Computer Support Forum

How to Protect yourself from malware! post question

Question: How to Protect yourself from malware! post question

I just got my degree and have not been able to find work so I can only thank all the people at MajorGeeks.
I am 'Gunk Free' but was reading the chaslang's post "dated 10-10-04, 21:52, How to Protect yourself from malware! - MajorGeeks Support Forums"; and under the firewalls to use "Outpost Firewall Free" is listed when I went to download it, it is Dated: 2009-05-08 is it still a good firewall to use?
Thank you in advance for your help.

At a point in time I was 01 of them that understood some binary.

Relevance 100%
Preferred Solution: How to Protect yourself from malware! post question

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: How to Protect yourself from malware! post question

Yes, it is still a good firewall. Just make sure you keep it updated as you would with all other protection software.

1 more replies
Relevance 64.78%

QUESTION _Sticky:" How to Protect yourself from malware! "

In the below instructions, Is it necessary if I *NEVER* use IE, only Firefox?

Thanks!


"6) Adjust Active X security settings

* In Internet Explorer, click Tools, Internet Options, Security. Click on the Internet globe. Then select Default Level, then click OK. Now select Custom Level and scroll down to the ActiveX controls and plug-ins section (some may already be set correctly):
o Set Download signed Active X controls to Prompt
o Set Download unsigned Active X controls to Disable
o Set Initialize and Script ActiveX controls not marked as safe to Disable
o Set Installation of desktop items to Prompt
o Set Launching programs and files in an IFRAME to Prompt
o Set Navigate sub-frames across different domains to Prompt
o Set Allow paste operations via script to Disable (see: http://support.microsoft.com/kb/224993 )
o Click OK and OK again. "
 

Answer:QUESTION _Sticky: How to Protect yourself from malware!

Re: QUESTION _Sticky:" How to Protect yourself from malware! "



jilter said:





In the below instructions, Is it necessary if I *NEVER* use IE, only Firefox?Click to expand...

Yes! Some applications will automatically launch IE sessions since that may be all the can use. Also you need to use IE to be able to get all of your Windows Updates. And some websites (just like some applications) do require IE.
 

1 more replies
Relevance 53.3%

I recently removed the Spyware Protect 2009 virus from my computer. However, I'm still encountering some problems. For example, sometimes when I start up my computer, it freezes as soon as I log in. Also, on Firefox, after clicking a google link, I get redirected to random websites in a new tab (ex. bestwebchoices.com, windowclick.com, monstermarketplace.com, etc...). On IExplorer, I randomly get a windows-blocked.com screen every so often, but I think I fixed that problem. Also, on startup, iexplorer.exe is automatically being run.

Any help would be greatly appreciated!

Answer:Post-Spyware Protect 2009 Virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

6 more replies
Relevance 52.48%

Ok this is weird. I run Ntl netguard, and Spyware Doctor. A few days ago, SpyDoc refused to auto update. Nothing strange thought I, site must be down.

Well its been four days now. Then I noticed I couldn't connect to Microsoft to do updates either. On further investigation, I found I can't connect to ANY legit malware sites. I have run Spybot, Ntl netguard, Malware Byte's anti malware, and Norton AV, none found anything wrong.

However, I tried setting up a proxy within Firefox, and CAN connect to the sites I couldn't otherwise. (albeit incredibly slowly).

As things stand, I can't update any malware software, and assume my poor PC must have caught something new and nasty.

Please help

Hi jack this follows:-

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:08, on 19/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterSer... Read more

Answer:Help Pls! Can't update Malware Protect or Visit Any Malware Sites

sorry, bump
 

2 more replies
Relevance 51.66%

:Activity:

I recently downloaded a new firefox theme called Foxkeh Japan, but its a popular theme...so I don't think its the problem..hopefully. I don't know about these things though. I also did some torrent searching. During which I got this pop up that said I had malware and started doing a scan online, but then my Auto-Protect Poped up and I closed all the windows and pop ups and they stopped coming up.

Later I've been getting a couple of Auto-Protect Results pop up from my Symantec Antivirus (Full Version: 10.1.6.6010 Scan Engine: 71.3.0.25). So I did some updates on my SUPERAntiSpyware defintions and my Ad-Aware SE and my...Spybot...and they all found various things which I then "fixed" with those programs. I thought that be the end of it...but the Auto-Protect results been poping and I tried once more with my previous stated programs to find and eliminate the problem...and they again found some risks and then I deleted them... (sorry I did not take note of the risks). But again I got some recent Auto-Protect Pop ups (one of the risks identified was backdoorTrojanDownloader, I'm not sure if that is how it was exactly spelt but that is what I remember) and I did a Symantec update...and a scan...but the scan did not start up... and I closed the scan box, but now it won't let me start a scan saying I have a scan in progress (which I dont)...and it won't acknowledge the recent update on the virus definitions.

Recently my -

Spybot... Read more

Answer:Trojan Downloader(s) and frequent Auto-Protect Results (real post)

Ad-Aware SE Build 1.06r1
Logfile Created on:Tuesday, January 01, 2008 7:40:51 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R210 27.12.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):6 total references
Tracking Cookie(TAC index:3):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan comp... Read more

2 more replies
Relevance 48.79%

How would you protect yourself from a fud?
 

Answer:How to protect yourself from a FUD malware?

LukeNukesEm said:





How would you protect yourself from a fud?Click to expand...

Supplement your security with something besides signatures.
 

34 more replies
Relevance 48.79%

Something (Malware ? ?) locked up my PC (Windows XP). I got a pop up message that my PC was infected and click "yes" to buy an AV program. I did not click "Yes", but every program I tried to run came up with the same message. I took it where I bought it and they fixed it by cleaning my hard drive and re-loading my OS. Fortunately, I had BU'd my personal files. They called the problem an "intercept". Norton AV did not catch it. They also loaded "Malwarebytes" for me.

What is the best way to protect for this kind of problem ?
 

Answer:How to protect against Malware ?

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.


After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using... Read more

1 more replies
Relevance 48.79%

i Just bought a new PC. i have a couple questions from the 'How to protect yourself from malware' thread.

My Pc is running windows 7.

In the Firewall section it doesnt say if the windows 7 firewall is sufficent? If it isnt i will download and outpost firewall and disable the windows one.

In the Antispware tools i downloaded Micrsoft security essentials for Winbdows 7. Since i also downloaded Avast as my anti Virus is it ok to run both these?

In the disable the autoruns feature there is no update for windows 7?
 

Answer:How to protect yourself from Malware

avilo4u said:





In the Firewall section it doesnt say if the windows 7 firewall is sufficent? If it isnt i will download and outpost firewall and disable the windows one.Click to expand...

While the Windows 7 firewall is better than what was in previous versions of Windows, it is still very inadequate.





avilo4u said:





In the Antispware tools i downloaded Micrsoft security essentials for Winbdows 7. Since i also downloaded Avast as my anti Virus is it ok to run both these?Click to expand...

No! MSE is and antivirus and antispyware. So is Avast. You can only have one of them installed.





avilo4u said:





In the disable the autoruns feature there is no update for windows 7?Click to expand...

Microsoft has never updated their info ( from here http://support.microsoft.com/kb/967715 ) for Windows 7 so I'm not sure if everything that is used for Vista would apply.

You can just run this >> Autorun Eater
 

6 more replies
Relevance 48.79%

Make sure you get your system protected from ocurrences of malware problems. Below are some simple steps you can take to reduce the chance of infection in the future. I strongly encourage you to do them all. There is no perfect solution for totally preventing malware from getting on your PC, however, these steps will help.

Please do not make the false assumption that this thread is old or out of date based on the date the thread was started ( 10-10-04 21:52 ). Look at the Last Edited date at the bottom of this message as this procedures does evolve with time.

IMPORTANT NOTE: It is getting more and more difficult to find real true freeware these days that does not include bundleware, toolbars...etc and junk you just don't want. Make sure you pay attention during installation of anything you download and read license agreements. Be sure to uncheck check boxes for the bundleware and toolbars where you can so that you opt out because the defaults are always to opt in.


1. Visit Windows Update: Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS. For anyone who is not yet running at least Windows 7 (which you really should be running at a minimum if your PC supports it) see the below link before updating. Note: Windows XP is not longer supported by Microsoft and is hence a security risk.

Windows 7 Upgrade Advisor
You should check for Windows Updates at least once a ... Read more

More replies
Relevance 48.79%

Initial post was First prob was redirect and pop up - now worse... in Malware

Initially I had a redirect problem... I followed the read and run me first and CC cleaner deleted part of my AVG this caused a whole new set of problems.

I had an issue with this before.

Part of my AVG got partially deleted in the past and it was a 2 week process getting my computer fixed. It took forever to find hidden files to delete, avg remover tool wouldnt work. I believe it was Tim that was helping me here... I accidently stumbled upon a file and just started deleting all AVG files that it would let me and finally things started working again and I reinstalled and everything fell into place. Problem is this time. I cant find any of these files. BUT the problem is the same.

I can not execute any exe files in standard mode.

I dont know why CC cleaner deleted part of my AVG but I was directed not to change any settings in the instructions. So I assumed it was a residual file and let it do it's thing.

According to the Maleware host that problem is cleared up. Now we are just trying to get my permissions fixed and that is a software issue. For the time being, Im able to get online on IE... this is an intermittant thing. Sometimes after an instruction and a reboot, I will try to get on IE and I get a blank screen and IE will not load.

Before all this I was unable to use IE and Firefox was the only browser I could use. Now it gives me the same error that exe files give me ... Read more

Answer:First post in malware now instructed to post here

It was and still is Kestrel that is helping you in malware.

Have you tried doing the below:
http://www.dougknox.com/xp/file_assoc.htm --> scroll down to the ninth file fix.
 

14 more replies
Relevance 48.38%

Hi all,My dad has asked me to take a look at his computer after it's been acting odd, and it looks like he's got a doozy of something running on the system. He's been getting some pop ups advertising various programs, the desktop is changed to text reading "Your system is infected! System has been stopped due to a serious malfunction. Spyware activity has been detected" (which is not something any program that should be running would display", Task Manager is blocked from opening and a fake piece of anti-spyware has taken up residence (don't have the name off hand).Looking at the log, I found a couple of things that I'm not a fan of - batmeter16.dll, for starters. There's a couple others I don't recognize, but I am not sure if they are bad or not.Unfortunately, my attempts to fix it have been thwarted - an AVG scan said it cleared it up, but more pop ups came. I tried to run Malware Bytes, but when I download the latest update through the program, I get a nice warning message saying "The database you are using is not supported by this version of Malwarebytes' Anti-Malware. Download the latest version of the program."Additionally, this came about because I tried to start into Safe Mode to get this cleaned up. I couldn't get my keyboard to register keystrokes before Windows started, which kept me from accessing the dialogue allowing Safe Mode to be entered, so I modified boot.ini to force a safe mode boot. Unfortunately, this brought about a blue sc... Read more

Answer:Malware blocking MalwareBytes (post-update), fake anti-malware program

Hello, my name is fenzodahl512 and welcome to the forum.. Please do the following....Please download The Comedian.exe by Rorschach112 to your desktopPlease disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..Double click the program to run it. It will only take around several minutes to run.It will do a series of tasks and tell you when each one is finished.You will be prompted to press any key after each stepWhen it is done it will close and exit itself automatically.You can delete The_Comedian.exe once it is finishedSTOP! if you can't complete this step.. Tell me more about it..NEXTPlease download OTL by OldTimer and save it to your desktop.Under the Custom Scans/Fixes box paste this innetsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINTDon't change any setting... Just click on the Run Scan button.. Let it scan till finish..Then a log will pop-up at your Desktop. Post the content of the log hereNEXTWe need to scan for Rootkits with GMERPlease download GMER from one of the following locations, and save it to your desktop:Main Mirror
This version will download a randomly named file (Recomm... Read more

3 more replies
Relevance 48.38%

One of my friends destroyed his PC physically by dumping water on it so I lender him my PC for a while so now I have to use my Surface RT and whenever I upload a file to mediafire and/or dropbox they get deleted so any tips or suggestions on where I should put my samples at?

