Computer Support Forum

Malware removal help - MS Removal

Question: Malware removal help - MS Removal

Hey,

So I got infected with this virus/malware MS Removal Tool. Things that I noticed: it created a file nvpcpl.dll, hid all my d drive files and removed 90% of the items from the Start > All Programs menu. I ran through all the scans but still cant seem to get the programs in the All Programs menu back. Attached are my clean scans in the order recommended. Just as an fyi, C: is my primary drive, D: stores all documents/pictures/music, F: is the external hard drive. Thanks for the help.

Relevance 100%
Preferred Solution: Malware removal help - MS Removal

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Malware removal help - MS Removal

Things that I noticed: it created a file nvpcpl.dllClick to expand...

See this link About nvpcpl.dll You do not have macafee installed and I am not seeing the file in your logs. Do you still see it? If so give me the full file path. But you also have NvCpl.dll running which relates to Nvidia which IS installed.

Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.


Right-click OTM.exe And select " Run as administrator " to run it.
Paste the following code under the area. Do not include the word Code.

Code:


:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}]

:files
C:\Documents and Settings\All Users\Application Data\oJh06504hBkGg06504

:Commands
[emptytemp]
[Reboot]

Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
Push the large button.
OTM may ask to reboot the machine. Please do so if asked.
Copy everything in the Results window (under the green bar), and paste it into notepad, save it as something appropriate and attach it into your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.


Download and run combofix because you missed that step out.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista or Windows7) Then attach the new C:\MGlogs.zip file that will be created by running this.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

3 more replies
Relevance 79.13%

Staff Advisory: This post needs to remain here until one of the malware team advise that it can be moved. This member cannot access our malware forums due to their infection. ~ Animal----------------------------------------------------------------------------------------------------------------------Hello, I got some help from some nice people in the live chat. I have made a log with your hijackprogram and am posting it at the bottom. It created two .txt files so there are two reports. I am unable to open ANY link that has the words anti-spyware anywhere on the page or in the address bar so unfortunately I cannot post this in the malware removal forum because the internet window closes every time. I am in dire need of some help! I have a subscription to spy sweeper and it is keeping things out but I was infected with Antivirus xp 2008 and possibly some viruses because the computer was un-protected for about a month while I was in the hospital..I run with Windows XP and a wireless connection. If someone could take the time to look at this for me I would be so incredibly thankful! I offer my services as a photographer/graphic artist/professional gift shopper/myspace designer/beginner web designer. You can see what I do at www.perfectionpictures.com and contact me if you need anything at all!Current Symptoms (in the order of appearance)Random Total system crash then restart then blue screen then back to windows. msvcp71.exe is missing so a program is being prevented ... Read more

Answer:Antivirus Xp 2008 Removal Help/am I Infected? Can't Open Malware Removal Forum

Hi & welcome,I would like to try a couple things before we go much further so I have a bit better picture of what is happening and can take the needed cautions.1.) click start> run> type msconfig and hit enter.click "boot.ini" tabCheckmark /bootlogClick "apply" and "close"Reboot when askedLocate and delete this file:C:\windows\ntbtlog.txt (in case your extensions don't show it looks like a notepad)RebootLocate & post:C:\windows\ntbtlog.txt2.) Click start> run> type: cmd.exe and hit enter.type the following commands exactly as you see em & hit enter after each one:cd c:\windows\system32dir userinit.exeNote the file size please & report that back to me. Leave cmd open a sec.Back at the cmd window...Type:cd dllcachedir userinit.exedir spoolsv.exeNote file sizes & report that back to me.Type exit in the CMD window & hit enter. (this closes it)3.) Can you see also if you can get this program installed please:http://download.bleepingcomputer.com/hijac.../HJTInstall.exeSave file> run it> follow prompts to install excepting defaults.Allow it to "launch" hijackthis.Click the "Do a System Scan and Save a Log File" optionSave the log file and then it should open with NotepadGo to Edit, Select All and then Edit, Paste to paste the contents of the log hereLet me know if you had any problems with the above please.I advise keeping the system offline as much as possib... Read more

3 more replies
Relevance 79.13%

Apologies, but i'm a bit of a novice. my computer did a scan when i started it and came up with some trojans. when i tried to delete them, a malware removal programme tried to install itself so i closed the download dialog box. unfortunately, i cannot remember the name of the software that was trying to install itself. please would you review my log below and help me clean my computer?

many thanks
---------------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by 0 at 19:57:35.67 on 02/01/2010
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.3000.1826 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows&... Read more

Answer:attempted removal of trojans try to install "malware removal software

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 78.31%

Hi,I have tried many ways to get rid of some Malware that has only recently infected my PV. I hope someone can help me as this is my work PC and I need to plug back into my office network in a few days, but think this would be a bad idea at the moment.The problem first showed itself by insisting I had many viruses etc, and I should install Internet Security 2010. I have installed Malware Bytes removal tool, and installed as instructed. It found the above, said it was removed, but still it appears to exist, although the name of the infection has changed a few times, and is currently redirecting my brower to a similar page to the above malware. A popup now shows that I should install Cyber Security to remove the infections. This is obviously another malicious antivirus/malware program.I have McAfee Enterprise installed (which I can't seem to disable)I have also run SuperAntiSpywarePlus, which did the trick removing a similar problem about a year ago on a different PC. However, although this program also finds problems, and supposedly removes t5hem, the problem is still there.Please help. I have shown Hijackthis log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:58:42 PM, on 29/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\... Read more

Answer:Cyber Security removal; Malware removal not working

Hi,I have tried everything I know of to remove this pesky piece of malware. It seems to keep changing names, starting out as Internet Security 2010, and redirecting me on a google search to a webpage trying to convince I was riddled with viruii and malware, and then trying to sell me thier software, which is really just a scam. I ended up here after a few days of tearing my hair out, almost beaten. I went through the tutorials, but unfortunately that was before I fired off a post in desperation. Please delete my previous post, as I have now followed the suggested path, and run the utilities to help diagnose my problems. The resulting files are attached.Please help. I hope the files uploaded can provide an insight into whats happening.Apologies for jumping right in and posting a Hijackthis log before I had read the tutorials.ntents belowDDS.txt contents pasted belowDDS (Ver_09-12-01.01) - NTFSx86 Run by Greg.Middleton at 15:30:23.26 on Tue 29/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.3063.2330 [GMT 9.5:30]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\windows\Syst... Read more

3 more replies
Relevance 76.67%

Hello!
In reading more of these threads I can see Im not the only one with the iexplore issue.
Glad to know it can be corrected!!!!

I have multiple pop-ups and my computer is as slow as dirt.
When I get home at 3:30 Calif time I will do the HJTInstall.exe thing and post the results.
Would the results of one that was done two days ago help? Yes I was having the issue then and another company did one and told me to email it to someone, which I did but I havent heard anything back and my computer is close to useless at this point.
Can MFDnNC or anyone else help?
Thanks!!!!
Ginny
 

Answer:malware removal/popup/iexplore removal

16 more replies
Relevance 76.67%

I read and followed precisely "Vista and Win 7 Malware Removal/Cleaning Procedure"

My issue: I was informed my my isp the following: "Mail Log Parsed from Feb 15, 2013 19:47:04 to Feb 16, 2013 19:47:04 User sent approximately 141,801 messages to 136,591 unique recipients. There were 2598 bounces received in this period, 1 percent of the emails sent. "

I have AVG, running constantly. ISP changed my password to stop the mail. I ran AVG in safe mode. Still not sure trojan erradicated. ISP referred me to your site.

I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.

Please advise if you believe my system is clean, or what further I should do. Since I haven't seemed to find anything, it's hard for me to be comfortable that it's clean.

Thank you emmensely!!

Mike Sieber
 

Answer:Help with malware removal--have performed removal instructions

Welcome to Major Geeks!




mike sieber said:





I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.Click to expand...

Not problems. It is just junk from AVG. All of your logs are clean. Many times when something like this happens, it is not an infection. It is due to a spammer/spammers getting your email login and password and they use it from other PCs to send out their spam. There are cases of infections that can cause spamming ( like some master boot record or partition infections ) but you show no signs of these.


If you are not having any other malware problems, it is time to do our final steps:
We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to ... Read more

3 more replies
Relevance 76.67%

Since the ComboFix will not run on Vista or Windows 7 64-bit, I have to look for new malware/virus removal apps... It was good while it lasted. So what tools do people use for Vista these days when the computer says: "WARNING! YOURS COMPUTER IS AN INFECTED BY HARMFUL VIRUS!!!!"

Answer:64-Bit Virus Removal & Malware Removal Tools?

64-bit Anti-Virus:List of 64-bit Anti-Virus For VistaAnti-virus protection in 64-bit environmentsFree Anti-virus:avast! Free Antivirus Avira AntiVir Personal - Free AntivirusAVG Anti-Virus Free Edition 8.5Microsoft Security EssentialsPanda Cloud AntivirusKingsoft Free Antivirus (Cloud Scan)Paid for Anti-virus:NOD32 Anti-Virus PersonalMcAfee AntiVirus PlusTrend Micro AntiVirus plus AntiSpywareNorman Antivirus & AntispywareCA Anti-Virus Plus Anti-Spyware64-bit Anti-Malware tools:Malwarebytes Anti-MalwareSUPERAntiSpywareKaspersky Virus Removal Tool - How to install and use documentationSpyware TerminatorWindows Defender (64-bit)PrevxSpybot S&DAd-AwareNorman Malware CleanerSunbelt Counterspy (free Trial)Comodo BOClean Anti-MalwareSophos Anti-rootkitSanityCheck Advanced Rootkit and Malware DetectorESET Online Antiivirus ScannerESET SysInspectorAnVir Task Manager FreeWinPatrolStart with these:How to use Malwarebytes' Anti-Malware to scan and remove malware from your computerHow to use SUPERAntiSpyware to scan and remove malware from your computer

3 more replies
Relevance 76.67%

I posted the software forum yesterday and was instructed to complete the malware removal steps and repost here. I have a new computer running Windows 8.1. When I say new, I mean I started having problems within a couple of hours after turning it on!

