protect 2009 malware-logs attached

here's the last log
 

6 more replies
Relevance 45.92%

Unless you are an authorized Majorgeeks Malware Expert/Helper/Malware Fighter, please refrain from posting in this area of the forum unless of course you started your own thread here asking for help with malware removal.

Thanks for understanding.
 

More replies
Relevance 45.92%

Hi, first i'd like to thank the helpful members in this forum in advanced because I don't know how many computers I wouldn't have been able to keep safe or fix without your help. To be brief as I can this time I'm on my cousin's laptop and it has BSOD,Unwanted Malware Removal software, disabled task manager, regedit disabled, ect.
I'm John btw so you can call me that instead of Ambrosia.


I'm running this in safemode because itsalmost impossible to do this in normal mode but I know I will need to be in normal mode. If you can give me a run down on what this laptop has first.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:51 PM, on 7/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Safe mode with network support


Edit by chaslang: Inline HJT log removed. READ & RUN ME FIRST. Malware Removal Guide sticky not followed.
 

Answer:Malware disabling task mgr & regedit +hijackthislog in thread

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.
After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using a different user... Read more

1 more replies
Relevance 45.92%

Today i got a bug.Copied this from malware removal,
While using my laptop today, I had a 'Security Warning' pop up. It said:

Application cannot be executed. The file [insert file name here].exe is infected. Do you want to activiate your antivirus software now?

This has been popping up every few minutes with different file names. Other windows have been popping up, telling me I need to install this or that to get rid of the virus. I did restart my computer once, but its still here.

It's also opening up explicit material websites and viagra websites.

I hope this is specific enough.

Just now another window popped up that says attention! Spyware aler!Vulnerabilities

I am running XP pro.I am also getting a small box that says :
Attack from 161.219.239.1,PORT 32145
Attack port 12647
Thread Win32/nuqel.E.
Let me know what else you need to know.
When I go to Malware removal that same Window security alert comes up..
Seems as though quite a few people I know got this today.

I had AVG but could not open it today.So I uninstalled with the intention of reinstalling it.Well this virus will not let me finsih installinfg it.
Also I tried to go to system restore but the virus will not let me in...
 

Answer:Virus problem and can't post in malware removal thread

9 more replies
Relevance 45.51%

Hello,Please help!!! I only have a couple of days to fix this comp before I leave!!!I am receiving security popups, Spyware Protect 2009 (I did not download) is in my task bar and keeps popping up with infiltration alerts, and IE keeps redirecting to http://browser-security.microsoft.com/blocked.php?r=21.0 displaying "Internet Explorer Warning - visiting this web site may harm your computer!" Then offering to link me to Purchase Spyware Protect 2009.Here is my DDS Log file and attachment.Thanks!!!peace.b.DDS (Ver_09-03-16.01) - NTFSx86 Run by John at 9:11:09.81 on Sun 03/22/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.223.43 [GMT -5:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\VTTimer.exeC:\WINDOWS\system32\VTtrayp.exeC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeC:\Program Files\Analog Devices\SoundMAX\Smax4.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\QuickTime\qttask.exeC:\PROGRA~1\Nero\data\Xtras\... Read more

Answer:Unkown Malware/Rootkit security popups - Protect Spyware 2009

thank you! topic is resolved through off-post email reply.

Malware-bytes removal is the best!

peace.b.

2 more replies
Relevance 45.51%

Computer infected two days ago. Ran all of the required programs, now computer is very sluggish, not sure if I got rid of everything. Also, continue to have Google redirect virus.

Here are the logs.

Thanks for your time.

Mike
 

Answer:Computer infected with Malware, Steps from Read Me First thread completed

Additional log.
 

5 more replies
Relevance 45.51%

Still dealing with problems and have run across some things I am not sure what they are or what they mean.

First I found that the ram for this computer is not cheap, it's the old rambus and is getting hard to find. I am looking at some on Ebay but I am leary. But it's much cheaper there, for 512 (2x256) at most sites it's running around 300 bucks but have found it on ebay for around 100 bucks.

Second, I ran a pc checkup on the dell site and got a few odd things that worry me and I am hoping someone can help answer some questions because of course Dell offers no answers unless I want to pay a butt load of money I don't have. (Ticks me off that I still owe around 600 on this one! I could buy a better one cheaper!)

It says I have 255MB in Physical Memory and 2048MB in Virtual Memory, whats the difference and isn't that kinda low? I am getting warnings of low virtual memory. I have a 40GB hard drive with 57% free, so is it talking about my processor memory that would be helped with the ram upgrade?

And it says I have an issue with my PCI Status Test, what is that? I am no guru but isn't that something to do with the motherboard? Oh PLEASE tell me it isn't.