(EDIT) yeah about the no malware samples thing i can still post them but... i won't be able to test out before hand
(NOTE) If I placed this post in the wrong section feel free to move it where needed
 

Answer:I won't be able to post malware for a LONG while/tips for where i should upload my malware samples

When you find some sample it's best to put it in some archive format and lock it with password. That way online hosters will not know what's inside of archive.
 

3 more replies
Relevance 48.38%

I continue to get the "SysProtect" download window on both I.E. and Mozilla. Followed your steps listed to clean my system, but same "Virtumonde" files appear each time I run Ad-Aware. Here is the Hi-Jack this log (after running Ad-Aware, see end of log for HijackThis log generated after restarting computer w/o running Ad-Aware):Logfile of HijackThis v1.99.1Scan saved at 9:48:28 PM, on 5/18/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\System3... Read more

Answer:Malware - Virtumonde & Sys Protect?

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.Step #1Scan again with HijackThis and check the following items:R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\system32\jkhhe.dllO20 - Winlogon Notify: jkhhe - C:\WINDOWS\system32\jkhhe.dllAfter checking these items, close all browser windows except HijackThis and click "Fix checked".Step #2Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Put a check next to Run VundoFix as a task.You will receive a message saying vundofix will close and re-open in a minute or less. Click OKWhen VundoFix re-opens, click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will shutdown your computer, click OK.Turn your computer back on.Please go HERE to run Panda's ActiveScanOnce you are on the Panda site click the ... Read more

7 more replies
Relevance 48.38%

Hi. I am rather a person with basic knowledge about computers so don?t be surprised if my question will sound stupid to you.
I have a Windows PC and I often use my thumb drive to print some documents in my university. I?m afraid that it will become infected someday so I thought it would be a good idea to use it only with Puppy Linux when I'm at home. This is why I made my thumb drive a bootable one with Puppy on board. What I want to do is to boot to Puppy, copy the files I need to print or use at the university to the USB drive, then close the system and disconnect the USB drive. To be clear, only one USB stick is involved in this process (Puppy and data are on the same USB stick). Would that prevent infecting my Windows PC? If not then how can I avoid viruses spreading through USB? Can malware do any harm to Windows OS when Puppy is booting?
 

Answer:Can puppy protect me from malware?

Good idea if I understood correctly
 

7 more replies
Relevance 48.38%

We maintain several PCs from a library, a research lab for students in a university. Just recently bunch of malwares swarm inside the lab and nearly affected all the machines. Most of these malwares are being imported from student's flash drives in which they're freely allowed to plug on the PC's. So cleaning the infections was really tedious. We cloned the drives and some were fixed using anti-malware softwares. 
 
Each computer is running a Microsoft Security Essentials for virus protection, and that's it.

Our main problem is, how should we setup each PCs so that we can prevent those viruses from porting inside the system? Is there any particular software or windows configurations that can offer such functionality? MSE merely detects all these viruses and most of it already infiltrated the system and removing each as I said is very tedious and time consuming.
Maybe you guys got some efficient workarounds with this type of predicament.NOTE:
All PCs have the same hardware and uses Windows 7 32bit.
 

Answer:How to protect PCs from USB-malware carriers?

Simple, look at:
 
http://www.bleepingcomputer.com/forums/t/541639/security-suggestions-post-3-of-7/
 
Have a great day!

 

11 more replies
Relevance 48.38%

Hello,

Is there any thread for "How to protect yourself from malware (for vista)" as the one written by chaslang for windows xp.

Another question plz. Is there any site to give ranking for antivirus softwares like matousec for pro-active internet security softwares.

Also kindly tell me plz that avast antivirus is better or comodo internet security with antivirus is better.

Thanks.
 

Answer:How to protect yourself from malware (for Vista)

ablaze said:





Is there any thread for "How to protect yourself from malware (for vista)" as the one written by chaslang for windows xp.Click to expand...

It was not written for Win XP. It is for all versions of Windows althoough obviously there is more in there that relates to WinXP and older since they have been around longer.





ablaze said:





Another question plz. Is there any site to give ranking for antivirus softwares like matousec for pro-active internet security softwares.Click to expand...

You should ask in the Software Forum. But reviews of AVs are typically out of date by the time they are published. This happens because many programs update 3 to 5 times per day and even just one update can drastically improve or reduce an AVs test score.





ablaze said:





Also kindly tell me plz that avast antivirus is better or comodo internet security with antivirus is better.Click to expand...

You are not comparing apples to apples. Avast is just an antivirus. Comodo Internet Security includes all of the below:

firewall
antivirus
Host Intrusion Protection System (HIPS)
BOClean Anti-Malware is not being included in CIS

 

3 more replies
Relevance 48.38%

I have read this threadhttp://forums.majorgeeks.com/showthread.php?t=44525 and i am paying particular attention to #5 AntiSpyWare Tools, and it states ONLY USE 1 REALTIME BLOCKER So my question is, i use ESET'S nod32 Antivirus to protect my machine, but it has antispyware protection included. I also have Malwarebytes Pro providing real time blocking, so am i in effect useing more then 1 realtime blocker? If so what do i do about that? I paid for Malwarebytes Pro, not using it will defeat it's purpose and be considered a waste of money!
 

Answer:How to Protect yourself from malware Thread

You;re fine. One AV only, but you can have more than one AS (Anti-spyware ).
 

3 more replies
Relevance 48.38%

Hello - First, let me say thank you for helping me rectify a really poor choicesof opening software I wasn't 100% certain was verifiable. As a result I have the Virust Protect Pro problem (at a miniumum) which seems to tie up my machine a lot and causes problems with my wireless network adapter. I have used Spybot and Adware to no avail. I've copied and pasted the Hijack This log below and won't make any changes until I hear from you.
With great thanks for your help!
K

Logfile of HijackThis v1.99.1
Scan saved at 3:52:29 PM, on 8/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program F... Read more

More replies
Relevance 47.56%

hello friends-i hope my title makes some sense. i wanted it to convey what i was asking about so people browsing could tell. cuz i couldn't find a question like mine.

i have a new hd completely installed and setup. my old hard drive is now the secondary master and although i still have the OS and programs installed, i never use it. lately i have been actively file-sharing via lime wire. i am behind a zone alarm firewall and running spyware blaster and AVG free. i also regularly scan with spybot S&D. i also scan each file with AVG b4 opening (thanks to majorgeeks for advising me on security)
however, i've been warned the limewire is notoriously risky as far as spyware etc. so my question is:

If i choose to open my secondary OS at start up, and browse and download these risky files to my secondary HD. will that protect my primary HD from infection?

if not, any other advice u have regarding the risks of file sharing are appreciated.

one thing i look out for is files that are too small to contain what they say they do. for example 100kb song files. i just dont download these.
 

Answer:2nd HD for dwnlds/protect primary from malware?

IMHO, I keep an operating system and a backup drive, without an operating system. Just put it on the same cable as primary slave. Frankly, if you are not dual booting 2 operating systems, theres no need to keep them both installed. That said, no any files on a second drive can, and probably will, affect the main drive, in your case, probably infect both drives. A drive formatted without an operating system for backup should be safe from virus and spyware infections, but can affect the other drive, in other words. Having that second drive is great for backups of important data in case of a need to format. I love having my spare drive. Your also correct about Limewire, but it is not specific to Limewire. Any file sharing application is a risk.

Did I answer what you needed?
 

2 more replies
Relevance 47.56%

Malware Protection is a rogue anti-virus application that runs a fake system scan and then concludes that your computer has a malware infection or serious security/privacy issues. To fix the malware infection you must pay a fee, about $50. The rogue program copies user interface elements from real programs and it looks like a legitimate application. Plenty of people shell out $50 to register this fraud and that's a big problem because if you're transacting with these guys online you're offering them your credit card details. Cyber criminals can later user that information to their benefit. You should protect yourself with common sense and legitimate anti-virus software because such fake anti-virus applications as Malware Protection now represent about 20% of all malware in circulation. If you made a mistake and purchased it, please contact your credit card company and dispute the charges. And if you still have this fake AV on your computer, please follow the removal instructions below to remove Malware Protection and related malware for free.

Manual Malware Protection removal instructions:

1. Right click on the "Malware Protection" icon, click Properties in the drop-down menu, then click the Shortcut tab.

The location of the malware is in the Target box.

NOTE: by default, Application Data folder is hidden. Malware files are hidden as well. To see hidden files and folders, please read Show Hidden Files and Folders in Windows.

Under the Hidden f... Read more

Answer:How to protect and clean your computer from malware

Is this a removal guide for this rogue or ?

 

1 more replies
Relevance 47.56%

I have somehow acquired some malware titled system tool protect your pc. It comes up randomly, asks if I want to scan, says I have over 800 Infections, and constantly prompts me to sign up for it to erase my viruses. I know this is malware, and I aquired it after my Norton expired. How can I remove it? Thank you!

I am using a Hp Pavilion Vista.
 

Answer:System Tool Protect your pc (malware)

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.


After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using... Read more

1 more replies
Relevance 47.56%

Hey!
I am a web designer and I just got permission to work from home for the next week. I am allowed to take my work laptop home for it. I would like some advice regarding the security concerns before I start the work.
I have heard about spyware and malware attacks that can cause severe loss of data. I don't want such things happening to me in my work system. As of now it's clean and no malicious files are present in the system. It's installed with Kaspersky Internet Security and ExpressVPN when connecting to the Internet. Will it help in protection from spyware and malware? I have seen articles mentioning not clicking on emails and installing antivirus softwares will help, but still I have heard a lot about such attacks. What else can I do to ensure nothing harmful will happen?
 

Answer:Will Kaspersky and VPN protect from malware attacks?

It being a work laptop, you shouldn't replace any of the pre-installed software, correct?
 

3 more replies
Relevance 47.56%

If you know about security in website and computer then tell me how to secure Website from Malware Attack. And what is the role of Google Webmaster in security purpose?
 