I have McAfee antivirus protection and downloaded and installed my MSOffice 2013 Home and Student. All seemed to be fine. The MSOffice was up and running and McAfee said I was protected. Suddenly and I don't remember what I was doing...it said Microsoft something (sounded like an antivirus or firewall something) had detected several problems and I needed to "clean my computer". Oh so ignorant of all that was going on with learning Windows 8.1 after using XP for years I told it to clean. Somewhere in there it suggested I do a system restore. All seemed OK until I realized MSOffice was no longer there. I tried to download it again and reload, but with no luck. It occurred to me it had something to do with the system restore so I tried to undo the restore. That of course didn't help. I'm also now getting messages from McAfee that I am covered and safe but that my firewall is turned off and needs to be turned on. However I can get McAfee to do nothing. I can open a screen, but nothing I do makes it do anything. I tried downloading their "Virtual Technician" before I started the process you recommended and it acted like it was downloading, but 20 minutes later it was still "spin... Read more

Answer:malware removal help - removal instructions attempted

Can you try running the tools that were not working before including Hitman, in safe mode please. Let me know how you get on.
 

16 more replies
Relevance 73.8%

HEY GEEKS NEED A LITTLE HELP. I HAVE A WINANTIVIRUS POP U THAT COMES UP EVERYTIME I AM ON THE NET, AFTER U X IT OUT 5 TO 6 OTHER POP-UP COME UP ABOUT A VIRUS. I AM RUNNING AVG EVERY MORNING, SYBOT SEARCH AND DESTROY, AD-WARE 6.0. HERE IS A HIJACK THIS LOG FILE TELL ME WHAT TO GET RID OF PLZ.

EDIT: Removed inline HJT log


THANKS

DOOKIE
 

Answer:winantivirus removal, malware removal

Hi and Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.


Run this first

Virtumonde aka Trojan Vundo Removal - some people also refer to this as WinFixer

Then run the below and atach the requested logs for the malware experts to look over.


Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.



When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

[*]runkeys.txt - the log from GetRunKey.bat
[*]newfiles.txt - the log from ShowNew.bat
CounterSpy - ONLY IF you were not a... Read more

1 more replies
Relevance 73.8%

MS Removal Tool is a rogue software. It restricts you from accessing your desktop. You cannot start Task Manager, and you cannot open Internet Explorer or any other programs. This situation is the result of malware (a variant of Win32/Winwebsec) that is infecting your computer.
To remove the MS Removal Tool, follow the steps below: Boot your computer into Safe Mode.
Windows XP and Windows Vista:Start your computer and press and hold the F8 key.A Windows Advanced Options menu will appear. Use your arrow keys to scroll to Safe Mode and click the Enter key.Click the Start button, and then click Run.Type cmd then click OK. A black command prompt window will appear.Locate the affected directories:
Windows XP:Type cd c:\Documents and Settings\All Users\Application Data\ and press the Enter key.Type dir and press the Enter key.
Windows Vista:Type cd c:\ProgramData\ and press the Enter key.Type dir and press the Enter key.Type c:\Users\All Users\ and press the Enter key.Type dir and press the Enter key.Scroll through the list to find directories with random names that contains 18 characters. For example: cHl08200gMhHd08200 , pJg08200fBmPl08200.Type rd /s /q <random name>, and then press the Enter key. Replace <random name> with the 18 character name. Repeat this step for each random name you find.Type reg delete hkcu\software\microsoft\windows\currentversion\run once /v <random name> /f, and then press the Enter key. Replace <random name> with the 18 cha... Read more

More replies
Relevance 70.93%

I have run the malware removal intructions and when through each programs as they did remove some of the malware and virus. The issue that I am having is that when I open the computer under seperate user and try to run the malware removal programs via internet or through USB drive, I keep seeing a window which pops up asking me which program I want to use to open the program. I have run the computer under the adminstrator and do not seem to have problems running the

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log



View attachment hijackthis.log

malware removal steps and have attached the reports from the intructions.

Even when I try to open add or remove programs under control panel- I get the following message: "C\windoesn\system32\rundll32.exe- application not found. I am thinking that It is something to do with AVG and have removed the program with the step.

Please help....

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log
 

Answer:Help with malware removal- have run malware removal instructions

ssmehta007 said:



....try to run the malware removal programs via internet or through USB driveClick to expand...

Specific download and installation instructions are in our R&R ME FIRST guide :
ComboFix
Running from: l:\combifix\ComboFix.exe <--- belongs on your desktop

RootRepeal
Save it to your Desktop

SAS & MBAM
Installed to the Default Location - "C:/Program Files", as we suggest that you keep them after malware removal.

MGTools.zip
Download this file to the root folder of the drive where you have installed Windows (Typically this would be C:\ and thus you would have a C:\MGtools.exe file after downloading). ​
Please make those corrections and attach the missing RRlog.txt (from RootRepeal) and MGlogs.zip - normally it is C:\MGlogs.zip . Please tell me any problems you still have.
 

18 more replies
Relevance 70.93%

Hi,

I have a dell xps 8300. It started acting up about 1 week ago (freezing while working online, freezing while trying to boot). Today i got the Blue screen asking me to restart if this was the first time I had received a blue screen.
I restarted it was fine for 30 minutes and everything froze.
I restarted it and I received error beeps ( 4 beeps)
I looked that up on dell support and they said it was RAM problems.
I opened up the computer vacuumed a bit, took out ram cards and reinstalled them.
It had been working o.k.for about 1 hour and only froze once more.
I decided to try the malware removal guide and here are the logs
Malware bytes did not find anything
TDSSKiller did not find anything
MGtools ran but as soon as it was done the window closed. i don't know how to find the log
Your help will be greatly appreciated
 

Answer:malware removal - have followed malware removal guide

I still want to see the log from Malware Bytes please.





MGtools ran but as soon as it was done the window closed. i don't know how to find the logClick to expand...

Should be directly on C:\ if that's where you boot Windows from. If you really cannot find the log, you'll have to run MGTools.exe again in order to produce a MGlogs.zip. Thanks.
 

20 more replies
Relevance 64.37%

I have scanned with AVG with the latest updates. On top of that insidious google redirect I get random pop ups even when I don't already have IE or Firefox running. Also getting sounds in the background like I'm clicking on a link, surfing the net when I'm not. And SYSTEM in task manager is hogging a ton of memory.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:52:42 PM, on 8/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeC:\... Read more

Answer:persistent malware undetected by virus scans and malware removal tools

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

2 more replies
Relevance 64.37%

Hi,

I am the IT manager in my company.

I have a co-worker, his computer has search redirect issue. That means most likely it has malware.
Then i installed some major malware removal: Spybot Search & Destroy, SUPERAntiSpyware, Malwarebytes

After i installed them, i cannot launch them(That definitely means it has some kind of malwares)
I needed to rename their .exe files, after i can run them and scan my computer.

SUPERAntiSpyware, Malwarebytes found something, but didn't solve the problem, search redirect and
blocking malware removal software are still there. Now i am running Spybot Search & Destroy will see what happened.

By the way, i run them in safe mode because when i logon window to normal mode, it is slow (like it takes a long time to explore hard drive, etc). I suspect the malware slow down my pc. hopefully not registry corrupted or something, but works smoothly in safe mode.

So you guys have any suggestions? or you need a log file from combofix?

Please advise,
Tommy

Answer:malware: google yahoo redirect and can't launch malware removal software

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

5 more replies
Relevance 64.37%

I did a hijackthis scan and here's what I got:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:18:17 PM, on 4/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\WINDOWS\System32\00THotkey.exeC:\WINDOWS\system32\TFNF5.exeC:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynT... Read more

Answer:Malware Blocking Acess to Spybot, Microsoft Malicious Removal Tool and other anti-malware programs

Hey guys I solved my own problem. I completely reinstalled windows. (It was about that time anyway)

2 more replies
Relevance 64.37%

Please help me,
I cannot access any internet (wifi & ethernet) after malware removal using GridinSoft Anti Malware. I already updated network drivers, but it's still not working.
 

More replies
Relevance 64.37%

I was surfing the web today and I believe I clicked on a pop up by mistake when I shouldn't have. Avira then blew up with Malware alerts and I knew I had a problem...

I did a virus scan and it removed the detections found but when I did a restart they were back again. Also, the virus seems to move itself around to other .exe files. I found it had infected moviemaker.exe so I manually deleted the file as I don't need it but as soon as I emptied my recycle bin the moviemaker.exe file returned back to its original folder.

I'm afraid something really nasty has infected me. Avira is detecting it as a W32/Infector.Gen2 and Maleware Bytes is detecting 2 Malware.Packer.Gen files.

I went through the Read Me First steps on this site and preformed everything it asked. However, I was unable to uninstall my previous JAVA (ver 19) and was not able to install the newest version of JAVA. Both gave me errors that the installation program wasn't working.

I'm attaching the logs here. Can anyone help me get rid of whatever is infecting my machine? I would really appreciate the help!
 

Answer:HELP-Requested Malware Removal (Infector.Gen2 / Malware Pacger Gen)

Here is the 5th log.
 

6 more replies
Relevance 64.37%

Hi, I'm suddenly having a lot of trouble with malware. My computer seemed to be running okay but I ran Malwarebytes as I occasionally do, and it picked up a fair amount of malware on my system. I deleted it and rebooted, but that's when my problems really began. Upon restarting, my internet connection has become almost unusable. It's extremely slow and generally I can't even open a page that I want after trying to refresh several times. Oddly though, google is working perfectly and a few other sites seem to work too, including this one. I've tried running MBAM again and again, each time it picks up more malware and I remove it, then reboot and the cycle renews. I can't seem to get rid of all of it, every time I scan my system there's just more of it. I've tried ComboFix but it doesn't seem to have done anything. One persistent thing seems to be photo_id.exe, I've got a few messages from MBAM saying it can't be removed and I need to reboot. Also, I've noticed that if I'm trying to reach a webpage, although it won't load there seems to be some redirecting, for example I just tried to reach a wikipedia page and it says &quot;The server at topsearchfeed.com is taking too long to respond&quot; For some reason I can't bloody format this properly no matter how hard I try, so here's an attached HJT log:
 

Answer:Malware removal attempt led to unusable internet, still can't remove all malware

problem has become more serious, now my mother has told me that the internet on her laptop is also extremely slow and essentially unusable, I'm worried that something from my computer has got on to hers via the wireless network we're both connected to. Somebody please help me
 

2 more replies
Relevance 64.37%

Gud day to everyone,

My computer having some malware activity, i have used adware 2008, spyware removal tool, norton anti-virus and other removal tool, but still those malware cannot be deleted.. My Computer icon could not display its properties, instead it appears like a file when you see its properties. It also disabled TCP/IP that why until now i cannot connect to the internet.. I don't have WindowsXP SP2 cd for repair..