Any light you folks can shed on this would be so appreciated, I swear if I win the lottery you guys are first on my list ROFL... ok the mortgage is first but then you!!
 

Answer:Solved: Slow Startup and while working {moved from malware thread}

11 more replies
Relevance 45.51%

DDS (Ver_09-02-01.01) - NTFSx86
Run by 26039 at 14:31:14.15 on 2009-03-09
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1508 [GMT -5:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated)
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)

============== Running Processes ===============

svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dll32.exe
C:\Documents and Settings\26039\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = https://www.houstonwaterbills.houstontx.gov/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-63... Read more

Answer:Lost Admin Rights Due to Spyware/Malware, Logs in Thread. Please Help.

ComboFix 09-03-06.02 - 26039 2009-03-09 10:45:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1391 [GMT -5:00]
Running from: c:\docume~1\26039\LOCALS~1\Temp\jcouh4cx.tmp\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated)
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\ahtn.htm
c:\windows\system32\frmwrk32.exe
c:\windows\system32\init32.exe
c:\windows\system32\ntdll64.exe
c:\windows\system32\pro1210dwin.dll
c:\windows\system32\reg1210dwin.dll
c:\windows\system32\uniq.tll
c:\windows\system32\warning.gif
c:\windows\system32\win32hlp.cnf
c:\windows\Tasks\njriovaz.job

----- BITS: Possible infected sites -----

hxxp://pwe-wus611
.
((((((((((((((((((((((((( Files Created from 2009-02-09 to 2009-03-09 )))))))))))))))))))))))))))))))
.

2009-03-09 10:43 . 2009-03-09 10:43 13,824 --a------ c:\windows\system32\dll32.exe
2009-03-09 10:43 . 2009-03-09 10:43 1 ---h----- c:\windows\t55ft3518f44.dat
2009-03-09 10:43 . 2009-03-09 10:43 0 --a------ c:\windows\system32\nfr.assembly
2009-03-09 10:42 .... Read more

9 more replies
Relevance 44.69%

Hi once i have read some of your arhive threads last 6-27-08 i began to follow all of the steps from cleaning, defrag and Removal. I found out my PC had been infected with Trojan.Vundo(it was detected by malware)... I think it started when i downloaded last 6-26-08 a file at Bitlord. The first virus that was detected was a backdoor.trojan the Norton Anti-virus detect it and remove it. So i thought it was ok when i noticed my PC is slowing I already think that there are still problems with my PC. So i run again the Anti-virus and when it reaches 24% (estimated) my PC reboot and my keyboard got stalled and in my monitor it is BAD BIOS. but when i manually reboot it, it just jump to windows and didn't do the normal process when booting... and everytime I scan my PC with my AV it always reboot so i try to search the net and find you guys... a bit STRICT but helps us more to know and learn how to fix things with our PC

1. From cleaning guide my pc was running better than it was before...
2. From the Malware Removal Guide i don't know if i got the right proceedure
but got some problems...
a. SAS - it doesn't goes blue screen,but my problem here is when it attemps to scan my files it becomes stalled. the first time i ran it i left it for almost 6 hours... (thinking it would still work) so reading from the procedure if it doesn't work proceed to the next
b. Spybot - I dom't have problem here works really great
c. MAM - no problem he... Read more

Answer:Trojan.Vundo,Malware.Trace and Problems on boot and Norton Anti-virus Protect

here are the second logs of HJT and Combofix.

BTW,when i right-click all my folders and files and choose properties it seems that it has security tab and when i click the security tab there's been so much users and administrators in it. Is my files been publicly displayed or does this HighJacka** i mean Hacker get and manage my files...

Thanks...
 

16 more replies
Relevance 44.28%

Hello members of The Windows Club,
I created this thread about Emsisoft Anti-malware (EAM), Emsisoft Emergency Kit (EEK) and our other products.
Here you can ask any questions about them and i will gladly answer.
I will inform you about updates, betas, changelogs or significant news related to EAM and EEK.
I will also collect feedbacks and suggestions you may have about our products.
Thank you.
Best Regards.

More replies
Relevance 44.28%

Hello,
 
I was informed that I posted in the wrong section of Bleeping Computer from a Norton community member. Sorry about that.
 
Just so you are aware, I had posted here: http://www.bleepingcomputer.com/forums/t/563164/dynamo-combo-and-yontooc-malware-infection/ in the Am I infected? What do I do? section. That was the wrong section and I should've posted in this forum, the Virus, Trojan, Spyware, and Malware Removal Logs section.
 
The Norton community member urged me to use extreme caution from talking with a non BC community member. I should've read the forum topics more carefully next time. I decided to post to the correct forum (which is the reason for this thread) incase a BC member can tell me if:
I had wrongly execute any of the programs that were recommended in the forum (it links to a few programs there)
Whether my computer is still at risk as per the link above
 
Anything that I should do now considering I had already followed the instructions in the forum link above?
 