More replies
Relevance 47.56%

Hello,I recently managed to aquire a virus that seems to have taken over my computer. There's a bar that appears right below the address bar for internet explorer telling me to download the latest antispyware to protect my computer. I cannot pull up my Task Manager, my computer prompts me that it has been disabled by my administrator. My desktop background has been changed to a message stating the computer has several fatal errors. and occasionally music will play at random that i've never heard before.here is my log:Deckard's System Scanner v20071014.68Run by Josh UWL on 2008-04-09 16:35:51Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --49: 2008-04-09 21:36:32 UTC - RP521 - Deckard's System Scanner Restore Point48: 2008-04-08 16:12:26 UTC - RP520 - Restore Operation47: 2008-04-08 16:08:59 UTC - RP519 - Last known good configuration46: 2008-04-08 16:08:42 UTC - RP518 - Restore Operation45: 2008-04-08 16:08:41 UTC - RP517 - Last known good configuration-- First Restore Point -- 1: 2008-04-08 16:08:11 UTC - RP473 - System CheckpointBacked up registry hives.Performed disk cleanup.Percentage of Memory in Use: 85% (more than 75%).Total Physical Memory: 447 MiB (512 MiB recommended).-- HijackThis Clone --------------------------------------------------... Read more

Answer:Protect.antivirus Malware Infection

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

10 more replies
Relevance 47.56%

Hello,
My son went to an untrusted site and the computer was infected with the conduit searchprotect.  I tried removing it with Eset Home Security.
 
However, my PC is still acting strange. I think the internet is a bit slower. As well, when I try to run some .exe files, such as Eset's ERARemover tool, windows gives me an error "this app can't run on your PC".  I have windows 8.1 64-bit and have tried both 32bit and 64bit programs.
 
I can't attach a DDS log because it's now win8.1 compatible.
 
thanks.

Answer:Conduit Search Protect and other malware?

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===These tools are compatible with your operating system.Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by click... Read more

8 more replies
Relevance 47.56%

If I visit a malware site with latest version of Firefox with the NoScript extension without allowing any scripts, whats the chance of me getting infected if I don't download anything?
 
Also, I hope this is the right place to post this.

Answer:Will using NoScript protect you from a malware site if..?

COPIED FROM NoScript:
The NoScript Firefox extension provides extra protection for Firefox, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank).
NoScript also provides the most powerful anti-XSS and anti-Clickjacking protection ever available in a browser.
NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not known yet!) with no loss of functionality...
You can enable JavaScript, Java and plugin execution for sites you trust with a simple left-click on the NoScript status bar icon (look at the picture), or using the contextual menu, for easier operation in popup statusbar-less windows.Watch the "Block scripts in Firefox" video by cnet.
 
If I were using Windows and could only have one security program/ add-on....it would be NoScript. I use it in Ubuntu, too.
There is a learning curve. It is not just install and forget. Install it and go to a popular site and then view all the scripts you never knew
were active on that site and are now blocked from running. You can click to allow just the site's scripting and still block all the others.
The ones that you want to play videos on will be one that you will spend the most time learning which script to allow only the videos to play.

11 more replies
Relevance 47.56%

Topic title pretty much says it all. How can i prevent hijacking of my browser or even worse my entire computer? Last night i made a stupid move and attempted to download something off Pirate Bay, i read the comments and it looked legit. Since i didn't have a software that downloads the torrent i clicked on whichever one Pirate Bay offered me. The software was successfully installed and was downloading the program but it froze the halfway and my google chrome completely stopped working, Later on i found out that Conduit is a malware that sometimes installs itself without the user's permission and takes over the browser. Now i'm paranoid about downloading anything. By the way i have a supposedly good anti-virus : Bitdefender for which i paid good money! Very disappointed that it pretty much welcomed the bad malware with open hands and allowed it install itself. 

Answer:How to protect your computer from malware like CONDUIT??

attempted to download something off Pirate Bay : < Anything off these Torrents sites is 50 to 90% infected and not usually legalWinPatrol Free is one of the better programs to warn you if there is going to be an attempt to change your Home Page. This may help after you do a full scan with your Antivirus -Please download AdwCleaner by Xplode onto your desktop.*Close all open programs and internet browsers.*Double click on adwcleaner.exe to run the tool.*Click on Delete.*Confirm each time with Ok.*Your computer will be rebooted automatically. A text file will open after the restart.*Please post the contents of that logfile with your next reply.*You can find the logfile at C:\AdwCleaner[S1].txt as well.  Thank You -  

1 more replies
Relevance 47.56%

Microsoft said:

A view of the current landscape
Criminal attacks continue to evolve and malware has become their standard weapon against anyone who uses the Internet?on traditional form-factor devices, as well as on mobile devices like tablets and phones. Malware targets all operating systems and browsers, and in recent years, criminal attacks against applications have increased substantially.

Criminals also use social engineering to trick you into performing actions that put you at risk. An increasingly common social engineering strategy uses online advertising campaigns to lure you to a site that installs malware on your computer.

An economy has developed around building reliable vulnerability exploits, which criminals buy to help distribute their malware. Criminals make money from their malware, so they invest in ways to keep it alive such as producing a higher quantity of malware, updating it more frequently?e.g. multiples times each day?and increasing its size and complexity. Some malware is as complex as commercial applications.

Secure by design
We use the Security Development Lifecycle (SDL) to build Windows with the best security design, development and testing practices available. Some highlights include:
Threat modeling and security design reviews. During the design process we consider how criminals might seek to attack features and scenarios, and incorporate this analysis into our designs.
Writing secure code. Training and code quality tools help to pre... Read more

Answer:Windows 8 will better protect users from malware

Well its like malware writers would take time to discuss how they will bypass those features. Its like Windows 8 were built in security and could led to few vulnerability probably.
 

6 more replies
Relevance 47.56%

I am getting three screens that come up when ever I try to do work on any program. (1) Windows Security alert (2) Spyware Protect 2009 alert (3) Spyware Alert

DDS (Ver_09-02-01.01) - NTFSx86
Run by Kim at 10:54:20.07 on Thu 02/19/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2430.1853 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)

============== Running Processes ===============

J:\WINDOWS\system32\Ati2evxx.exe
J:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
J:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
J:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
J:\WINDOWS\system32\Ati2evxx.exe
J:\WINDOWS\Explorer.EXE
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\McAfee.com\Agent\mcagent.exe
J:\WINDOWS\svcho.exe
J:\Program Files\AIM6\aim6.exe
J:\Program Files\Windows Live\Messenger\msnmsgr.exe
J:\Program Files\Messenger\msmsgs.exe
J:\WINDOWS\sysguard.exe
J:\Program Files\AIM6\aolsoftware.exe
J:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
j:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
j:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
J:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
J:\Program Files&... Read more

Answer:Spyware Protect 2009 malware

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

2 more replies
Relevance 47.56%

Will Ad-Aware only detect the malware in its definitions during a scan, or does it also prevent it from being installed on your computer in the first place? What about A2? Many thanks. - Tye

Answer:Does Ad-Aware protect your computer from malware?

No on both counts. Try Spywareblaster click here

3 more replies
Relevance 47.15%

I would really appreciate some assistance with "Internet secruity designed to portect" malware and/or virus.  I have attempted to remove this with no luck.  I did install and run Malware Bytes.  Initially it listed several virus which I removed.  However, I still have a problem.  Anytime I try to run/download anything it is blocked by this annoying virus.  What can I do? Any and all help would be greatly appreciated.

Answer:Internet Secruity Designed to Protect Malware Help Please

Hello, I moved you from WIN7 to the Am I Infected forum for now.
Please try following this GUIDE.

1 more replies
Relevance 47.15%

Hi everyone,
I want to tell my story about protection of ESS on my computer. Today, when my friend plug in his USB into my computer, I noticed that his USB shows only 1 USB shorcut in explorer. Before, my previous machine is infected by this malware type (malware creates USB shorcut) so I have experience with it. And when he plug his USB in, I run ESS Smart Scan but it found nothing. This afternoon, when I plug my USB in my machine, I saw that all things in my USB turn into 1 USB shorcut, I run Smart Scan again with my USB and found nothing, too (I also run a scan by Zemana AntiMalware, and it found nothing, too). After that, I installed MCShield AntiMalware Tool, and scan my USB with it. Magically, It found .ink malware in my USB and cleaned it sucessfully! This is screenshot about log of MCShield:

And now, I'm very disapointed with my ESET . It makes me got infected easily! . How do you think about my problem, please share with me.
 

Answer:ESET Smart Security can't protect me from .lnk malware

ESET protects against malware coming from USB devices.
Probably did not recognize the malware that caused the problem.
You have done well to use McShield.
 

71 more replies
Relevance 47.15%

To start let me thank you for putting all these great programs in one easy to download area! Just following this guide has cleaned out several items from my supposedly secure system.

I did find one broken link however and got lost going through the giant comodo forum trying to find another thread with a similar ease of use allure.

This one: Configuring CIS for Maximum Security with ZERO Alerts for Novices

If you could give me an updated link it would be much appreciated.
 

Answer:Broken link in: Sticky How to Protect yourself from malware!

Thank you for bringing it to our attention. We will see what can be done to fix that issue.
 

2 more replies
Relevance 47.15%

My computer is infected with a malware program called "Spyware Protect 2009" how do I get rid of it? I followed instructions and have copied DDS and Attach files below. popup windows keep appearing saying my computer is infected with a virus and I need to install their software.
DDS (Ver_09-03-16.01) - NTFSx86
Run by John Schlatterer at 2:44:20.15 on Mon 03/16/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.96 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files&... Read more

Answer:remove malware, Spyware Protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any scri... Read more

2 more replies
Relevance 47.15%

> I am  using sify ISP with limited data tarnsfer package.>My ISP is showing that i have downloaded 1200 MB which is not true.>I did'nt turned  on the PC on the date prescribed by ISP but it showing i have downloaded 1200 MB and has cut down 20 valid days>I think some one has hacked my system.So i am requesting you to tell the best way to protect my system from malware and internetThanks in advace.

Answer:Best way and best software to protect my system from malware and Internet?

Before anyone tells you that,   it may be that someone connected to your internet connection, via wireless?How are you connected to the internet?Because if your computer was off on those dates, even if a hacker got into the system the computer needs a physical connection to the internet, while the computer is off, there is no way of obtaining an internet connection.

3 more replies
Relevance 47.15%

I finally found a fix to the malware the the Virus Protect Pro created and it cleaned out everything. The free software (to use and clean) is called Super AntiSpyware (that's quite some name) and you can download the free home version at http://www.superantispyware.com/superantispywarefreevspro.html
I'm going over there now to donate some money as it was my stupidity that had me lose about 6 hours trying to fix what I did. It's always nice to find a hero.

With blessings for a great day.
K
 

More replies
Relevance 47.15%

> I am using sify ISP with limited data tarnsfer package.
>My ISP is showing that i have downloaded 1200 MB which is not true.
>I did'nt turned on the PC on the date prescribed by ISP but it showing i have downloaded 1200 MB and has cut down 20 valid days
>I think some one has hacked my system.
So i am requesting you to tell the best way to protect my system from malware and internet
Thanks in advace.
 

Answer:Best way and best software to protect my system from malware and Internet?