Please help me as soon as possible, because it is a server..

Answer:Urgent! My XP SP2 have malware activity!.. cannot remove using malware removal tool

Hello frozenfire03, Welcome to TSF!

I recommend that you read this article… "Having problems with spyware and pop-ups? - First Steps"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.

When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Good Luck with it.

Kind Regards,

7 more replies
Relevance 63.55%

Had a machine in riddle with viruses which we duly cleaned up and removed without incident. Uninstalled the applications one at a time, restarting each time it was required and all was good.

After removing the last app (dont ask me which one it was I cant rememebr) the machine no longer starts.

It's boot cycling but once we disable automatic restart on system failure it brings up a STOP 24 error.

Have booted to puppy linux and examined the hard drive (which is SATA btw) and the data seems intact so we can assume, physically at least, that the drive is good.

Booting to an XP CD and attempting to access the recovery console to run chkdsk /r and it appears the drive is either not detected or is empty (the latter we know not to be the case)

Boot to an X CD to attempt a repair install and it tells me there is no hard drive present.

Check the BIOS and the drive is detected properly. swap the hard drive for a SATA CD and it detects the CD without issue which makes me thing the SATA controller must be functioning too.

Now it seems that the this single disk system has some kind of RAID configured on it according to the boot screens. My next step would be to remove the RAID but I'm concerned it might format the drive. Is this likely? It has an ASUS A8R-MX/S motherboard but the info I get from their site is a little vague.

Am I on the right track with the RAID thing or way off base, help me folks its driving me nuts.
 

More replies
Relevance 63.55%

Dell m1330 Vista home premium. I have malware isses, frequent memory dumps, google redirection and something is preventing me from running or installing anti-malware programs. I had to install malwarebytes using the rename method, but the program will not run in safe mode or normal. I had spybot previously installed but I was also prevented from opening, so I tried reinstalling, but before it can complete the installation I get the blue screen of death memory dump! Before reading the procedure I ran coolweb, kill2me, windows defender and windows malicious software tool. None of the programs found anything. I also perfomed a couple system restores, but both failed.

Should I continue with the cleaning procedure (combofix), or does anyone know how I can get malwarebytes and spybot to run?
 

Answer:Trying to follow malware removal procedure, but malware is preventing me?

Here's my MGtools log, it was the only program that worked.
 

4 more replies
Relevance 63.55%

Hi, i got infected because i was triying to run malwarebytes and it skip the part of analising the files, it ended in arount 1 minute in a full scan, and i tried to download dr web cure it, and it dont allow me, the computer seems fine, but those things are very strange, and when i was running the scan i was in safe mode...
 
thanks for the help

Answer:Malware infected, malware removal tools useless

Greetings samidelcueva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

0 more replies
Relevance 63.55%

Please find attached the logs from the scans in the Windows XP Cleaning Procedures. I followed the Cleaning Procedures but still have a problem. The problems can be pinpointed to yesterday when I surfed to a web site without having an up-to-date Anti-Virus definition files. Before I knew it, I had an infected machine.
There seems to be 2 problems.

(1) After restarting the computer, Windows File Protection gives following message.

Windows File Protection
Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. Insert your Windows XP Profession CD2 now.

I have Dell OEM Windows XP Media Center 2005 installed on my Dell Dimension 5150/E510. Problem is, Dell has a Windows XP re-installation CD but Dell states there is no 'CD2'.

(2) I keep getting pop ups every time Internet Explorer is open. The pop ups occur on their own.

Hopeful you can help me to fix the problem. :confused
Thanks,
Ankur

p.s. Please note, the AVG Anti-spyware log is not attached because it was not generated by the tool. I scanned my computer using Trend Micro (after updating virus definition files) and I can provide the logs if you need.
 

Answer:Malware problem not fixed with Malware Removal instructions

Welcome to Major Geeks!

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
Java 2 Runtime Environment, SE v1.4.2_03

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F3 - REG:win.ini: load=C:\WINDOWS\system32\mlljg.exe
O2 - BHO: (no name) - {3F7BDD0B-0462-4F19-8B87-54D83601B87C} - C:\WINDOWS\system32\mlljg.dll
O2 - BHO: (no name) - {B8AFD866-6B8B-490E-DA2E-39E671810F96} - C:\WINDOWS\system32\mknamps.dll (file missing)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime

After clicking Fix, exit HJT.


Now download The Avenger by Swandog46, and save it to your Desktop.

Extract avenger.exe from the Zip file and save it to your desktop
Run avenger.exe by double-clicking on it.
Check the 'Input script manually' box.
Click on the magnifying glass icon.
Copy everything in the Quote box below, and paste it in the box that opens:




Files to delete:
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\mlljg.exe
C:\WINDOWS\system3... Read more

9 more replies
Relevance 63.55%

Four steps that will keep your PC happy, healthy, and crap-free

Malware sucks. In the best-case scenario, it craps up your system with unwanted files and occasionally makes itself known in the form of a persistent pop-up window or annoying browser-based toolbar. In the worst-case scenario, malware completely takes over your desktop or laptop and ruins your life.

Your system slows to a crawl. You can’t even boot into Windows in the time it takes you to walk to the kitchen and back. Your data gets sent off to a faraway Internet land or, worse, your actual keystrokes are recorded for some unsavory individual to see. Malware locks down your browser, making you unable to actually do any browsing without being carted off to some bogus domain. You can barely run a program in Windows without getting bombarded by fake advertisements, programs, and dancing people on your desktop.

We can’t make this stuff up.

So what’s a computer enthusiast to do? Step zero: Read this guide, because we’re going to walk you through all the key details you need to know to both rid your computer of this junk and keep it free of downloaded nasties forevermore.



Read more at:
Maximum PC | Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Answer:Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Most excellent reading, thanks for posting for all to see, I , myself, use most all of these myself, the only paid program i have is malwarebytes, the rest are free add ons or are free programs . Thanks.

5 more replies
Relevance 63.55%

Hi. I am trying to diagnose a problematic laptop for a friend. I don't know the details of what happened to cause the problems. The main problem I can detect is that the laptop is EXTREMELY slow. It seems like anything I try has a delayed response (even a simple mouse click). I followed the Malware Removal Guide, but was only able to run two of the five suggested tools as follows:

1) SUPERAntiSpyware - I ran this after manually updating the definition files on the version already installed and the scan found nothing.

2) Malwarebytes Anti-Malware - I was not able to update the definition files for the current version installed. After several attempts to uninstall this (via the Control Panel), I was able to do it via CCleaner. However, I was not able to re-install a more recent version due to problems with the Windows Installer service. After uninstalling an outdated version of Java (Update 14) via the Control Panel, I have not been able to install/uninstall any more programs.

2) combofix.exe - not compatible with 64-bit OS

3) RootRepeal - did not run on 64-bit OS

4) MGtools - did run; kept getting errors, but continued to completion

Attached are the SUPERAntiSpyware and MGTools logs:
 

Answer:Possible Malware preventing me from running malware removal tools

I am not seeing any malware in those logs. I do not know why MalwareBytes would not run, are you able to run it in safe mode? How does the PC behave when you use safe mode?

More than likely I think I will be sending you off to the software forum.

We can do this:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:



O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsM... Read more

5 more replies
Relevance 63.14%

Hi Guys,
Recently I have gone through a serious virus which is not catchable by updated anti-virus symantec 14 october 2009.
When i put my pendrive, the system shows autorun.inf deleted. But the underlying virus,
autorunme.exe exists in location Drive:/RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe.

Even I delete this virus, this gets automatically generated by itself or recreates itself.
autorunme.exe is not the actual virus, but it is just a duplicate.

Then actual underlying virus which triggers autorunme.exe is SERVCE.EXE
Note SERVCE.EXE is not service.exe or services.exe. It is new named SERVCE.EXE

Manual removal autorunme.exe process:
After connecting your pendrives, when it shows the file RECYCLER in hidden state,Open your task manager and end the process SERVCE.EXE

Now delete the entries Drive:/RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe , Drive:/RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\desktop.ini and Drive:/autorun.inf.
They will not recreate now.

Then open C:/WINDOWS and find SERVCE.EXE and to be on safe side just make a local copy of file to some other place and delete SERVCE.EXE

Now even if you restart your computer, since SERVCE.EXE is not running at start up of system, the system is safe and manual removal of virus is complete.

SERVCE.EXE is the actual culprit. http://static.techguy.org/smilies/biggrin.gif
 

More replies
Relevance 63.14%

I recently started my daughters laptop to find a Windows Security window pop up prior to desktop starting up. It mentioned there is a Worm, WIN32.NETSKY that has infected my system, and that I should perform a full scan to remove the worm. I have McAfee on my computers so I contacted them for help. They concurred with the Windows suggestion. I did a complete scan of the system. 14 infections were found. McAfee quarantined them all and I deleted them. I re booted. After the Windows XP boot screen I got a standard blank screen with the shut down immediately going into process. It would restart and go through the same process again. Shutting down and restarting. I have found out through this site what the WIN32.NETSKY worm/virus is, i can imagine how it got into the computer, So how do I fix this? I might also add the computer will NOT let me enter safe mode. So at this point I can do nothing but go through an eternal reboot! Also I can't figure out weather I removed the worm or not!



Thanks in advance, Tom

Answer:[SOLVED] Computer won't start up after removal of WIN32.NETSKY removal

This is what can happen with viruses. They shred your Windows OS files.

What happens when you keep pressing F8 at start up? Can you get to the advanced options menu to do a "repair install"?

Otherwise I think you will probably have to recover your personal data off the drive, completely reinstall Windows, but cleanse that personal data with anti-virus cleaners before you migrate it back to the new installation so the machine doesn't get infected all over again.