Apologies if this is considered double posting and I will gladly close my own thread up in the other forum if necessary...
 
Thanks,
 
ProtoKaw

Answer:Dynamo Combo malware infection - originally posted in wrong forum thread

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.    HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs i... Read more

2 more replies
Relevance 44.28%

Hi Abri
The thread is longer on the forum for some reason so have had to reply with a new thread
Please find attached avenger & renv logs
Thanks
Daragh

*Hi snacs!Welcome to Major Geeks!* We do not take responsibility for sons, but advise they are worth keeping. You have a new form of vundo on the computer and AVG Antispyware removed a serious lot of stuff from a trojan dropper. It will take several steps to remove things and I ask that you not use or boot your computer more than necessary while we remove this.
*1)* Please begin by uninstalling the following from add/remove programs Also, if your version of Spyware Doctor is the trial version, please uninstall it as well as the below Java program: *- Java(TM) SE Runtime Environment 6 Update 1
**2) *If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run * Disable/Remove Windows Messenger* (http://www.majorgeeks.com/DisableRemove_Windows_Messenger_d2327.html)
*3)*Then go to start / run and type in *msconfig* and make sure *normal system start* is checked. Click on accept and okay.
*4)* Now download *The Avenger* (http://swandog46.geekstogo.com/avenger.zip) by Swandog46, and save it to your Desktop.
Extract avenger.exe from the Zip file and save it to your desktop* Run avenger.exe by double-clicking on it.
* Check the 'Input script manually' box.
* Click on the magnifying glass icon.* Copy *everything* in the Quote box below, and paste it in the box t... Read more

Answer:Reply To Abri Re Malware - Avenger & Renv Logs - Original Thread Inaccessible

Hi snacs!

Too strange! Where did your thread go???? Anyway ... here are the next instructions:

Now Copy the bold text below to notepad. Save it as Log.txt to your desktop.



File::
C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\system32\igfxpers .exe
C:\WINDOWS\system32\igfxtray .exe
C:\WINDOWS\system32\NeroCheck .exeClick to expand...


Now using your mouse, drag Log.txt onto RenV.exe
When finished, RenV.exe will produce a new log. Attach the new Log.txt to your next reply.
Run ComboFix
Run C:\MGtools\GetLogs.bat by double clicking on it.
Attach the below new logs:
Log.txt
C:\ComboFix.txt
C:\MGlogs.zip (get these by running C:\MGTools\GetLogs.bat)

abri
 

7 more replies
Relevance 42.64%

{Note from Moderator: Hi Rams16, you tacked your post onto an active thread, though marked Solved, these threads can become active sometimes, and it is always your best move to start your own thread when dealing with Hijackthis logs, malware, etc as it becomes way too confusing for all of us when more than one computer is being worked on in a thread> so, I have moved your post into a thread for you. Thanks. Some one will help you soon.} By Byteman

Hey, I'm suffering from the same problem too , I've read and followed the steps in your post so this is a copy from the notepad.
Logfile of HijackThis v1.99.1
Scan saved at 10:17:15 PM, on 4/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\devld... Read more

Answer:MSN Photo Album Virus {Moved to new thread from active thread}

Download this tool to your desktop:
http://www.uploads.ejvindh.net/rootchk.exe
Run the program. After a short time a logfile will turn up. Copy the contents of the log into the thread.

Notice: Some security-programs prevent the creation of dummy drivers with certain names. This may cause false positives. If the log of rootchk contains a lot of hidden drivers, you may want to turn of your security programs while rootchk is scanning (you should then unhook your network connection as well)

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your... Read more

1 more replies
Relevance 42.64%

Hi

What's the best password protect protect software for folders?

Also if the password was forgotten or lost..would there be any way to acceess the file?

Thanks.

More replies
Relevance 41.82%

The volunteer helping me on the "Am I infected" forum recommended I move my problem over here to this part of the site. I'm not sure if I'm at the point where I should reformat my computer, hope someone can help.Here's my original problems and the logs and help I've received so far: http://www.bleepingcomputer.com/forums/t/208885/ms-antivirus-2009-which-turned-into-another-one-and-now-its-that-nfrdll-error-and-malarebytes-and-superantispy-got-their-butts-kicked/I assume that you'll probably get a better explanation from my problems there, but here's the quick and dirty:Dell Laptop, currently disconnected from the Internet. (It was unable to access the bleeping computer forum anyway--just this site specifically, sites like Google, blogs, those kinds of things worked fine.)The problems started with the MS Antivirus 2009 fake spyware stuff, than the browser hijacks (I shut off proxy servers before coming to the forums), and then I got the Spyware Protect 2009 version of malware, and was only able to get Malwarebyte's to run by changing the extension to .bat after reading it here. Since I started working on these forums with DaChew, I've only followed his instructions.Currently working off my wife's computer, a Mac. Using a USB flash drive that DaChew had me immunize so that I can download the programs on this Mac and transfer them over to the infected Dell. Than I copy the logs onto the flash and move them here.Here's my DDS file, i've changed my name on it to USER.DDS (Ver... Read more