Security is a wide topic. If you browse aound on this forum, you will find recomendations on Anti Virus and Anti Spyware and Firewalls.
If you have Windows XP Professional, MS published an XP Security Guide v2 and tells you how to harden XP Pro. It is available here:

http://www.microsoft.com/technet/security/prodtech/windowsxp/secwinxp/default.mspx#ETE

If you have Vista, there is a Vista version of the Security Guide:

http://www.microsoft.com/downloads/...ed-7f35-4e72-bfb5-b84a526c1565&displaylang=en

Hardening an OS gives the attacker a smaller attack surface by disabling unnecessary features. XP after a fresh install is quite bloated and has a lot of places for an attacker to poke at.

Also you should consider running it daily using a limited user account, as that prevents some malware from working and prevents malware from making system wide changes. In the Unix world, nobody runs a machine daily using the admin account. MS acknowledges that and has made UAC for Vista to achieve the same end.

Here's more details about that:
http://www.mechbgon.com/build/security2.html

Also along the lines of protection and prevention, use Mcafee's Site Advisor, available here:

http://www.siteadvisor.com/

It places a site rating besides every google result and tells you about malware infested sites before you go clicking on them and instantly infecting your machine.
 

3 more replies
Relevance 47.15%

Hi Folks, Yes I've got the privacy protection Malware, currently running windows XP on a dell laptop and I cannot start up in the safe mode, no Internet start up or execution of any programs allowed. Looks like I can strip documents & information off but thats about it. Can anyone share my options to cure this problem?

Thanks in advance - L

Answer:OK I've got the Privacy protect malware & no safe mode

Hello LarsLind,I moved this to Am I Infected.For the connection try these...Please click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.Now check if the internet is working again.ORGo to Start ... Run and type in cmdA dos Window will appear.Type in the dos window: netsh winsock resetClick on the enter key.Reboot your system to complete the process..Please follow our Removal Guide here Remove Privacy Protection (Uninstall Guide) .After reading how the malware is misleading you ...You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Also the other tool log.. A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.

1 more replies
Relevance 47.15%

Hello. My kid's PC -- an HP (Model M7567C, with 2, 260 GB hard disks and 2 GB RAM) is infected by "Spyware Protect 2009" malware. The malware repeatedly displays at least 3 different pop-ups saying there's a spyware infection and offers to sell a fix; the program also prevents Explorer from working properly. There are no obvious programs/processes to shut down from the control panel. The machine has Zone Alarm Security Suite installed - I'm not sure if my kids ignored a warning or if the software mistakenly let something in. Zone Alarm technical support said to try running Malwarebytes' Anti-Malware automated removal tool, but the program doesn't seem to run (nothing happens after the program is downloaded and launched). I tried running Zone Alarm virus and spyware scans, but the program runs slowly and eventually hangs (I think I ran the Zone Alarm scan in the Windows Safe mode). I can boot the PC in Windows Safe mode, but unfortunately there is no useful restore point. I can boot the PC in the normal Windows mode but it takes 2 or 3 cold starts. I can use Microsoft Explorer (through a wireless LAN connection), but in the normal Windows mode Spyware keeps hi-jacking Explorer and displaying its rouge messages.

Before I give up and reformat the hard disk and re-imaging the disk from the backup system disks, I would like to try a less time consuming solution. Any suggestions are welcome! Thanks!

I ran the DSS scan as instructed. Here are the res... Read more

Answer:"Spyware Protect 2009" malware problem

I wanted to add some new information to my original posting that seems to be related to my problem.

When my spyware infected PC boots, I get the following messages:

"The application or DLL c:\windows\system32\digeste.dll is not a valid windows image."

"View Manager has encountered a problem and needs to close."

"Error loading c:\windows\griwapaxim.dll. The specified module could not be found."

I noticed that there was a Windows update available today (the February update of Microsoft's anti-spyware program). I installed this application; after this, Zone Alarm Suite was then able to run (up to now, it just hung up), and 2 items were quarintined: WIN32.SYSGUARD adn WIN32.TROJAN.FAKEALERT.IEH

However, there are still problems with my PC. I still can't get Malwarebytes' program to run, even when I rename the *.exe file to *.bat. It seems like whatever is still injecting my PC interferes with any anti-spyware/malware program from running properly and interferes with the operation of Explorer.

Thanks.

4 more replies
Relevance 47.15%

How does comodo firewall protects against signed malware at cruelsister's settings? Also i can disable its processes via task manager. How its self protection?
I am going to use it on my system with cruelsister's settings but these issues are my main concern which do not let me believe in comodo's power.
So,help me out and give the required info.
Thanks.
 

More replies
Relevance 47.15%

Can I Recover my administrator password for the ContentProtect program without it being sent to my E-mail?
 

Answer:Question about content protect

Yes you can chk previous post
http://forums.majorgeeks.com/showthread.php?t=69045
 

2 more replies
Relevance 46.74%

Hi

I was just wanting to know the reason why Spybot S&D was removed from the "How to Protect yourself from malware!" sticky.

I am using version 1.6.2 since I found the newer v2 to be quite bloated and annoying. Should I still be using 1.6.2 since it still downloads the lastest malware signatures? Or is there an important reason why it was removed as a recommended antispyware tool?

Cheers
Sam
 

Answer:Reason for Spybot S&D removal from How to Protect yourself from malware thread?

Just not that useful anymore and as you noted V2 is too bloated. We also never liked Teatimer.

You can still use the old version and make use of the bad download blocker and hosts file protection if you wish but I would not use Teatimer. Modern antivirus programs already included antispyware too.
 

1 more replies
Relevance 46.74%

Hi, i'm having a problem with my web browser since using the malwarebytes anti-malware scan. Before I ran the scan and removed the infections it found, I was able to open webpages and go to sites although when i would try to search it would redirect the page. After I ran the scan and deleted the infections, I tried to open a webpage and it said it couldn't display it although I was connected to the internet. One of the things the scan found said "adware.mywebsearch" I would assume that was the reason it was redirecting the page. As of right now, I have done a system restore to a point before i removed the infections so i could display a webpage to get help. If someone can please help me, I would be very grateful.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Leslie at 14:54:14.01 on Wed 05/06/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.496 [GMT -4:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEn... Read more

Answer:malware agents/koobface,spyware protect removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Relevance 46.74%

Hey guys, I am sure you can relate to my current woes here. I have a family member who is just always getting malware on their computer. Getting tired of cleaning it up so frequently and I wanted to ask you guys what you do. Personall I install Chrome and MSE, and set MSE to a Full Scan once a week with real time monitoring. I also preach safe web surfing, but honestly, it's like telling a Crack Head that crack kills.

So what do you guys do to try to ease the pain of fixing a family members computer?
 

Answer:How do you Setup your family members computer to protect from malware?

They now have Macs
 

46 more replies
Relevance 46.74%

I've been using AVG, and have bought the full version, yet was confused with what I had to do.  Can anyone tell me which product is user friendly, yet a good system choice.  Thanks,
Would be appreciated. 
 

Answer:What is a good product to buy to protect and remove virus, malware etc...

My personal choice is ESET NOD32 Anti-Virus if choosing a paid for program as it leaves a small footprint...meaning it is not intrusive and does not utilize a lot of system resources. Kaspersky Anti-Virus is also a good choice if looking for a paid for program. If you don't want to pay then I recommend avast! Free Antivirus.For more specific information to consider, please read:Choosing an Anti-Virus ProgramSANS Institute Choosing Your Anti-virus SoftwareImportant Fact: It has been proven time and again that the user is a more substantial factor in security than the architecture of the operating system or installed protection software. Therefore, security begins with personal responsibility and following Best Practices for Safe Computing.

6 more replies
Relevance 46.74%

I have recently been infected with a fileless malware. I have run a scan with ksc and it reported some memory detection. So,i run a scan with fully updated avast free and emsisoft eek but they didn't find anything. Finally, i have to scan with zemana and only after it detected and removed a fileless malware,ksc was able to give my system a clean sheet. Does kaspersky and zemana the only one to protect against such attacks? I need a free tool to protect my system against such attacks. The detection by zemana was "trojan poweliks: fileless malware". I don't need any whitelisting software and i also sincerely think that even they cannot counter such attacks.
 

Answer:Do you know any free software to protect against fileless malware attacks?

avast and bitdefender free are both goof
 

23 more replies
Relevance 46.33%

Hi,
I downloaded an app from CNET ( never again ) and ended up with Search Protect in the Task Bar and redirecting to Conduit.
Avast free never saw it. I ran AdwareCleaner and MalwareBytes Ant-rootkit, rebooted and no sign of it.
How best can I check to verify that it's really gone.
Thanks
 

Answer:Search Protect/Conduit Question

By posting in the Virus & Other Malware Removal forum and providing the logs requested at the top.

Since this is the wrong forum I'll close this one.
 

1 more replies
Relevance 46.33%

Hi,
I downloaded an app from CNET ( never again ) and ended up with Search Protect in the Task Bar and redirecting to Conduit.
Avast free never saw it. I ran AdwareCleaner and MalwareBytes Ant-rootkit, rebooted and no sign of it.
How best can I check to verify that it's really gone.

ps not sure about the Gmer log

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista™ Home Premium, Service Pack 2, 32 bit
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+, x64 Family 15 Model 107 Stepping 1
Processor Count: 2
RAM: 3325 Mb
Graphics Card: NVIDIA GeForce 210, 512 Mb
Hard Drives: C: Total - 228121 MB, Free - 131165 MB; D: Total - 10239 MB, Free - 5254 MB; J: Total - 152624 MB, Free - 152340 MB;
Motherboard: Dell Inc., 0RY206
Antivirus: avast! Antivirus, Updated and Enabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:40:23 PM, on 3/5/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16520)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsa... Read more

Answer:Search Protect/Conduit Question

16 more replies
Relevance 46.33%

Hi Guys,
Can I begin by saying a MASSIVE thank you to you all-I'd be totally lost without your help
Ok, down to business-I've done as the guide suggests, performed the XP clean up, ran the programs and I've got all the logs which are hopefully attached. The problems started a almost a week ago when the dreaded "spyware protect 2009" screen started popping up and the icon lodged itself in my system tray and I got suspicious when there was no option to get rid of it-it's disabled my windows firewall, is blocking/redirecting my IE browser with it's phony msgs etc. If you need any more info or if I've somehow left something out/attached the wrong logs just let me know-it's purely out of ignorance and not laziness if that's the case!!!:-o

Thanks again- Cheree :wave
 

Answer:vundo/spyware protect 2009 malware-logs attached

here's the last log
 

6 more replies
Relevance 45.51%

Hello,Please help!!! I only have a couple of days to fix this comp before I leave!!!I am receiving security popups, Spyware Protect 2009 (I did not download) is in my task bar and keeps popping up with infiltration alerts, and IE keeps redirecting to http://browser-security.microsoft.com/blocked.php?r=21.0 displaying "Internet Explorer Warning - visiting this web site may harm your computer!" Then offering to link me to Purchase Spyware Protect 2009.Here is my DDS Log file and attachment.Thanks!!!peace.b.DDS (Ver_09-03-16.01) - NTFSx86 Run by John at 9:11:09.81 on Sun 03/22/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.223.43 [GMT -5:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\VTTimer.exeC:\WINDOWS\system32\VTtrayp.exeC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeC:\Program Files\Analog Devices\SoundMAX\Smax4.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\QuickTime\qttask.exeC:\PROGRA~1\Nero\data\Xtras\... Read more

Answer:Unkown Malware/Rootkit security popups - Protect Spyware 2009

thank you! topic is resolved through off-post email reply.