4 more replies
Relevance 63.14%

I am running Windows XP Pro Version 2002 with SP3 on a Dell Inspiron E1505. I have Norton 360running for internet and firewall protection. I was experiencing the BSOD frequently and finally Windows would not boot. A Norton scann gave me the following "Tidserve Activity 2 Threat requiring manual removal detected". I downloaded the TDSSKiller from Kaspersky and removed seemed to remove the threat. I was able to get Windows up and running, but since then have had the following issues:
1. Occasional popup window with the message "C:\Windows\System\MSVIDEO.DLL is not a valid windows image. Please check this against your installation diskette"
2. Internet access is not possible. The DHCP won't function due to dependencies, specifically AFD, which has a yellow exclamation point in the Device Manager. AFD won't start. So I'm currently working via a flash drive to transfer files from the laptop to a functioning desktop.
Is my system still infected?
Thanks very much-
Richmo
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Dell at 22:46:39 on 2012-01-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.371 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *Enabled*
FW: Norton 360 *Enabled*
.
============== Running Processes =============... Read more

Answer:No internet and AFD issues after apparent removal of Tidserve Activity 2 Removal

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing... Read more

84 more replies
Relevance 63.14%

The latest: Removal Tool from Symantec:

http:[email protected]html
EDIT:
PLEASE NOTE: Since Symantec did a major change on how to handle this worm from their first instructions, (and my first post) I have totally modified this post, as of 0326 EDT Sept 20, 2003, to reflect those changes. This should avoid the problem that Alison had and was most likely the reason for Symantec's change.

You have been bitten by the latest worm, [email protected], and want to know what to do and how to get rid of it.

We here at TSG want to make that process easier for you.

The following is a short(er) version of what can be found at Symantec?s site.
http:[email protected]

Please go to the above link and read and understand about the Swen worm first, then return and follow the short version.

Removal Instructions

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec and Norton AntiVirus product lines.

1. Disable System Restore (Windows Me/XP).

How to disable or enable System Restore in Windows ME

How to disable or enable System Restore in Windows XP

2. Modify the association for Registration Entries ( .reg files).
3. Create a repair.reg file on Desktop, double-click on repair.reg file to fix association settings for other file types.
4. Update the virus definitions.

5. Do one of the following:
a. Windows 95/98/Me: Restart the computer in Safe mode.
b. Windows NT/2000/XP: End the Trojan process.
6. ... Read more

Answer:[email protected] Worm Removal instructions + New Removal Tool

16 more replies
Relevance 62.32%

Hi all, my first post in here, so hello to everyone.

Could anybody be able to tell me how to completely remove Windows malicious software removal tool as it keeps coming up every time I turn on the laptop.
I have tried all usual channels like add/remove etc but can't see it anywhere. Could someone shed some light, many thanks

Answer:[SOLVED] Removal of 'Malicious software removal tool'

Have you let the MRT finish? The MRT is an On Demand anti virus scanneer with a very limited impact on the PC or
resources. there are NO reasons to remove it.

The utility is...
%windir%\system32\MRT.exe

Command line switches...

/? or /HELP = displays the command line switches
/Q = quiet
/N = detect only
/F = force extended scan
/F:Y = force extended scan and automatically clean infected files

If you really want to remove it browse to C:\Windows\System32 and delete MRT.exe

4 more replies
Relevance 62.32%

I had trouble trying to uninstall Trend Micro Security 2010. Upon reading a forum from this site, I tried AppRemover, which successfully took the software off, however, I am unable to connect to my wireless network because the driver connections seem to be messed up(?). I have tried uninstalling and reinstalling the drivers for my wireless LAN, but this does not seem to work. I have tried troubleshooting via Microsoft's website and have used the Microsoft FixIt program, however it has failed to fix the issues. This is what the program says:Fix it Center:Use hardware and access devices connected to your computer. 5 problems need attentionHide detailsProblems found StatusThere is a problem with the driver for Microsoft ISATAP Adapter #2. The driver needs to be reinstalled. Not fixedThere is a problem with the driver for Teredo Tunneling Pseudo-Interface. The driver needs to be reinstalled. Not fixedThere is a problem with the driver for Intel® WiFi Link 1000 BGN. The driver needs to be reinstalled. Not fixedThere is a problem with the driver ISATAP Adapter #3. The driver needs to be reinstalled. Not fixed DetectedI am running Windows 7 on my ASUS notebook. I have internet connection when I'm directly connected through the cable, but I cannot get wireless connection. My other computer connects to the wireless network fine. Please help. THanks a lot in advance.*moved topic to Am I Infected as requested by narenxp. - Queen-Evie*

Answer:Difficult Antivirus removal, even more trouble post removal

Hello,Before trying to fix windows you should try the Diagnostic Tool from Trend Micro it should remove all the leftovers and maybe at the same time fix the problem you have.Download the Trend Diagnostic Toolkit and save the file to the desktop, make sure you select the tool that matches your Operating System and the 32-bit or 64-bit version.Boot the PC and enter Safe Mode (press F8 durring Boot), run the tool, click on the Uninstall tab and follow the program instructions.

15 more replies
Relevance 62.32%

Hey there experts =)

My son clicked something a few days ago, giving us the Win 7 security virus. I followed the directions here, and removed it with malwarebytes.
Everything was running smoothly.

Today I get home and see that my browsers (all of them, firefox, chrome) are being redirected. When they are being redirected my McAfee detects a virus and removes it, yet it continues to happen. After much reading, here and on other computer boards ... there seems to be something leftover from that virus that isn't always detected? From what I've read, there's a possibility there's a virus in the MBR ?

I do not have a Windows 7 disc, as this came pre-installed, nor do I have a recovery disc. All advice points towards running combofix, although all that advice comes saying 'DO NOT RUN combofix unless instructed to do so by a professional'

Well? You guys are the professionals so here I am. You're my last resort to getting this fixed, sans taking it into a shop which I'm REALLY trying to avoid. ;)

I do work a full time job, so my responses may not be immediate, but I will check daily or multiple times daily when I can and follow your directions ... if you can and are willing to help!

Thanks in advance!

Beachy

Answer:Help with removal of hijacker after Win7 security virus removal

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The ... Read more

14 more replies
Relevance 62.32%

Hi all, 
 
Recently on Chrome browsing on a site a received a web site popup saying "Your browser contains MALWARE. You have to install Chrome Malware Removal Tool". Confirming with OK opens an extension page:
 
https://chrome.google.com/webstore/detail/chrome-malware-removal-to/mbdoonnjlifcmakklcaembokjhjikank
 
I have a strong suspect this is a malware!!!
 
What I'm trying to understand if what kind of malware infected the web site I visited. Some technical specs could be useful . The web site is of a my friend and I'd like to help them to identify the malware infected their web site...
 
 

More replies
Relevance 62.32%

About a week ago, I noticed that when running Internet Explorer www.google.com that clicking on a website would take me to an add instead of the website. If I clicked back and clicked on the website again, it would correctly go to the website.

A day or two before noticing this issue I had upgraded to AVG 8.0 Free and had installed the latest Firefox version.

I am running a Windows XP Professional SP2, Intel Pentium 2.8 GHz.

I ran the instructions at forums.majorgeeks.com/showthread.php?t=35407 and am still experiencing the same issue as described above.

Any help would be greatly appreciated! This is the first forum I've ever posted to so be patient!

Thanks,
Deb
 

Answer:Malware - Exists after running MalWare Removal

This is the last of the Malware log files.

Thanks again!
Deb
 

2 more replies
Relevance 62.32%

Have got a strange one, where have attempted to remove XP antispyware 2009 using malware antimalwarebytes. Looks to have been partly successful - but have got something else interfering. Frequently have pages on IE as "not found".

Have posted HJThis log and Malware Antimalwarebytes log below. Thanks for any assistance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:58, on 08/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdjserv.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologi... Read more

Answer:Malware - blocking removal by malware antimalwarebytes

16 more replies
Relevance 62.32%

Hiya

Im running XP, avg detected trojans, the first one it got rid of, the second one Generic13.ATHP it could only remove it partially, apparently located in in c:\windows\system32\svchost.exe

Started the Malware Removal Process as recommended, SuperAntiSpyware wouldnt install, so I changed the filename, and it has installed but when I attempt to run it I get an error message -

SUPERAntiSpyware Free Edition has encountered a problem and needs to close. We are sorry for the inconvenience

The same happens with any other malware/spyware removal program, Spybot S&D, Malwarebytes etc...

Is there anything I can do to fix this?

Thankyou!
 

Answer:malware halps/malware removal not running

Hi again,

also tried doing this (as seen in another thread)

Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

* Scroll down to ?Non-plug and Play Drivers? and click the plus icon to open those drivers.
* Then search for TDSSserv.sys
* Let me know if you find this or not.
* If you do find it, right click on it, and select Disable. Do not try to uninstall it.
* Also if this is found and you disable it, then reboot and see if you can run the cleaning procedure and attach the requested logs.


but the device mentioned is not present (although there are a few that have error "!" things next to them, but 30 or so others.

:confused have no idea if any of this will help you lovely helper person, but i guess im just trying...
 

2 more replies
Relevance 62.32%

Hi. Thanks for this. I need to first tell you that I don't even know how to generate the logs everyone posts here for troubleshooting. I'm sorry. Maybe someone could tell me how, then I will.

Because my laptop wouldn't even boot to the O/S last week, DELL's tech support helped me move files, reformat and reinstall the OS. I reinstalled McAfee. A security tool warning popped up. I knew it was rogue; I came here and got rid of using mbam and process explorer - very easy. Or I thought I did. On my daughter's desktop this morning, there were 3 porn shortcut links ON HER DESKTOP!!!! There was also a link to "Active Security" - trying to figure out wtf this was it turns out it was another rogue. Awesome. It at least had an uninstall on Add/Remove programs... but obviously it is not gone, if that is even the cause of all this... Thinking MBAM would be a logical quick fix, I figured I would try that. My Mbam won't load - I have reinstalled and it - it reinstalls and then when I try to quicksccan it says I don't have permissions and then I can't even open it again. I can reinstall, then it is hijacked when I try to scan. My McAfee won't scan either so both are being hijacked and I also am having the same browser redirects as others when clicking on sites from search results. McAfee can't even fix itself. In safemode, McAfee tells me the truth at least that it is not working (in regular mode it poses like everything is... Read more

Answer:Ugh - Malware Removal Tools Disbled by Malware

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Relevance 61.91%
Question: malware removal

hey guys,i believe i have malware on my lappy,what i think it's doing is opening one of my browsers in the back ground and going to youtube playing a video,and then opening another tab and doing the same thing over and over again,until my lappy's sound cuts out and the whole thing take a trip to lag city.

i''ve been dealing with it by just going into the task manager and looking at processes,and then ending a process call "hid.exe" as soon as i end that process i can turn my sound up again,and all the lag is gone and everything is fine.

but i have to do this every time i restart my lappy(so i have to do it every morning)so i was wondering how i can remove it without having to reformat.


any ideas??


ty

Answer:malware removal

Run malwarebytes and then hijackthis, post both of their logs

1 more replies
Relevance 61.91%

I have some type of malware that I cannot get rid of. I am using Symantec Endpoint, which finds the problem, reports it, asks for a restart for removal, but cannot remove the threat. I have also used Spybot and Malwarebytes with the same results. All programs tell me they fixed the problem, but they pop back up. The threats are identified as trojan horses.