Answer:Serious Malware Infection, started with MS Antivirus 2009, Spyware Protect 2009, nfr.dll

Hello Thefactualopinion and welcome to Bleeping Computer,1. Please download GooredFix and save it to your Desktop.Select "2. Fix Goored" by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.2. Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.Double click the ComboFix icon to run it.If ComboFix askes you to install the Recovery Console, please do so..The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.Once the Recovery Console is installed, continue with the malware scan.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Greetings,Thunder

6 more replies
Relevance 41.41%

I could only operate in safe mode with numerous other problems as stated in the original thread here -My linkHere is the requested dds log file:.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385Run by maria at 19:33:17 on 2012-01-10Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1216 [GMT -5:00].AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Norton Internet Security\Engine&#... Read more

Answer:New thread with a link to original thread and problem

I am sending the mini tool box through Email to my other laptop and posting it here now thanks:
MiniToolBox by Farbar
Ran by maria (administrator) on 10-01-2012 at 21:12:34
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
Hosts file not detected in the default directory
========================= IP Configuration: ================================
Atheros AR9285 802.11b/g/n WiFi Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
The following helper DLL cannot be loaded: WSHELPER.DLL.

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

Windows IP Configuration
Host Name . . . . . . . . . . . . : maria-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.nj.comcast.net.
Wireless LAN adapter W... Read more

more replies
Relevance 41.41%

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz, Intel64 Family 6 Model 37 Stepping 5
Processor Count: 4
RAM: 3890 Mb
Graphics Card: Intel(R) HD Graphics, 1721 Mb
Hard Drives: C: Total - 464557 MB, Free - 295104 MB;
Motherboard: TOSHIBA, NWQAA
Antivirus: COMODO Antivirus, Updated and Enabled
 

Answer:I was told to move my thread here, attatched is the thread

I'm not sure why you were told to post here in General Security. If malware is suspected, please start a new thread in the Virus & Other Malware Removal forum.

I'll close this one.
 

1 more replies
Relevance 41.41%

quote from forumite Furkin:
"Is it possible for someone to start a new post - by proxy - so that I don't confuse other readers ?"
"I'm trying to ask a couple of questions in the normal way - in Tech Helproom, but for some reason, when I click 'submit', nothing happens. They don't appear in either the forum... or My Posts."
Is anyone else having the same problem?

Answer:Furkin's proxy Thread as he can't start New Thread

Just had a thought, did you remember to put some Tags for the new thread?

7 more replies
Relevance 41.41%

HI again rolleyes

Malware Fighter picked this up during smart scan, then I ran a full scan and it picked it up again.
We have gone through the Remove Malware process twice.
Is Malware Fighter picking up stuff that is not malware, could my Malware fighter be corrupted?

Thanks K, I am not sure what to do at this point.
Scans attached.
Thanks again.....
I am not concerned when it picks things up and cleans them, I get concerned when it says it cleaned them and then I run a full scan and they are still showing up.
 

Answer:New thread as requested, Malware picked up smart scan,cleaned,then picked up fulls sc

Re: New thread as requested, Malware picked up smart scan,cleaned,then picked up full

Where on the site is there an explanation re uploading and taking screen shots. I follow the directions, put them in paint, ( which is what windows directions told me to do) however, when I try to upload the screen shot it fails to upload.
I ran the malware through VT and am trying to get a screen shot to upload.
Thanks

OK< I tried cut and pasting and putting it in an Open Office file but that came up as no valid.
 

13 more replies
Relevance 40.59%

There is a very helpful sticky on this forum called "How to Protect yourself from malware!" authored by Chaslang. See http://forums.majorgeeks.com/showthread.php?t=44525 It appears that it has not been updated since 2004.

I have a clean (I like to think) fairly new Windows 7 computer, and I want to keep it clean. Are there any new suggestions that supersede what is in Chaslang's old thread?
 

Answer:Updates to "How to Protect yourself from malware?"

Happy_Macomb said:





It appears that it has not been updated since 2004.Click to expand...

Very untrue. You are looking at the creation date, not the update date. See the end of the post where you will see:

Last edited by chaslang; 01-30-12 at 19:08.. Reason: Remove outdated tools
 

3 more replies