Malware-bytes removal is the best!

peace.b.

2 more replies
Relevance 44.69%

Hi once i have read some of your arhive threads last 6-27-08 i began to follow all of the steps from cleaning, defrag and Removal. I found out my PC had been infected with Trojan.Vundo(it was detected by malware)... I think it started when i downloaded last 6-26-08 a file at Bitlord. The first virus that was detected was a backdoor.trojan the Norton Anti-virus detect it and remove it. So i thought it was ok when i noticed my PC is slowing I already think that there are still problems with my PC. So i run again the Anti-virus and when it reaches 24% (estimated) my PC reboot and my keyboard got stalled and in my monitor it is BAD BIOS. but when i manually reboot it, it just jump to windows and didn't do the normal process when booting... and everytime I scan my PC with my AV it always reboot so i try to search the net and find you guys... a bit STRICT but helps us more to know and learn how to fix things with our PC

1. From cleaning guide my pc was running better than it was before...
2. From the Malware Removal Guide i don't know if i got the right proceedure
but got some problems...
a. SAS - it doesn't goes blue screen,but my problem here is when it attemps to scan my files it becomes stalled. the first time i ran it i left it for almost 6 hours... (thinking it would still work) so reading from the procedure if it doesn't work proceed to the next
b. Spybot - I dom't have problem here works really great
c. MAM - no problem he... Read more

Answer:Trojan.Vundo,Malware.Trace and Problems on boot and Norton Anti-virus Protect

here are the second logs of HJT and Combofix.

BTW,when i right-click all my folders and files and choose properties it seems that it has security tab and when i click the security tab there's been so much users and administrators in it. Is my files been publicly displayed or does this HighJacka** i mean Hacker get and manage my files...

Thanks...
 

16 more replies
Relevance 43.46%
Question: Post-Malware

PROBLEM

Recently I was infected with the fake anti-virus scanner malware, Antivir, that throws up fake virus alerts. I've already removed the malware with MalwareBytes Anti-Malware Scanner in safe-mode.

However, I think that there are still traces of the malware or some other virus hidden on my system, since Avast! (which I use as a first-line of defence) occassionally detected attacks by some Trojan virus. In addition, I now have a RUNDLL error message saying:

RUNDLL

Error loading C:/WINDOWS/olixukowomaquden.dll

The specified module could not be found.
Click to expand...

However, follow-up scans with mbam (fully updated) do not yield any results.
LOGS

Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:29, on 02-08-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToo... Read more

Answer:Post-Malware

Bumped, please address
 

1 more replies
Relevance 43.46%
Question: Malware Post

Windows XP Home Edition SP2Issue summary: Cannot update any programs at all. Cannot do a windows update. All links selected within your site give me an IE error page. When ever I do a search in google it takes me to a page to buy some software every time. All of my favorites saved before this started allow me to go to those sites.IE 6.0 SP2Step 1: Did not have Spybot but downloaded it and got a connection error when attempting to install.Step 2: Antivirus programs tried AVG; ZoneAlarm & Avast. Was able to install them but could not update any of them. Currently have Avast. All three tried will let me scan but cannot update to get newest definitions.Step 3: Add remove programs followed, nothing found.Step 3: House Cleaning done with CCleaner 2.0, tried to download CCcleaner Sim would not install.Step 4: SUPERAntiSpyware was already installed, unable to update to get latest definitions.Here is the log:SUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 11/07/2008 at 10:18 PMApplication Version : 4.21.1004Core Rules Database Version : 3625Trace Rules Database Version: 1609Scan type       : Complete ScanTotal Scan Time : 00:22:41Memory items scanned      : 330Memory threats detected   : 0Registry items scanned    : 4245Registry threats detected : 0File items scanned        : 32618File threats detected     : 1Adware.Tracking Cookie   C:\Documents and Settings\... Read more

Answer:Malware Post

Here are some logs done after work today. Appears there are still some issues. Each time I run Malwarebytes, I follow the instructions but it keeps finding one every time after I restart and scan? Malwarebytes' Anti-Malware 1.30Database version: 1391Windows 5.1.2600 Service Pack 211/13/2008 5:26:14 PMmbam-log-2008-11-13 (17-26-14).txtScan type: Full Scan (C:\|)Objects scanned: 72108Time elapsed: 19 minute(s), 55 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\System Volume Information\_restore{3DCD8EEC-7469-41B2-AD90-AFDA28CD5DC9}\RP2\A0000001.sys (Trojan.Downloader) -> Quarantined and deleted successfully.C:\WINDOWS\system32\TDSSosvn.dat (Malware.Trace) -> Quarantined and deleted successfully.C:\Documents and Settings\Owner\Local Settings\Temp\TDSS9909.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.Malwarebytes' Anti-Malware 1.30Database version: 1391Windows 5.1.2600 Service Pack 211/13/2008 5:53:46 PMmbam-log-2008-11-13 (17-53-40).txtScan type: Full Scan (C:\|)Objects scanned: 7... Read more

3 more replies
Relevance 43.46%

Here they are...
 

Answer:Log post for malware

Welcome to Major Geeks!

You need to attach the other two logs that were requested: C:\ComboFix.txt and C:\MGlogs.zip

Also please tell us what problems you are currently having if any.
 

1 more replies
Relevance 43.46%
Question: Post Malware

Hi all!

I have just spent more than a month trying to clean my pc of a " remote " exploit. I realize now that it was on my system for more than 7-9 months. It affected two desktops and three laptops, ( apparently due to a weak password )

The reason I am here posting is that most or all scanner engines I was refferred to didn't find anything.

I finally think that it is resolved as I am not seeing the activity on the network or hard drive. What really supprised me was that it repeatedly returned on a system that was a new install.

I bought a new hard drive, flashed the bios (new mem stick - program downloaded from library ) took out the wireless card, isolated from the internet, formated the drive using the install disk, installed the OS and then the antivirus (avast-free) and then connected to the internet.

I believe that there are many people that have or still have the same malware that I had. I have posted many times as violated and violated 5/2011 at microsofts "answers.microsoft.com" and was given several helpfull suggestions, all not curing the issue.

I watched in real time the changes that occurred to my system (printer driver missing or corrupt, usb hub disabled while using, monitor going blank, several user accounts being made with special privledges (viewed using event viewer and using resource monitor) and had my password changed while I was using antimalware software to try and remove or find. I was never able to identi... Read more

Answer:Post Malware

Hi,

Can you give more details about the malware you are referring too? What software did you use to try and clean your system?

Regards,
Golden

9 more replies
Relevance 43.05%

webroot spy sweeper keeps denying access to:
myroitracking.com
ad.media-servers.net
67.201.36.16
Dr.Areaconnect.com
64.74.233.39, ect. saying they are known malware sites

here are my logs. I'll put hijack this on the next post
 

Answer:need help with malware removal (post 1)

Re: need help with malware removal (post 2)

webroot also denies:CLKH71YHKS66.com

here are mbam log and hijack this
 

13 more replies
Relevance 43.05%

Hi,

I recently got a trojan - AVG called it Trojan horse Generic 22.GWN - that came for a visit. It's one that pretends that your hard disk is crashing. It hid folders to make you think they'd been lost, moved shortcuts, cleared out the start menu and made registry changes.

I ran a CClean and then cleared it out with MalwareBytes - that solved the problem but the registry changes are still there, and the start menu contents are mostly missing as well.

I've managed to repair one of the reg changes - re-enabling Task Manager, but I've got no idea how to change or track any of the others it's made. It has, as far as i've found, locked the windows backgrounds and themes, and also seems to have stopped me from backing up - but there must be others changes as well.

Is there any way to track and repair these registry changes, or restore my startbar and desktop?

On the topic of the desktop and startbar - some of it has come back as I've unhid the files, and apparently this malware doesn't delete stuff, it just moves and hides it. But I'm more concerned about the registry changes.

Any help would be greatly appreciated.

Little John

Answer:Registry changes post-malware

I don't know of any way you can track & undo Registry changes caused by malware unless you have a pre-malware Registry beackup.

Try System Restore or do a Factory Recovery.

1 more replies
Relevance 43.05%
Question: Post-Malware Blues

not trying to hijack this thread or anything but i have been suffering from what appears to be the same symptoms. Anyways while trolling through the mass QQ im infected posts i saw several moderaters link to http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller. After running that application although it didnt fix the redirects a lot of the memory use being consumed dropped and svchost.exe had dropped to a "normal" level.EDIT: Moved from XP to Am I Infected forum ~ Hamluis.

More replies
Relevance 43.05%

Hi all

I have recently been cleared of some malware (thanks to that forum!) and it appears to have affected the software on my machine. The following occur to me but I may be missing a wider issue:

- All programmes seem to be hidden (I have manually unhidden most on my desktop for ease of use);
- My quicklaunch seems to have disappeared and cannot be restored through the taskbar properties; and
- The start menu is empty.

Any help greatly appreciated!
 

Answer:Post-Malware Issues

Just to benefit the people helping you, here is some of your system info:





System Information report written at: 04/04/11 21:28:15
System Name: YOUR-AD3E76B51B
[System Summary]

Item Value
OS Name Microsoft Windows XP Home Edition
Version 5.1.2600 Service Pack 3 Build 2600
OS Manufacturer Microsoft Corporation
System Name YOUR-AD3E76B51B
System Manufacturer SAMSUNG ELECTRONICS CO., LTD.
System Model NC10
System Type X86-based PC
Processor x86 Family 6 Model 28 Stepping 2 GenuineIntel ~1596 Mhz
BIOS Version/Date Phoenix Technologies Ltd. 02CA.MP00.20081015.KTW, 15/10/2008
SMBIOS Version 2.5
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume2
Locale United States
Hardware Abstraction Layer Version = "5.1.2600.5512 (xpsp.080413-2111)"
User Name YOUR-AD3E76B51B\chris
Time Zone GMT Daylight Time
Total Physical Memory 1,024.00 MB
Available Physical Memory 452.89 MB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 2.39 GB
Page File C:\pagefile.sysClick to expand...


 

1 more replies
Relevance 43.05%

Well i've had this for quite some time now a month or so and it's starting to tick me off... The pop-ups that mostly come up are Winfixer and Zedo...
I'm completely confused and frustrated right now with it and so any help is very much appreciated, thank you
 

Answer:Another Removing Malware Post

Alright here are the other three mentioned in the sticky
 

14 more replies
Relevance 43.05%

Hello everyone,So I just contracted some sort of malware infection on my computer and can not seem to get rid of it with some of the easy fixes I know. The name of the software it keeps prompting me to buy escapes me right now and I can not look up currently since I am in safemode. However, I will do so immediately after posting this and add it to the post. I have access to the internet, and amazingly am not getting redirected from anything that I appear to use there. So far atleast. However, it will not let me open my documents saying that it can not find them. Also, whenever I try to start my SuperAntiSpyware, the system kicks in and says a threat has been detected. Safemode seems to be working really well for me so far, and I ran scans with SuperAntiSpyware and CCleaner, both of wich came up with problems wich I deleted, but the problem remains. If you have any other questions about my situation, please ask. Also, I skipped the GMER step because I have a 64 bit hard drive. Here are my DDS reports:Ok, so the name of the system is System Tool. And a few other key notes that I forgot to mention: It changes my background everytime i log in to this blue screen with red and white letters on it saying something along the lines of "WARNING!!! yourre in danger! your computer is infected with spyware!" then says some threatening things about infections. Hope that this helps. THANKS!!!Merged posts. ~ OB

Answer:Malware-I will look up the name after I have posted this and post it

hi,

Your post is a few days old. If you still need help reply back.