I downloaded the dds.scr file, but my computer will not run the file. It asks for a program to use to run the file, but I can't run it. I also downloaded Hijackthis, and performed a scan and generated a log file.

Can anyone help me out?

Answer:Malware removal and dds.scr help

Go ahead and post the HJT log in that forum, just tell them about the problem with DDS

2 more replies
Relevance 61.91%
Question: Malware Removal

I have had a few different malware on my computer that i can not removeHere are my logsLogfile of Trend Micro HijackThis v2.0.2Scan saved at 14:10:48, on 24/09/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:I:\WINDOWS\System32\smss.exeI:\WINDOWS\system32\winlogon.exeI:\WINDOWS\system32\services.exeI:\WINDOWS\system32\lsass.exeI:\WINDOWS\system32\svchost.exeI:\WINDOWS\System32\svchost.exeP:\Ad-Aware 2007\aawservice.exep:\Alwil Software\Avast4\aswUpdSv.exep:\Alwil Software\Avast4\ashServ.exeI:\WINDOWS\Explorer.EXEI:\WINDOWS\system32\spoolsv.exeP:\AVG Anti-Spyware 7.5\guard.exep:\Grisoft\AVG7\avgamsvr.exep:\Grisoft\AVG7\avgupsvc.exep:\Comodo\CBOClean\BOCORE.exeP:\Comodo\Firewall\cmdagent.exeI:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeI:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exeI:\WINDOWS\system32\wwSecure.exep:\Alwil Software\Avast4\ashMaiSv.exep:\Alwil Software\Avast4\ashWebSv.exeP:\Microsoft Office\Office12\GrooveMonitor.exeI:\WINDOWS\SOUNDMAN.EXEP:\Grisoft\AVG7\avgcc.exeI:\Program Files\Adobe... Read more

Answer:Malware Removal

Welcome to the BleepingComputer HijackThis Logs and Analysis forum shamonemofo My name is Richie and i'll be helping you to fix your problems.You have Avast4 and AVG7 Antivirus installed.Its definitely not a good idea to have more than one antivirus program installed on your computer. Each program may interpret the actions of the other as viral, therefore giving you false virus warnings about virus-related activities.It could also lead to system slowdowns and other problems within the operating system,due to the two conflicting with each other.You should uninstall one of them now,then restart your pc.Copy and paste ALL the following text in the Quote box below into Notepad.Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.File::I:\WINDOWS\system32\syvadiep.dllI:\WINDOWS\system32\ututv.bak2I:\WINDOWS\system32\ututv.bak1I:\WINDOWS\system32\ututv.ini2I:\WINDOWS\system32\cfhkj.bak2I:\WINDOWS\system32\sptll.dllI:\WINDOWS\system32\cfhkj.bak1Registry::[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39796DAA-7966-41C9-994F-0E12621CB841}][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxvwvs][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhfc]Now drag then d... Read more

9 more replies
Relevance 61.91%

It's been a while since I have been here!! Read me first is done and I am up to step 4 of your cleaning thread.

Story - daughters brand new laptop, not sure how she's done it but seems to be full of some sort of malware. Running very slow, popup ads, lots of warnings etc.

A few programs won't uninstall at all which I have since found to be malware of sorts. DNS Unlocker, Crimewatch, SuperOptimizer plus a few others that just won't uninstall.

The Malware bytes log is empty - I downloaded and ran it last night before coming here. There was close to 200 items on it. Should have come here first but didn't think of that till today
MGtools - I successfully downloaded it but I couldn't get it to run all the way through even after reading the thread about running it. It kept saying access denied. UAC has been disabled, it did not give me any options about running as administrator.
TDSSKiller came back clean.

I also was not given options at all to save to desktop for any of the downloaded programs

Please let me know if there is anything else you need to know.

Thank you
 

Answer:Malware Removal - Please Help

MGtools - I successfully downloaded it but I couldn't get it to run all the way through even after reading the thread about running it. It kept saying access denied. UAC has been disabled, it did not give me any options about running as administrator.Click to expand...

Try running it again, ensuring that antivirus software is disabled, and you can indeed right click and run as admin. Failing this, reboot into safe mode and try and get it to run that way. It's one of the most important logs containing alot of info.
 

7 more replies
Relevance 61.91%
Question: malware removal

My PC was recently infected and blocked by malware purporting to be from the police. Via Safe Mode, I ran my Avast anti virus, which detected the problem but didn't remove it. I ran my Malwarebytes program, again in Safe Mode, which also detected the problem, but this actually then cleared the infection.
How come? How can my main anti virus program fail to deal with it yet another one can.
 

Answer:malware removal

7 more replies
Relevance 61.91%

About a week and a half ago i had recently rebuilt my computer and decided to put my old hard drive in and discovered this virus, i produced a hijack this log below please help diagnose and repair. thank you.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 4:49:31 PM, on 8/19/2010Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: Safe mode with network supportRunning processes:C:\Windows\Explorer.EXEC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\Downloads\HijackThis(2).exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,Customize... Read more

Answer:Malware Removal Log

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

10 more replies
Relevance 61.91%
Question: Removal Of Malware

Hello. Please help i'm new at this so please bare with me. My McAfee Virus scan keeps telling me that the following files cant be found nor can they be removedc:windows\temp\thi149d.tmp\wupdt.exec:windows\tem\DrTemp\wupdt.exehere is the hijack logthanks for any help you can give me.R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://top-find4u.com/sp.htmR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=msgrR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://top-find4u.com/sp.htmR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostR3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLLO2 - BHO: MyWebSearch Search A... Read more

Answer:Removal Of Malware

Hi,

The forums are really busy, that explains why logs get behind. We start with the oldest logs first. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

Also please post your entire log with the running processes on top as well.

8 more replies
Relevance 61.91%

Please see the attached logs. Problems were only that computer was loading slowly and a black box would pop up once in awhile.
 

Answer:Malware removal help

Hello, Bonfire




Bonfire said:



Problems were only that computer was loading slowly and a black box would pop up once in awhile.Click to expand...

You probably should look into trimming your running services - there's alot of them.

*Other than the tools our guide instructed you to save there, I strongly recommend that you clean up this account's Desktop immediately leaving only shortcut links. [ C:\Users\Integrity\Desktop ] Do not store downloads, exe files, iso files....etc on your Desktop. First it is not a safe place to keep them (i.e., you may loose them due to malware, and a cluttered Desktop is an easy hiding place for malware), and last but not least - it can have an effect on your PCs performance.

Re-run HitmanPro, activate its 30-day Trial license and fix these detections:
Malware remnants
Potential Unwanted Programs

Ignore all other detections.
Afterwards, click the Next button.
HitmanPro may want to reboot the PC in order for the changes to take affect, please do so.
After reboot and when you are back in Windows, run another scan with HitmanPro and then attach the latest HitmanPro log

Please re-run RogueKiller and run a scan. After it finishes the scan, select the Registry tab and then select any of the below that exist and then click the Delete button.




[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-260313422-843111330-963923735-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://search.co... Read more

7 more replies
Relevance 61.91%

Deckard's System Scanner v20071014.68Run by Nigel on 2008-04-26 12:21:06Computer is in Normal Mode.--------------------------------------------------------------------------------Backed up registry hives.Performed disk cleanup.-- HijackThis (run as Nigel.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:23:40 PM, on 26/04/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16643)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\LogMeIn\x86\LogMeInSystray.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\PowerISO\PWRISOVM.EXEC:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exeC:\Windows\vVX3000.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Users\Nigel\AppData\Local\Plaxo\3.8.1.1\PlaxoHelper... Read more

Answer:Help With Malware Removal

Hello NigelL. to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)Please give me some time to look over your computer's log(s).Please take note of the following:In the meantime, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Finally, please reply using the button in the lower left hand corner of your screen.Please run Deckard's System Scanner again, this time using these instructions:Click on Start, click on RunCopy and paste the following in the open window and then click OK:
"%userprofile%\desktop\dss.exe" /configThis will open up DSS configurationClick on Check All.Click Scan.
DSS will now run again.Please post back both logs that open in notepad.
Main.txt and Extra.txtSee you soon,Billy3

1 more replies
Relevance 61.91%
Question: Malware removal

Please help me get rid of malware on my PC
 

Answer:Malware removal

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 61.91%
Question: My Malware Removal

Hi there !

Thanks for the good job you do in this forum.

I have exactly followed the instructions in the : READ & RUN ME FIRST Malware Removal Guide, and here are attached all the requested logs.

Hope someone will have a look at the whole material and advise me for the best.

Thanks once again in advance.
 

Answer:My Malware Removal

Re run Hitman and have it delete Potential Unwanted Programs

Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the file/folder tab and locate these 2 detections:

[RUN][BLACKLISTDLL] HKLM\[...]\Run : hlink32 (rundll32.exe uryk) -> TROUVÉ
[RUN][BLACKLISTDLL] HKLM\[...]\Run : iprop32 (rundll32.exe ezeb) -> TROUVÉ

Place a checkmark each of these items, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Reboot the machine.


Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.brothersoft.com/?f=afc
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.brothersoft.com?f=afc
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEn... Read more

3 more replies
Relevance 61.91%
Question: Malware removal

Following some of the earlier posts by Chaslang have downloaded the MGtools.exe and here is the zip file . Please do take a look and advise what I need to do to clean up my machine as it seems to be infected by some trojas which Mcafee doesn't seem to be able to remove

Thanks
Tom
 

Answer:Malware removal

BTW would just reintsalling the OS be a safe and easy way to clean out everything for sure?
 

3 more replies
Relevance 61.91%
Question: Malware Removal

Hello-

Earlier this evening I visited an acquaintance's business website. Within seconds of arriving at the site, my Zone Alarm firewall began indicating that files were attempting access and I had numerous other security alerts pop up. My CPU fan started to fire up (which scares me because of a previous infection) and I shut down my computer immediately.

Upon restarting, I ran Malwarebytes. I got this list of infections:

braviax.exe
Trojan - figaro.sys
Backdoor.Bot - sysldtray
Backdoor.Bot - ld12.exe
Fake.Beep.sys - beep.sys
Fake.Beep.sys - beep.sys
Trojan.FakeAlert - braviax.exe
Worm.KoobFace - ld12.exe
Disabled Security Center

My AVG also informed me of a threat detected: bravia.exe

I told Malwarebytes to remove all the found/selected files and AVG to move the file to the Virus Vault.

Because I was concerned about files still hidden and regenerating upon restart, I decided to come to Major Geeks. I've gone through the Read & Run Me First steps and have attached the first 4 logs to this post (5th log to immediately follow). Although I didn't see any problems found in the scans and my CPU fan has since calmed, I want to run the logs by the expert team for peace of mind as I've relied upon Quarantines and the Virus Vault with (what I hope were) minor attacks over the past year or more. Would love to get an 'all clear' before proceeding.

Can I provide any additional information?

Thank you very much for the... Read more

Answer:Malware Removal

5th log attached.
 

4 more replies
Relevance 61.91%
Question: removal of malware

my grandson downloaded an item from you tube and apparently something came along with it. a box keeps popping up saying file is infected and for $60 they will get rid of it. will not allow other virus checker to run saying file is infected. box keeps popping up every little while. how do i get rid of it. any help appreciated thanks this was done a a netbook with a flash drive forgot to mention that there is no hard drive
 

More replies
Relevance 61.91%

hey i am having a problem with a error that pops up every time i open a program.i think its malware but im not shure."The application or DLL c:\progra~1\wi9130~1\datamngr\datamngr.dll is not a valid windows image.please check this against your installation disk." please help me i am useing a valid windows copy but i do not have the disk ?? ran DDS wil post DDS.txt along with other instructions from referral (gmer etc) thanks.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Owner at 20:31:46 on 2012-01-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1031 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToo... Read more

Answer:Help with Malware Removal

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed. Note that if you do not respond within 5 days I shall no longer check this thread for replies.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
IMPORTANT - for Windows Vista and Windows 7 start all tools by using right click > Run as Administrator.


Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

A guide and tutorial on using ComboFix

Please read all the informatio... Read more

1 more replies
Relevance 61.91%
Question: Malware Removal

I am having trouble getting my virus sc ans to come up clean. Many different scanners give different result so ill let the attachments speak for themselves. I have experienced only one pop-up but im trying to eliminate this problem before it becomes one.
 

Answer:Malware Removal

more attachments...
 

9 more replies
Relevance 61.91%

computer running really slow, white line at bootup. Zone Alarm does not pickup anything.

Heres my Log. Somethings up and I cant figure it out.

Thanks for your expertise!
 

Answer:Malware Removal, Which One do I need?

Re: Malware Removal, Which One do I need now?

i ran all of the stickies before i posted my log. some didnt want to run completely and computer would go blank. Am i missing something that I need run that is not listed here?
 

2 more replies
Relevance 61.91%

I have Vista 64-bit Asus computer. Upon start-up it is missing two .dll files that I know are malware of some sort, but it is constantly slowing the computer down and when you try to search in google it takes you to an entirely different page than it should have. There is a teenage boy in the house who probably was looking at some things he shouldn't have.

The names of the .dll it is missing are: ecinibekepem.dll and cnd3101a.dll. Some other errors that have popped up involve scanidiskdv31.dll ecload77.dll and nvcpldaemon.dll.

Your assistance in helping me fix this would be fantastic. As I am very grateful with any assistance you can give me. Thank you so much in advance.

Answer:Malware removal help

Hello Naomi0709 and welcome to the forums

I am currently doing a malware removal course so I will be unable to assist you with the malware removal itself. But I can help diagnose the problem to make it easier for other users to assist you. Can you do the following for me please?

OTL

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

:\_OTL\MovedFiles
in most cases this will be C:\_OTL\MovedFiles

aswMBR

Please close any open work because sometimes this will cause a BSOD
Download aswMBR from here and save it to your desktop
Right click on it and select run as administrator
When it opens, click ... Read more

1 more replies
Relevance 61.91%

Hello,

I have been experiencing problems with my laptop for about a month now, I thought the problem was sorted but I still have a big red X as my C: drive which is quite frustrating and random things keep happening like programs shutting down. At startup i get cannot load pmkhe.exe and error loading oqxgeyfl.dll messages.

I was hoping that someone would give me a hand sorting it out please? That would be greatly appreciated. Thanks.

Please see the HJT Log below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:48:18, on 26/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\VM305_STI.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\M... Read more

Answer:Help with Malware Removal

Thanks for ALL your help...
 

1 more replies
Relevance 61.91%
Question: Malware removal

Hi,

Each time I try to get onto Google, I get redirected to a page that says "Welcome to nginx!". I've read all of the information on your site and gone through the preparation steps. Here is the DDS log. Thanks so much for your help getting rid of this. I appreciate any help you can give me.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Tre at 15:37:08 on 2012-04-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5611.3893 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM�... Read more

Answer:Malware removal

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

36 more replies
Relevance 61.91%

Hi all,I'm having a little trouble with removing some sort of virus which is becoming very tricky to remove. The .dlls (jowukuyu.dll & wuganabu.dll) appear to be hidden, and the registry entries just add themselves back in every time I remove them.I can't kill the .dll process as they don't even show up in task manager.Infact, I think the following is definately part of this virus:O20 - AppInit_DLLs: c:\progra~1\kasper~1\mzvkbd.dll c:\progra~1\kasper~1\mzvkbd3.dll c:\progra~1\kasper~1\adialhk.dll c:\progra~1\kasper~1\kloehk.dll c:\windows\system32\joretido.dll c:\windows\system32\loyayono.dll,C:\WINDOWS\system32\jowukuyu.dllMy 'hijack this' log is attached & I would be very appreciative of any feedback!Thanks

Answer:Pop-up/malware removal?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable ... Read more

2 more replies
Relevance 61.91%

Hello, attempting to clean up a friend's pretty badly infected comptuer. Ran the Readme and Run me, and things appear to have cleared up, but I just wanted to make sure there were no residual infections that are not exhibiting any obvious symptoms since there were MANY instances of infections found during the scans. The scan logs are all attached, thank you in advance for your help!
 

Answer:Malware Removal Help

Couldn't fit the ComboFix log in my first post, attached it to this one.
 

4 more replies
Relevance 61.91%
Question: Malware removal

I first received a notification from AVG 'Virus identified win/64 patched.A'
I followed the steps in your tutorial located here
Now AVG has found 'Trojan horse Generic29.ANPX' 'Trojan horse BackDoor.Generic15.CGSY' 'Tojan horse BackDoor.Generic15.CGSY' and more are sure to follow.
I think I have attached the necessary logs to this post, I'm really not too technical literate so I do apologise if I have done something incorrectly.
I hope you have a chance to reply swiftly.

Thank you very much for your time.
 

Answer:Malware removal

Firstly you need to take a look at this.

Warning about Porn, Keygens, Cracks, and other Illegal Software

Remove all traces of cracked software please before we continue.


Uninstall DealPly


Now Re run Hitman and have it delete Malware, and Potential Unwanted Programs.




Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these 2 detections:


[RUN][SUSP PATH] HKCU\[...]\Run : WideSearch (C:\Users\User\AppData\Local\WideSearch\wsearch.exe) [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-189922631-1767686969-1414721043-1001[...]\Run : WideSearch (C:\Users\User\AppData\Local\WideSearch\wsearch.exe) [-] -> FOUND

Place a checkmark each of these items, leave the others unchecked.

...and the same for items on the file/folder tab, please.


[ZeroAccess][FILE] @ : C:\windows\Installer\{2c988e37-0004-54bc-25a6-c07d66c1d001}\@ [-] --> FOUND
[ZeroAccess][FOLDER] U : C:\windows\Installer\{2c988e37-0004-54bc-25a6-c07d66c1d001}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\windows\Installer\{2c988e37-0004-54bc-25a6-c07d66c1d001}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\windows\Assembly\GAC_32\Desktop.ini [-] --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\windows\Assembly\GAC_64\Desktop.ini [-] --> FOUND
[Susp.ASLR][FILE] services.exe : C:\windows\system32\services.exe [-] --> FOUND

Now pre... Read more

7 more replies
Relevance 61.91%

Hello,
I was googling for information and found this forum. I visited a friend's website yesterday and immediately my antivirus (Trend-Micron PC-Cillin) detected 4 infected files, and before I could do anything my computer screen went all blue with 'hard run error' message or something like that. I rebooted and got back into Windows. My antivirus quarantined the before-mentioned infected files but couldn't delete one or two of them. I opened Internet Explorer to search for information on how to deal with it and ads would suddenly start popping up. I realized I must have downloaded some kind of spam malware.

I found a post from this forum via goole search that contained some information and so I followed those instructions. It didn't occur to me at the time to ask for advice specific to my problem, thinking the information in that post should be helpful.

Based on the information, I downloaded and scanned my computer with the following tools:
Malware Bytes Anti-Malware (full scan)
SDFix
ATFCleaner
SuperAntiSpyware
and then the MBAM again (quick scan)

There were 333 infected files found and deleted during the first MBAM scan, and 10 infected files after the second. During the SuperAntiSpyware scan, it detected 117 file threats and placed them in quarantine. There was one particular group of files I'm concerned about, the OREANS32 files, including the C:\Windows\System32\Drivers\oreans32.sys, which from what I understand is a legit f... Read more

Answer:Need help with malware removal

I forgot to add that I'm using a Windows XP Professional.

9 more replies
Relevance 61.91%

Ill probably have to do a reinstall but I wanted to post the logs to see how bad it actually is. I was using frostwire when it started and knew instantly what had happened. So the computer has not been used for anything but trying to fix since then. It happened last night around 12:30.
 

Answer:Malware Removal did not fix

Torch86 said:





Ill probably have to do a reinstall but I wanted to post the logs to see how bad it actually is. I was using frostwire when it started and knew instantly what had happened. So the computer has not been used for anything but trying to fix since then. It happened last night around 12:30.Click to expand...

Heres the last log
 

11 more replies
Relevance 61.91%

hiya,I think I have the superfish virus on my computer.It runs windows xp professional,32 bit. SP3 Build 2006.It has American Megatrends processor 1470mhz and one gig of memory.I do not know a lot about computers but I have managed to read your forums and on your support page I have followed all the steps required to try to get rid of the malware.The page says if,after doing these steps,malware is detected to post a thread to yourselves.I have added the results of these scans for you to look at.Also among the steps was a MBR check.The result was SHAA38B874B7713D1B51CBC449F4EF809BODEC644A.I have no idea whatsoever what this means.If you can help me I would appreciate it.
 