8 more replies
Relevance 43.05%

Hi,I managed to download 'antimalwaredoctor' a few weeks ago - from facebook scarily. I've managed to get rid of most of it using a variety of killers and anti-virus programmes and now have AVG installed. But problems remain. Chief of these is the dread svchost.exe that is sucking up 90%+ cpu. I also have some google redirects at work too and shutting down / starting up is faulty too.I've followed the bleeping computer instructions and have attached the relevant DDS and GMER files. I also downloaded and attached a report on what processes were associated with svchost when running if that is any help.Thanks.NeilDDS log:.DDS (Ver_11-03-05.01) - NTFSx86 Run by Neils at 18:31:46.35 on 30/04/2011Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.365 [GMT 1:00]..============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\Explorer.EXEsvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG10\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Fi... Read more

Answer:Post malware problems

Good evening. Download aswMBR.exe from here and save it to your Desktop. Double click the tool to run it. Click the Scan button to, well, start the scan - obvious really! Once the scan reports "Scan finished successfully", which takes less than a minute on my system, click Save log. On my system it offers to save it to the Desktop, which may or may not be it's default behaviour, but it's as handy a place as any. You'll also see a file called MBR.dat appear as well - this is a backup that it created, just in case it's needed. Keep it handy for now.I'd like the contents of aswMBR.txt in your next reply, if you'd be so kind.

2 more replies
Relevance 43.05%

Mod Edit:  Split from http://www.bleepingcomputer.com/forums/t/459602/firewall-will-not-start/ - Hamluis.
 
 
 
I am having this same problem after removing the FBI virus.  I downloaded and ran the Windows Repair Tool as instructed.  However when I check the staus of the firewall it says it is not using the recommended settings.  When I click on the "Use the receommended settings" I get the error that says:
 
Windows Firewall can't change some of your settings.  Error code 0x8007042c

Answer:Problems Post FBI Malware

Have you tried the FIX-It
To fix this problem automatically, click the Fix-It image below. If a security notification appears, click Run.
 

Fix this problem
Microsoft Fix it 2530126

 

1 more replies
Relevance 43.05%

Deckard's System Scanner v20071014.68
Run by James! on 2008-08-09 02:00:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
23: 2008-08-09 01:01:08 UTC - RP128 - Deckard's System Scanner Restore Point
22: 2008-08-08 23:34:58 UTC - RP127 - Removed Napster
21: 2008-08-08 23:33:42 UTC - RP126 - Removed Cypress USB Mass Storage Driver Installation
20: 2008-08-08 21:18:56 UTC - RP125 - Microsoft OneCare Protection Checkpoint
19: 2008-08-08 18:03:38 UTC - RP124 - Microsoft OneCare Protection Checkpoint


-- First Restore Point --
1: 2008-07-11 15:46:44 UTC - RP106 - Spyware Terminator - restore point


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 91% (more than 75%).
Total Physical Memory: 248 MiB (512 MiB recommended).


-- HijackThis (run as James!.exe) ----------------------------------------------

logfile has no content; running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-09 02:03:50
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\s... Read more

More replies
Relevance 43.05%

Whats wrong : or what I notice : I cant bring up my task manager .
Log: ---------------------------------------
Malwarebytes' Anti-Malware 1.28
Database version: 1166
Windows 5.1.2600 Service Pack 2

9/18/2008 5:47:44 AM
mbam-log-2008-09-18 (05-47-27).txt

Scan type: Quick Scan
Objects scanned: 53011
Time elapsed: 24 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 4
Files Infected: 32

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\n.cs4 (Backdoor.Ciadoor) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{0958c4c9-77b0-4aa8-9364-7886bfca7e39} (Backdoor.Ciadoor) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e14dce67-8fb7-4721-8149-179baa4d792c} (Backdoor.Ciadoor) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c9f1c5a0-f3d8-48e2-8b8c-3e86b4cac7e3} (Backdoor.Ciadoor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.... Read more

Answer:Solved: Malware Log post can you help ^^

sorry noob move .. Malware fixed everything >_> sorry and thanks for this site
 

1 more replies
Relevance 43.05%
Question: Post Malware Issue

I received help in the Malware forum that help to rid a laptop I am working on of malware. Everything seems to be running great now but I am having a problem with something that I think a virus or trojan horse did. I am unable to delete anti-spyware executables.

I was originally not able to run any anti-spyware programs after installing them. I was able to clean the machine up partially on my own and finished with the help in the Malware forum. I have old folders from spybot and windows defender and SAS that I cannot delete because a virus changed the programs exe file attributes to read-only, hidden and system but I am unable to remove those attributes. I even went into command prompt and tried to remove the attributes that way as well but I still get the "Access Denied" error.

Is there any other way that I can remove those attributes so I can finish cleaning up the laptop by deleting those old folders and exe files so I can reinstall the programs into their default folders? I currently have them installed in different folders so I can run the programs. Thanks!
 

Answer:Post Malware Issue

Unlocker http://majorgeeks.com/Unlocker_d4660.html
or Move On Boot (which deletes files and directories at bootup)
http://www.softwarepatch.com/software/moveonboot.html

Note: MG's download link comes up blank for me
http://www.majorgeeks.com/download.php/images/banners/MoveOnBoot_d5556.html
 

5 more replies
Relevance 43.05%

Recently found a nasty series of infections popping up. Had an IT friend recommend some freeware programs to help.

1. AVG (already installed) - found Vundo trojan and Cipher virus
2. Super-Antispyware (already installed) - found Trojan-Unclassified (MSXML71) and Rootkit.Cloaked/Service-Gen
3. Ad-Aware (already installed - nothing found other than tracking cookies)
4. Windows Firewall (functioning)

I installed and ran the following programs:
1. Malwarebytes Antimalware (found several viruses including Conficker, trojans, etc. - no log saved)
2. Panda Rootkit (nothing found)
3. F-Secure Backlight (nothing found)
4. Avira Antivir (found TR/Crypt.ZPACK.Gen)
5. Dr Web Cureit (nothing found)
6. Autoruns by Sysinternals (b.exe found running (no iTunes installed, process killed, registry value removed and file deleted)

I'll patiently listen to admonishments about keeping detailed logs, I know it makes your side of things harder.

Update: I did find reference to Conficker infection in the MBAM log by scouring through the deleted files on my C: drive. Unfortunately, I couldn't recover most of the file so I'm not sure whatelse was in that log.

I need to know if I'm clean yet.

I do have a brand new HD in the shrink wrap sitting on my desk incase I need to reinstall the whole stinking Windows, though I'd like to avoid that if possible.

I have ran Comedian and DDS.scr.

ASUS P4P800 Deluxe Mobo, P4 2.8 Gig processor
Windows XP Pro, SP3
IE version 8 (highest security setting on all t... Read more

Answer:Post-Malware Cleaning

Sorry to reply to my own message, but I needed to post an update. Took the time to research a little and removed the last of the suspicious files that I can find.

Below is the text of most recent DDS run (post Comedian)

-----

DDS (Ver_09-06-26.01) - NTFSx86
Run by Wookie at 21:05:45.68 on Fri 07/17/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1568 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Windows Defender\MsMpEng.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Micros... Read more

3 more replies
Relevance 43.05%

Hello:

I apparently downloaded a virus or malware. It got through McAfee. It looks like these were the two culprits: kernelw.sys and kernelwind32.exe . But maybe there is more.

I have run completed McAfee anti-virus scans as well as AdawareSE. I either deleted or quarantied what I could, but apprently there is still an issue.

I also used McAfee's autotechnician. It said it could solve one thing, but not another.

I can run my computer ok (it seems slow though), but I am having the following the problems.

1. McAfee says there is a problem that needs to be fixed. But when I hit the prompt to fix it, it cays there is an error and does not fix it.

2. I cannot access the task manager. When I try, I get a prompt that the administrator is denying privileges.

3. I constanty get fake Windows Security Alert pop ups suggesting a download some type of scam anti-spyware program.

4. The control panel is not longer available.

I already ran a hijackthis. I will provide this and whatever other logs may be helpful.

Thank you for you help.

jeffn1
 

Answer:1st post with malware problem Please help!

Hi jeffn1!
Welcome to Major Geeks!

You need to run the READ & RUN ME FIRST so we know how to help you. Note the instructions which are specific to your operating system and when you finish, you can attach the requested logs with your next post.

Thanks.
abri
 

5 more replies
Relevance 43.05%

Hi There,
After removing a trojan horse malware program I am no longer able to install programs, e.g. Security Essentials, McAfee, etc. Programs appear to install but at the end return an error code (Security Essentials Error Code: 0x 80070643)
Any help appreciated.
Cheers,
Olaf

More replies
Relevance 42.64%

Hi

What's the best password protect protect software for folders?

Also if the password was forgotten or lost..would there be any way to acceess the file?

Thanks.

More replies
Relevance 42.64%

Tech Support GuySystem Info Utility version 1.0.0.2
OS VersionMicrosoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor AMDAthlon(tm) II X4 620 Processor, AMD64 Family 16 Model 5 Stepping 2
Processor Count 4
RAM 5887 Mb
Graphics CardNVIDIA GeForce 9100, 256 Mb
Hard Drives CTotal - 598084 MB, Free - 292220 MB; D Total - 12292 MB, Free - 2200 MB;
MotherboardPEGATRON CORPORATION, VIOLET
Antivirus PCCleaners, Updated Yes, On-Demand Scanner Disabled
PLEASE NOTE: This is 2nd post on this issue as firstcould not be completed (activity discontinued) because of unforeseen,unavoidable circumstances! (First post was under the title/link below)! I am presently working from my Gateway Laptop (computer A) but my HPDesktop (computer B) is the one infected /that is, lockedup (now in “boat-anchor” status) because of FBI MoneyPak malware! (This isclearly shown as before windows isallowed to load… screen pops up to announce that FBI MoneyPak has control andcomputer is locked-up until desired response (moneypak) is purchased and codeis entered assuring that hijacking fools have their money.
As mentioned, my first post (link below) was halted becauseof unforeseen, personal circumstances andthat has carried this out for days now so I am anxious to get results. I wouldvery much appreciate help in this matter!
Previously, I haddownloaded the sysInfo utility ( and… Hijackthis)to USB (using computer A). Ithen booted (computer B in safe modewith USB in place), run sysInfo tool and creat... Read more

Answer:2nd post... FBI Malware... real stickler!