Answer:Help,malware removal

Welcome to Major Geeks!

You need to attach the requested logs from Malwarebytes and MGtools. The below is a repeat of the instructions



Step 3: Do You Still Have Problems

Yes, I?m still having problems
DO NOT run the READ ME again!!!! And DO NOT move on to Step 4 below!!! Please just attach your logs as given below and tell us what problems you are still having.
If you do not already have a thread started, start a new thread otherwise post the following in your original thread. Clearly describe in detail the problems you are having and how long ago they started. Think about what you were doing at the time.
Now you need to attach (See: HOW TO: Attach Items To Your Post ) ( Or View: How to Attach Items to Your Posts) the below logs created while running the above scans
RKreport[1].txt log from RogueKiller.
Malwarebytes Anti-Malware log
TDSSKiller log
[*]HitmanPro log
[*]MGlogs.zip - normally it is C:\MGlogs.zip - only attach this log from MGtools.exe DO NOT attach any logs seen in the MGtools folder.
Click to expand...


 

5 more replies
Relevance 61.91%
Question: Malware removal

I am new to your forum and have XP media center. Several weeks ago I followed your instructions for removing malware and never sent the logs in because my system seemed to be restored back to normal. I was having problems with being hijacked to other web addresses, my avg antivirus wouldn't update any longer and when I would open media center and click on a link to watch, it would spontaneously shut down. Yesterday, I noticed my browsing speed had slowed significantly, updating malware program wouldn't work and the same problem with media center started happening again. I decided to start your process all over again but this time I would like you to look at the logs to see if there are any hidden problems. Thank you for any help offered. Logs attached: SAS, Malwarebytes, Combofix, Mglogs
 

Answer:Malware removal

Hi there and welcome to the forums. We are currently reviewing your logs and will get back to you with a set of instructions as soon as we can.

Thanks for your patience during this time.
Kes
 

2 more replies
Relevance 61.91%

Hi All,I'm not able to run cmd.exe , regedit.exe or most of the exe file from my win xp sp3 pc. I have norton internet security 2010, which reported a trojan.fakeAV attack. Since then I have been experiencing all sorts of issues with running programs. This laptop is not able to go into the safe mode and it is not able to run the gmer.exe file. I'm able to open command.com file and were able to run few utilities. The gmer.exe file was able to run from command.com but caused a blue death screen soon after starting the scan. It happend twice and therefore I can't attach the awr.txt file. I can't tunoff the system restore folder either.Here is the dds.txt and the attach.zip. Any help you can provide will be greatly appreciated.Thanks,DDS (Ver_10-03-17.01) - NTFSx86Run by Saks at 17:59:40.67 on Sun 04/25/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3066.2096 [GMT -5:00]============== Running Processes ===============C:WINDOWSsystem32ibmpmsvc.exeC:WINDOWSsystem32Ati2evxx.exeC:WINDOWSsystem32svchost -k DcomLaunchsvchost.exeC:WINDOWSSystem32svchost.exe -k netsvcsC:WINDOWSsystem32svchost.exe -k WudfServiceGroupsvchost.exeC:WINDOWSsystem32Ati2evxx.exesvchost.exeC:WINDOWSsystem32spoolsv.exeC:WINDOWSExplorer.EXEC:Program FilesTortoiseSVNbinTSVNCache.exesvchost.exeC:Program FilesLENOVOHOTKEYTPHKSVC.exeC:Program FilesThinkPadConnectUtilitiesAcPrfMgrSvc.exeC:Program FilesCommon FilesAppleMobile ... Read more

Answer:malware removal help

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.----------------------------------------------Please try and run Gmer by checking only the SECTIONS option

3 more replies
Relevance 61.91%
Question: Malware removal

i got this virus last night. i was browsing on chrome and my AVG anti-virus thing popped up and said it blocked my access to a malicious site, but since it was chrome and not firefox with noscript, i worried that the damage had already been done. i tried a sweep with MBAM and it gave me some problems. when i rebooted i could suddenly not use my browsers anymore so i followed the instructions in the read-me thread.

i had to grab the superantispyware portable version because the other wouldnt load. this means unfortunately i dont have a log for that scan. it did find a trojan, though i cant remember what exactly unfortunately.

after that scan finished and it rebooted my PC, i was getting a bunch of error messages on startup that the system couldnt identify .exe files. i had a fix for that and run it but now, even after going through the whole read me post, i get the same error messages and must run the fix every time i start my computer.

i did get a bunch of errors when combofix was trying to write logs. it said somethings in an HIV folder couldnt be accessed or something. and when i ran mgtools, the hijack part told me something about not being able to access the "hosts" thing and gave me some instructions on how to do it manually or something but i wasnt sure what to do about that since i didnt see it in the read me.

here are the logs. the only lingering problem i've noticed is the .exe thing every start up.

thanks in advance. never using chrom... Read more

Answer:Malware removal

Please go here and scroll down to the exe file fix:
http://www.dougknox.com/xp/file_assoc.htm

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKCU\..\Run: [F.lux] "C:\Documents and Settings\Owner\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKUS\S-1-5-21-3517542941-223606305-1753810289-1005\..\Run: [F.lux] "C:\Documents and Settings\Owner\Local Settings\Apps\F.lux\flux.exe" /noshow (User '?')
O23 - Service: QZQCTACVOHC - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\QZQCTACVOHC.exe (file missing)Click to expand...

After clicking Fix, exit HJT.

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.
* Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
* If ComboFix tells you it needs to update to a ... Read more

8 more replies
Relevance 61.91%

Hello. I've already run the steps in the "READ & RUN ME FIRST" guide and pop-ups have temporarily stopped, but I would like you to view my scan and HiJack This logs to make sure everything has been deleted. This post contains my bdscan, activescan, and counterspy scan logs. I will post a reply with the getrunkey, shownew, and hijack this logs. Thanks.
 

Answer:Please help with Malware removal

Here are the GetRunKey, ShowNew, and HiJack This logs. Thanks again.
 

13 more replies
Relevance 61.91%

Hi, Having malware again in a computer we cleaned about 7 or 8 months ago. New operator now. Maybe something was missed? or sabotage. We have been having voices and pop-ups for installing Flash player. Web pages turning into porn pages.

I did the READ ME FIRST thread and the log files are attached.

We are running Windows 10 pro.

Thanks,

Jim
 

Answer:Need Help With Malware Removal

jallenaz said:





Hi, Having malware again in a computer we cleaned about 7 or 8 months ago. New operator now. Maybe something was missed?Click to expand...

7 to 8 months is more than enough time for people to reinfect a computer. Many people can reinfect a computer in 10 minutes especially if they do not follow safe surfing procedures.

Run RogueKiller again and use it to fix/remove the below:
¤¤¤ Registry : 7 ¤¤¤
[Suspicious.Path] (X64) HKEY_CLASSES_ROOT\CLSID\{81DB3E17-47A2-8A7A-419A-E934F74D7E5E} (C:\ProgramData\saveiitkeeeep\1o.x64.dll) -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1602778222-2260973681-152632175-4170\Software\UpdateFiles -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1602778222-2260973681-152632175-4170\Software\UpdateFiles -> Found
[PUP.Gen1|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {35FA5944-61F3-4D84-AB98-751161757A49} : v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|App=C:\Users\Tiffany\AppData\Roaming\TWV\TWV.exe|Name=Online video player| [x] -> Found
[PUP.Gen1|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {136E89F1-81EB-423E-B85C-BBAF72B24726} : v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|App=C:\Users\Tiffany\AppData\Roaming\TWV\upd.exe|Name=Updater Online video player| [x] -> Found
Please download OTM by Ol... Read more

3 more replies
Relevance 61.91%

I have tried running vundofix, smitRem, smitFraudFix, virtuMunduBeGone.

Everytime that I run Ad-Aware my system crashes and I recieve a physical memory dump blue screen of death.

I've managed to stop all of the pop-ups, however, my background image is still not showing up. I assume that this is still related to the spyware which I had/have on my computer. All that shows up is the little square with the circle, triangle and square in it that normally is displayed when an image won't load on the internet. I believe I had a version of winfixer AND spyAxe on my computer. So far so good on the pop-ups though. I think I've managed to kill that all together. But who knows...

Any Ideas??? Your help would be greatly appreciated!

Thanks,
Nick


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ADTRAN\NetVanta VPN Client\IreIKE.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\idr3hlpr.exe
C:\Program Files\ADTRAN\NetVanta VPN Client\IPSecMon.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe... Read more

Answer:Malware Removal Help!

Hello airportsaresuper,Welcome to Bleeping Computer This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log(Including the header, please).Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Thanks,tea

2 more replies
Relevance 61.91%

Hi All,

I'm a little bit stuck here with a friend's computer. I ran through the removal steps and got rid of a ton of junk but still can't get this machine to connect to the net. I can see my router by entering in the local IP but I cannot connect anywhere outside of the router. I've also tried installing a usb network card but that too can't get to the outside world. What is my next step? Things that I do know about the machine...

1. Teenage kids; although I couldn't find much for messaging and the like but they may have tried to manually delete stuff without realizing the consequences once they saw all of the junk popping up.

2. Anti-Virus was pretty much non-existent on this machine; there was a hodge podge of the freebies with your subscription to internet service kind of things but nothing up to date and nothing worth while. I just added the AVG to hopefully put a stop to anything new while I'm tinkering.

3. Tried SuperAntiSpy's "repair broken network connection (winsock LSP Chain) but that also didn't help.

4. The DHCP does assign the machine a valid IP and I appear to have no problems on my local network.

Thanks in advance for the help.
 

Answer:I need help... malware removal...

It is not malware. Your system is fine regarding that issue...just a few pieces of junk to remove.

Have you tried connecting each computer directly thru the modem, bypassing the router?
I assume you have also recycled both the modem and router? I would suggest you post in either hardware or networking.

Lets clean up:
Run this: Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Now use add/remove programs to uninstall:
Java 2 Runtime Environment, SE v1.4.2_03
Viewpoint Toolbar (Remove Only)

Run C:\MGtools\analyse.exe by double clicking on it. (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




R3 - URLSearchHook: (no name) - {C3F50901-871A-4650-85D8-9D53E2534A3B} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dllClick to expand...