16 more replies
Relevance 42.64%

Hi all, I attempted to run the DDS download but no file would download for me. DDS Is there an alternate site/link to download from? I was signed into BC at the time. I was instructed to post as per instructions here by AustrAlien. He was helping with BSOD's. I have MBAM(updated last on 2/27) and MSE (updating daily) running on my system. MSE scans daily. edit: I should add that I don't really have any signs of infection. I run MBAM roughly once a week as backup. System info Speccyif more info needed, here is my jcgriff tool most recent update. Please let me know how to proceed.MBAM Log (I don't know how to find MSE logs. I couldn't find an option for enabling logging)Malwarebytes Anti-Malware 1.60.1.1000www.malwarebytes.orgDatabase version: v2012.02.27.04Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421owner :: LIVINGROOM [administrator]2/27/2012 1:31:59 PMmbam-log-2012-02-27 (13-31-59).txtScan type: Full scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 442234Time elapsed: 54 minute(s), 35 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detecte... Read more

Answer:Possbile Malware - requested to post in here

DDS download worked in IE but not chrome. Odd.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by owner at 9:07:39 on 2012-02-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.1870 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90�... Read more

24 more replies
Relevance 42.64%

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:14:44 AM, on 12/14/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16750)
Boot mode: Normal

Running processes:
C:\Users\Mark\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Users\Mark\AppData\Roaming\Search Protection\SearchProtection.exe
C:\Users\Mark\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Mark\Saved Games\Desktop\techguy\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=714647&fr=spigot-yhp-ie
R1 - HKLM\Software\Microsoft\Intern... Read more

Answer:malware infection lots of pop ups (post 1)

11 more replies
Relevance 42.64%

Hey people

Everytime i boot my computer for the last 3 days, i have been getting the startup repair everytime, anyway it was very hard to get into my computer for a while, i finally managed to stop the startup repair launching and i have been trying to figure an fix whatever is wrong with my computer for the last few days. Im pretty sure its a rootkit virus because when i was running an avast scan the other day (which i closed accidently not realising Doh!!!) and for 2 seconds before i closed it a rootkit extension did show up, unfortunately i did not have enough time to get the name or anything. I have tried numerous amounts of ways to get rid of this incl. running nearly every command prompt i could possible run and downloading a good few programs in hopes that they might help heres a list - Malwarebytes - advanced system care - ErrorEnd - OTL - Webroot SecureAnywhere - Windows memory diagnostic - SuperAntiSpyware - Ccleaner and HDD Health to no avail, i just ran ESET online Scanner and it has found 3 problems which were Variant of win32/installcore.c application, these scans have gone on for a few hours, at least with some of them, i checked eent viewer and there was 2 errors around the day my comp stopped working they were both within a minute of each other and both were the same apart from 1 bit the same -
windows update could not be installed because of error 2149842967 "(Command line: ""C: windows\system32\wusa.exe" C:\users\kelvin\appdata\local... Read more

Answer:In reference to my other post (Malware, Rootkit, Something very bad ??????)

Hello Kelvinosullivan,

I see you also ran Combofix. The log contains important information, kindly post the contents of the C:\CombFix.txt.

**Please do not attach logs unless specifically requested to do so. Thanks. :)

1 more replies
Relevance 42.64%

IE 11 will not open the home page upon its start; nor will it navigate to other sites. Here's what happened.

Last night I was updating programs (java, flash, etc.) on a friend's laptop at the behest of Update Checker "Filehippo". I decided to download Ccleaner directly from piriform.com as I usually do. I got to the site, clicked to download the latest version, but a page from Filehippo appeared instead. I clicked the download link, but nothing appeared to happen.

I repeated the process twice more, then just downloaded the program from the original alert I got from Filehippo. Later that evening, I was reading a blog when a video ad popped up advertising a well known product, but also inviting me to join skipit, a service that allowed one to “skip over” web advertising for a fee. I declined the invitation, closed the ad and continued to read the article. The same invitation and similar ads popped up thrice more in the ten minutes it took me to finish the article. At that time I assumed it was just that blogger’s way of monetizing his site.

This morning the ad-vids and invitations continued on all web sites and in all four of my browsers (IE, FF, Chrome, and Pale Moon). I searched both Control Panel/Add-Remove Programs list and Revo Uninstaller’s as well, but did not find any software listed that I had not installed prior to the CCleaner incident.

I then checked the extensions and plug-ins of all the browsers and only FF had an unfamiliar one that I... Read more

Answer:IE Failure Post Malware Removal

SysInfo:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD Phenom(tm) II N850 Triple-Core Processor, AMD64 Family 16 Model 5 Stepping 3
Processor Count: 3
RAM: 3834 Mb
Graphics Card: AMD M880G with ATI Mobility Radeon HD 4250, 320 Mb
Hard Drives: C: Total - 476936 MB, Free - 411104 MB;
Motherboard: Hewlett-Packard, 1442
Antivirus: Kaspersky Internet Security, Updated and Enabled
 

2 more replies
Relevance 42.64%

I have WinXP, and I was just recently hit by the rogue Spyware Removal 2008spyware/trojan, which somehow downloaded itself onto my computer without me even doing anything. I was on Yahoo.com, and a new tab opened itself up saying "Warning this site contains links that may harm your computer." So I closed the tab, and boom, this Spyware Removal 2008 downloaded itself onto my pc.

At first it would redirect my browser anytime I would search for anti-virus, and I would be brought to a rogue anti-virus download site instead. I was finally able to get HJT and Malwarebytes via direct download links that were supplied to me as a friend. Then my computer no longer had any sort of WiFi, and the start menu went from normal looking, to old school windows looking. Whenever I got an alert popup, my computer would also make a loud beep noise, which had never happened before.

After running my pc in safe mode and renaming the programs to iTunes and Firefox, I attempted to run them. HJT successfully ran, however malwarebytes did not. With HJT, I used the house computer to read the actions necessary to perform on my laptop via this site, and got all of the malicious files off of my computer.

Now the issue is, my windows start menu still appears old school looking, regardless of having the modern appearance in my appearance customization area in the CP. I still have no WiFi on my laptop now, that beeping noise is still occurring, and I'm getting a little balloon from windows ... Read more

Answer:Post Malware Removal Issues.

Welcome! to MajorGeeks.com!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.


READ & RUN ME FIRST. Malware Removal Guide


If something does not run, write down the info to explain to us later but keep on going.

Do not assume that because one step does not work that they all will not.
Notes:
If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

 

12 more replies
Relevance 42.64%

I recently came into contact with a program that behaved like malware, yet didn't trigger either MSE, nor MBAM. The only software that even alerted me it was messing around was Comodo's Defense+. I noticed it added a startup entry to a 'rundll32 .exe' in my user folder and modified a registry key. I ran several scans (MSE, MBAM, Avira Antivir manual scan with MSE and MBAM running active guard) and I believe I managed to remove all traces of it. However, I would like a second opinion, since I'm not really adept at interpreting the DDS and HijackThis logs.
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by TechDevout at 14:38:21.83 on Wed 05/11/2011
Internet Explorer: 8.0.7601.17514
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2540 [GMT 3:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RP... Read more

Answer:Post-Malware Removal Help Request

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

7 more replies
Relevance 42.64%

For two days now, every time I get on Firefox OR IE, after a few minutes, the browser freezes. I have to use task manager to end the process and start over..only for it to happen again. Also, when I click on anything on my desktop, my computer hangs and I get the blue orb for a few minutes. I searched online for a solution. Don't know if it's malware or hardware malfunction. Could really use an expert opinion. RootREpeal will never run on my computer. It always shows an error when I try. Malwarebytes froze when I tried to run it and would only run in safe mode. combofix took FOREVER to run............MALWARE GUYS SAID THEY FIND NO MALWARE IN MY LOGS SO I SHOULD POST THIS TO YOU GUYS. CAN YOU HELP PLEASE???
 

Answer:malware guys told me to post here....

Tried restoring to 3 days ago before you had the problem? What was the result?
 

15 more replies
Relevance 42.64%

I have removed the viruse with Malwarebytes, also used unhide.exe to show all of my files, and when I go to my smtmp folder under programs I have another list of folders and all of them are empty. Please Help!!!

Answer:Post-malware Removal Problems

Did you run any temporary files cleaner, since the issue happened?

3 more replies
Relevance 42.64%

IE 11 will not open the home page upon its start; nor will it navigate to other sites.
 
Here's what happened.
Last night I was updating programs (java, flash, etc.) on a friend's laptop at the behest of Update Checker "Filehippo". I decided to download Ccleaner directly from piriform.com as I usually do. I got to the site, clicked to download the latest version, but a page from Filehippo appeared instead. I clicked the download link, but nothing appeared to happen.
I repeated the process twice more, then just downloaded the program from the original alert I got from Filehippo. Later that evening, I was reading a blog when a video ad popped up advertising a well known product, but also inviting me to join skipit, a service that allowed one to “skip over” web advertising for a fee. I declined the invitation, closed the ad and continued to read the article. The same invitation and similar ads popped up thrice more in the ten minutes it took me to finish the article. At that time I assumed it was just that blogger’s way of monetizing his site.
This morning the ad-vids and invitations continued on all web sites and in all four of my browsers (IE, FF, Chrome, and Pale Moon). I searched both Control Panel/Add-Remove Programs list and Revo Uninstaller’s as well, but did not find any software listed that I had not installed prior to the CCleaner incident.
I then checked the extensions and plug-ins of all the browsers and only FF had an unfamiliar one that... Read more

Answer:IE Failure Post Malware Removal

OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD Phenom™ II N850 Triple-Core Processor, AMD64 Family 16 Model 5 Stepping 3
Processor Count: 3
RAM: 3834 Mb
Graphics Card: AMD M880G with ATI Mobility Radeon HD 4250, 320 Mb
Hard Drives: C: Total - 476936 MB, Free - 411104 MB;
Motherboard: Hewlett-Packard, 1442
Antivirus: Kaspersky Internet Security, Updated and Enabled

1 more replies
Relevance 42.64%

Hi guys, Ive recently been infected with a series of malware and spyware infections. Ive scanned with a few programs:
SpySweeper6
SpywareTerminator
Spybot S&D
Malwarebytes'
Exterminate It!
and ParetoLogic
all spyware/ malware removers.....all failed.
Theres some type of DNS infection also which redirects my browser when I try to visit Microsoft Support sites and most other updating or online scanning sites. I have posted a HijackPatrol log (generated by WinPatrol) for your expert review... please help.
 

Answer:(first time post!)malware infection

The site is telling me my Hijack log contains to many characters to post pls help..
 

2 more replies
Relevance 42.64%

Hello,

I am running Windows XP. I recently discovered that my computer got a virus. The virus was discovered by AVG Free edition, and called 'Generic.EUP'. It affects the file "jun.exe", and has caused my interface to come up with some strange errors. I think that I have removed the virus following your instructions, but there are still some issues that I don't know how to resolve.

For example, open programs no longer minimise into my taskbar; I can still access them by using 'Alt+Tab', it is not a severe problem I know but it is still a pain. There was also an error message that popped up everytime I opened up 'Control Panel' saying something about Hardware Acceleration for Sound Software, but that seems to have resolved itself.

I have scoured the internet looking for some information but I cannot find any. Can you help me resolve this problem? I am currently living in China and I think this malware may be specific to the China region. I have also noticed that "C:/Windows/System32/jun.exe" is still in my msconfig 'Startup' tab. Is this a problem?

I have uploaded the files as per your request, except for the AVG antispyware files as it didn't make a log after the scan despite my settings specifiying it should. Maybe this is because it didn't find any major problems?

Thanks in advance!!
 

Answer:post malware removal troubles

Please use add/remove programs to uninstall:
J2SE Runtime Environment 5.0 Update 11"
J2SE Runtime Environment 5.0 Update 9"
Java(TM) SE Runtime Environment 6 Update 1

Please disable all anti-virus and anti-spyware programs while we do the following:

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O4 - Startup: jun.lnk = C:\WINDOWS\system32\jun.exeClick to expand...

After clicking Fix, exit HJT.

Now download The Avenger by Swandog469, and save it to your Desktop.

* Extract avenger.exe from the Zip file and save it to your desktop
* Run avenger.exe by double-clicking on it.
* Check the 'Input script manually' box.
* Click on the magnifying glass icon.
* Copy everything in the Quote box below, and paste it in the box that opens:



Files to delete:
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\jun.lnk
C:\WINDOWS\system32\jun.exe

Folders to delete:
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\jun.lnkClick to expand...

* Now click the 'Done' button.
* Click on the traffic light icon and OK the prompt.
* You will be prompted to restart, OK the prompt and your PC should reboot, i... Read more

7 more replies
Relevance 42.64%

I'm running Windows 7 on a 64-bit Dell notebook. A few times a day, my screen goes black for a couple seconds, and a taskeng.exe and "interactive services discussion" window pops up. It gives me an option to  "return now," and when I click that button, the screen goes back to my open applications and desktop.
 
I believe this may be caused by some kind of malware. My HijackThis log is attached. Please let me know if you have any ideas on how to resolve this issue and remove any malware.
 
Thanks in advance for your help.
 
Moderator Edit: Moved from Windows 7 to a more appropriate forum
Roger

Answer:Need to get rid of malware -- See posted HijackThis post

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.     HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.    Scan with FRST in normal modePlease download Farbar's Recovery Scan Tool to you... Read more

2 more replies
Relevance 42.64%

Found TSG when I encountered Antivirus Pro 2009. Took first advice from other thread and downloaded Malwarebytes Anti-Malware. Seems to have removed all elements of the virus but not smart enough to know if it got all of it. Really appreciate the help. The Malware program ran overnight and I rebooted this morning. Here is the log after the scan and removal. Do I need to also download ATF Cleaner and Hijackthis software? Thanks.

Malwarebytes' Anti-Malware 1.30
Database version: 1406
Windows 5.1.2600 Service Pack 3
18/11/2008 08:52:08
mbam-log-2008-11-18 (08-52-07).txt
Scan type: Quick Scan
Objects scanned: 139368
Time elapsed: 1 hour(s), 20 minute(s), 54 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 4
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 4
Files Infected: 44
Memory Processes Infected:
C:\Program Files\AntivirusPro2009\AntivirusPro2009.exe (Rogue.Antivirus2008) -> Unloaded process successfully.
Memory Modules Infected:
C:\Program Files\AntivirusPro2009\htmlayout.dll (Rogue.AntivirusPro2009) -> Delete on reboot.
C:\Program Files\AntivirusPro2009\AVEngn.dll (Rogue.Antivirus2008) -> Delete on reboot.
C:\Program Files\AntivirusPro2009\pthreadVC2.dll (Rogue.Antivirus2008) -> Delete on reboot.
C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Delete on reboot.
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b8c5186e-ec37-4889-9c2e-... Read more

Answer:Malware v Antivirus Pro 2009 post log

bump
 

1 more replies
Relevance 42.64%

ok.
I got the XP Defender Pro malware on my computer. I was able to get it off thanks to your "READ & RUN ME FIRST. Malware Removal Guide" (Which is awesome by the way), but I've hit a snag.

I ran SUPERAntiSpyware but after the reboot, I get this problem. When ever I try and open a program or anything for that matter the "Open With" window pops up. I have to then manually find the program I want to open and then open it. That wouldn't be so bad but some programs just won't open i.e. any of the antimalware programs you recommend, Windows firewall, anything in the Control Panel. I can't get the logs for SAS because I can't open it and I can't get any type of fire wall up. Also, I tried to rename the SAS install file to reinstall it but I just keep getting redirected to the "Open With" window.

Any help would be much appreciated!
Thanks.
 

Answer:Post Malware Removal Problem

I can't get the logs for SAS because I can't open itClick to expand...

The log will be retrievable at:

For XP:





C:\Documents and Settings\your username\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\SUPERAntiSpywareClick to expand...

For vista:





C:\Users\insert your user account name\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\LogsClick to expand...

Try this exe file fix:

Scroll down to the 9th fix in the list:

http://www.dougknox.com/xp/file_assoc.htm

Then try to continue on with other steps in the R&R and attach the requested logs.
 

1 more replies
Relevance 42.64%

So last night I got the pop ups from Malware defense. I did not get tricked by it and follow its directions. I could not acces anti spyware websites, and spybot wouldnt work. After thouroughly looking online (from my pther computer), I noticed my infected computer did not have the bad registry values and such that many manual removal sites said I would have. Following instructions of one site, I ended up having to rename malware bytes installer off a flash drive and install it. Then I had to download another piece of malwarebytes off the internet in order to run it. All this time my computer would randomly freeze, I could move my mouse but nothing would respond and I would need to hard shut down. I could not run the malwarebytes scan entirely through because my computer would freeze until I tried running it in safe mode. It went all the way through, but I did notice that one file was not caught when it had previously been when attempting it not in safe mode. The pop ups stopped after it had sucessfully ran and the files were removed. However, my computer still freezes unless in safe mode. A pop up when restarting had appeared after each restart saying viewpointmgr is not responding and needs to close. I removed viewpoint manager, media player and toolbar from my computer. This ended that pop up. I noticed I still cant go back and restore my computer to before I got infected.

My computer is still freezing after a relatively short period of time unless it is in safe ... Read more

More replies
Relevance 42.64%

Hi, trying to help fix friend's laptop, I'm pretty sure it has some kind of virus or syware problem. It takes a very long time to boot up. Bought this laptop used, have only been online a couple times so pretty sure it was already infected. When tried to go online, the internet explorer will keep shutting itself off & pop ups keep coming up before you even try to open internet explorer. It had Norton antivirus, which had expired, and AVG. Right before I ran hijackthis, I removed Norton. Tried to update AVG and it gave an error saying to check the update server (I think), so it wouldn't even get updates. I know there are alot of things on at startup that I don't recognize, but since it kicks me offline so fast, I thought I should start here to try to remove whatever I need to & hopefully someone might know how it got on the computer or how to prevent it again. I ran hijackthis and shut it off to wait for someone to help me.Thank you in advance!md i'm sorry if i post these logs in the wrong order, i can't remember which one was the main & which was the extra.Deckard's System Scanner v20071014.68Run by louis on 2008-05-01 13:08:42Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --5: 2008-05-01 18:09:25 UTC - RP5 - Deckard's System S... Read more

Answer:Win32 Virus/malware? How To Fix, Htl Post

Welcoming to Bleeping Computer, please be sure you have read and followed the Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computer http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/All advice given is taken at your own risk.Hi md, first thing you need to know is this is a very infected computer and cleaning it up is not going to be fast or easy. The junk will download more so it is important to stay offline unless you are troubleshooting. So we are communicating, I still see Symantec on the computer and do not see AVG? Decide what you are going to run for a antivirus program and let me know. If you need a free one I can provide links to several. If you need help removing Symantec, I can provide that also.Let me know what you wish to do. Let's start like this.1) Remove any old copies of combofix before you proceed.Thanks to sUBs and anyone else who helped with this fix.It is important that it is saved directly to your Desktop Download ComboFix from Here to your DesktopDouble click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stallPost the combofix log and a new HJT log using Add Reply.Tutorial if needed:http://www.bleepingcomputer.com/combofix/how-to-use-combofi... Read more

18 more replies
Relevance 42.64%

I am working on a computer which had the "VIRUS PROTECTOR" virus. The instructions I found on here to remove the virus did not work because it disabled the ability to update both Windows and MalwareBytes. I had to get the updated rules.ref file from another computer and after running and fixing all entries that showed up, there's no more fake security alerts or anything, but I still cannot connect to MalwareBytes.org or any kind of Windows update. Furthermore, this computer uses a static IP, and everytime I run MalwareBytes now it shows what is in the log file I have updated. If I remove the "infection" then it blanks out the DNS in the IPv4 settings and thus loses connection to the internet. So everytime I change the DNS back to what it should be, MalwareBytes shows what is in the log file.Also uploaded is a HijackThis log. I am completely stumped here.

Answer:Post-Malware removal symptoms

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

4 more replies
Relevance 42.64%

Over the weekend I was infected with a fake anti-virus program named Personal Shield Pro.
Although I was able to remove the malware (with Malwarebytes' Anti-malware), my computer is still acting up. For example I cannot connect to the internet on any browser while running normal mode, or safe mode w/ network connections. Many of my programs crash on start up as well as I occasionally get a BSOD.

Any assistance would be much appreciated seeing as my computer is basically a shell at the moment.

Answer:Post Malware cleanup problems

You are either still infected or sustained some damage from the infection that the Pros in the Virus Removal Forum can help you with. You need to go there, read the sticky and post the logs they need to help you with your issues.

1 more replies
Relevance 42.64%

I know one of you geniuses knows how to eradicate this problem, but I have gotten no bites yet.

original post:

I am running xp sp2 and something is trying to change the following file extensions to associate with notepad:

.reg
.scr
.vbs
.vbe
.wsf
.wsh

This recurrs approximately every 20-30 minutes. I have scanned with the TrendMicro evaluation software, the TrendMicro website scanner, System Mechanic Pro 7 trial software and also ran Windows Update with no problems found. WinPatrol is catching the change, but it does not tell me what is doing it. I did try to Google the problem, but my syntax must be off because I can find nothing.

Removed TrendMicro and installed ESET Smart Security- it also found nothing with full scan but the problem continues.

new info:

Since my first post I have integrated a registry tweak that was supposed to lock all the associations (after I reset them) but the problem continues. I have found no startup files that are suspicious. I am losing my mind. Won't you please, please help me?

If there is any further information needed, please let me know.
 

More replies
Relevance 42.64%

and I still have a question. I have Vista on my laptop(please don't hurt me, I got the laptop I wanted at the price I wanted and it came with Vista). Is the Windows Defender inadequate? You said I should use only one malware tool, so should I forget about Defender and use something else like AVG or another one you mentioned? I'm looking for the free versions.
By the way, you are the anti-malware god!
Mike
 

Answer:i read your post on malware removal...

Hello, Gargoyle2009

1) Is the Windows Defender inadequate? There are far better anti-malware tools - such as SUPERAntiSpyware and Malwarebytes Anti-Malware.

2) You said I should use only one malware tool... <--- Not completely accurate. See our guide

How to Protect yourself from malware! - What do we recommend ?

dr.m
 

1 more replies