After clicking Fix, exit HJT.

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it a... Read more

1 more replies
Relevance 61.91%

Hi
Iam a Novice User.. Today i was infected by a Malware that gives a pop up"Attention!some dangerous trojan horses detected in your system..Windows Xp files Corrupted" and so on whenever i try to open Windows explorer..If i try to access internet explorer it leads to a id "http://free-viruscan.com/id/4912933/4/1/"Well this is my Hijackthis logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:07:19, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
c:\Progr... Read more

Answer:Malware removal help...

Welcome to TSF.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O2 - BHO: IE ext - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\coni.dll
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\WINDOWS\system32\coni.dll

Download Malwarebytes ' Anti-Malware at http://www.besttechie.net/tools/mbam-setup.exe or http://www.majorgeeks.com/Malwarebyt...are_d5756.html Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open i... Read more

5 more replies
Relevance 61.91%

I joined this forum to seek help with a HijackThis log that log was generated by a freeware program called Advanced System Care. I followed all of the instructions in your forum for posting such logs to best of my abilities. It looks to me as if those instructions had me creating new logs using the tools suggested by this forum and I have attached those logs as instructed. I have not attched the Advanced System Care log.

The Advanced System Care program cleaned up a lot of stuff on my computer which helped a lot. Some problems remain though: My computer still sometimes begins to run very slowly and this condition is temporarily helped by simply restarting my computer. Occasionally the computer essentially locks up and any effort to open email or start Internet Explorer only gest an error message saying that "insufficient resources exist to do that operation" The only solution when that happens is to unplug the processor and restart the computer. The normal restart process doe not work in those cases.

thanks in advance for your help. Here is my DDS report:
DDS (Ver_10-10-21.02) - NTFSx86
Run by Compaq_Owner at 17:30:44.79 on Sat 10/30/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.56 [GMT -4:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k ne... Read more

Answer:Malware removal help

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

15 more replies
Relevance 61.91%
Question: Malware removal

Hi all!
First of all... Hello!
My name is António and I'm from Portugal.

After this introduction here goes my problem:

I was severely attacked by a rootkit that ended up messing all of my computer (running XP, SP3)
Searched the web for all possible solutions regarding "Bagle" and "Virtumundo" (showed up in scans)
Used allready: Combofix, Vundofix, Malwarebite's Anti-Malware, Dr. Web Live CD, RegRun6 and, after everything looked "aparently" normal, was able to run online scans from Kaspersky, Bitedefenders, Symantec, and Panda. All came clear.

In this final step (I hope!), just need a confirmation on my HJThis log, from you expert guys, to be sure the "ugly bug" went REALLY away.

Finally, I'm currently running "Spyware Doctor with Antivirus" (full version) and PCTools Firewall (offered with Spyware Dr).

==========================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:54:11, on 16-01-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.ex... Read more

More replies
Relevance 61.91%

 DDS.zip   4.74KB
  2 downloads

Answer:Please help with malware removal

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.AVG right now is very hard to shut down long enough to run our scans and is actively going after some of our tools - for this reason we are going to have to remove it until we are finishedI would like you to uninstall AVG and run their AVG removal tool Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once t... Read more

3 more replies
Relevance 61.91%

I noticed a couple of weeks ago that my CA anti-virus had a pop up box that said 3 viruses were detected and removed from my computer. This happened a few more times, but I didn't notice any problems with the computer so I continued on my merry way. Yesterday the computer had slowed noticeably and went to Windows Task Manager and on the CPU Usage svchost.exe SYSTEM was using 50%. There were multiple instances of svchost.exe SYSTEM and svchost.exe NETWORK SERVICE. I don't know if this has anything to do with the problems I'm having, but...
 

Answer:Need Help With Malware Removal

I also attached a Kapersky on-line virus scan.
 

5 more replies
Relevance 61.91%
Question: Malware Removal

Hi everyone!

I'd just like to make sure my PC is Clean, thanks for any help!!!
 

Answer:Malware Removal

Good morning.

Re run Hitman Pro, activate/enable the free trial, and then have it remove all that it finds, EXCEPT for 'Suspicious files'. They are fine.
Give Malware Bytes a rerun, let it quarantine anything else it may find.
Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:
[PUP] HKEY_LOCAL_MACHINE\Software\ParetoLogic -> Found
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19b4fdc9-b1b5-4c8e-ab5f-adcf4ebc0b0b} (C:\Program Files\DailyFitnessCenter_53\bar\1.bin\53SrcAs.dll) -> Found
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d36bfff8-a3ae-4032-a179-f29083c68ba7} (C:\PROGRA~1\DAILYF~1\bar\1.bin\53bar.dll) -> Found
[PUP] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {a6547405-a964-4600-8326-e91c95218964} : (C:\Program Files\DailyFitnessCenter_53\bar\1.bin\53bar.dll) -> Found
[VT.PUP.Optional.Mindspark.A] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Daily Fitness Center EPM Support : "C:\PROGRA~1\DAILYF~1\bar\1.bin\53medint.exe" t8EPMSup.dll,S [7][x] -> Found

Place a checkmark next to each of these items, leave the others unchecked.
Now press the Delete button.

... and the same for these entries on the files/folders tab ... Read more

7 more replies
Relevance 61.91%
Question: Malware Removal

Hello.
First time submitter. I'm experiencing periods of total internet slowdown for this one machine in my house (other devices are experiencing no such slowdown). Machine is not under heavy cpu or mem usage. Browser, ftp, dropbox all slow to a crawl at random times. I'm unable to find a common thread.

Please and thanks for your assistance.
 

Answer:Malware Removal

I am currently reviewing your logs and will make a response asap.
 

3 more replies
Relevance 61.91%
Question: Malware Removal...

I just ran through the steps outlined to remove malware from my notebook. The system is running considerably better since I have done the tasks. Could I have my logs checked to see if anything is still in my system.

Thanks in advance...
 

Answer:Malware Removal...

other logs...
 

2 more replies
Relevance 61.91%

Hi,I have the obrona adware virus / malware. Malawarebytes detects it says its removed it restarts but actually hasnt removed is as it keeps popping up with (x86)\Wmakinsting\Wmakinsting.exe.I have very technical and even I am stumped at this.  Any help would be massively appreciative.Thanks  Nathan

Answer:Help With Malware Removal Please :(

Hello there  
 
I'm LighthouseParty and I'll be assisting you with your concern today. Let's run a couple of scans to see what could be causing this.
 
 Download MiniToolBox
Click here to download MiniToolBox to your desktop.
Double click MiniToolBox.
Select the following and then press go.
Post the log in your next reply.
Flush DNS
Reset IE Proxy Settings
Reset FF Proxy Settings
List Installed Programs
List Restore Points
 
 Install and run a scan with Malwarebytes Anti-Malware
Click here to download Malwarebytes to your desktop.
Double click mbam-setup-x.x.x.xxxx and follow the on-screen instructions.
On the dashboard, click update now.
After that, click scan now - the scan will now begin.
When the scan's completed, select apply actions - make sure the action is quarantine.
Restart your computer.
How to get the log.
On the dashboard, select the history tab and click application logs.
Select the log which has the time and date of when you did the scan.
Click copy to clipboard and paste it into your reply.
 Download Security Check
Click here to download Security Check to your desktop.
Double click SecurityCheck and follow the on-screen instructions.
A log should open, called checkup.txt.
Please post the contents of it in your next reply.
Thanks and good luck!

17 more replies
Relevance 61.91%
Question: malware removal

While checking msg on facebood and had several pop up that my computer had been infected with an virus. i ran the scan u recommended and copied it as reads below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:17:23 PM, on 8/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Documents and Settings\All Users\Application Data\ZwangiSearch\zwangi121.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ZwangiSearch\zwangi.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Progr... Read more

More replies
Relevance 61.91%

Just recently, I've been having problems with a file called "geedb.dll" in my system32 folder! I am unable to delete the file, nor remove it with any other application. Any help would be great! Here is my HiJackThis Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:06:19 PM, on 10/1/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\ATKKBService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Spyware Doctor\svcntaux.exeC:&... Read more

Answer:Need Help With Malware Removal!

Can anyone help me? It's really starting to get annoying and I have no clue how to remove it! So if you know how, please show me how to remove this trojan! Trojan-downloader.ConHook

4 more replies
Relevance 61.91%

Please advise on removal of these found by Windows Defender. Just tried installing Trend Micro IS Pro v.2. Intall successful but update apparently blocked. No malware detected or removed. Browsers continue to be hijacked. A current Hijack This log is attached.

Will check thread frequently.

Thank you,

makins
 

Answer:Help w malware removal

Welcome to Major Geeks!





makins said:





Please advise on removal of these found by Windows Defender.Click to expand...

On removal of what?


If you are having malware problems, please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide

If something does not run, write down the info to explain to us later but keep on going.

Do not assume that because one step does not work that they all will not.
Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

 

5 more replies
Relevance 61.91%

Computer has been slow for a while but I have really just started troubleshooting. I have done your steps in Read and run first and attached logs. I was unable to complete RogueKiller - It kept freezing. For some reason I am unable to attach malwarebytes log. (because it is not an allowed extension. it is an .xml file???) At this time computer still works the same. It works but just slowly. Thanks for your help
 

Answer:I Need Help With Malware Removal

Hi there lisalisa.

You need to follow the instructions again carefully for uploading the correct Malware Bytes log. What you have attached is unreadable.
You can run RogueKiller in safe mode... see if it works that way.
 

1 more replies
Relevance 61.91%
Question: malware removal

i applied your steps for malware removal, my computer has been infected for a month. i ran the programs and it unhid my files. i am attaching the logs to see if anything further needs to be done.
 

Answer:malware removal

Welcome to MajorGeeks!

You need to attach (See: HOW TO: Attach Items To Your Post ) these other requested logs created while running the READ & RUN ME FIRST. Malware Removal Guide .
SASlog.txt log from SuperAntiSpyware.
Malwarebytes Anti-Malware log
ComboFix.txt (normally C:\ComboFix.txt)
C:\MGlogs.zip

Other Notes:
You should attach all of your logs to one message after you have completed all scans.
Be patient after posting your logs and wait for one of the helpers to get to you. It can take a while to read thru all of the logs and to create individual fixes for you.
Also DO NOT BUMP your thread to try and get a faster answer. This will actually significantly delay getting an answer. See this: Don't Bump! It Only Hurts You!!!

 

1 more replies
Relevance 61.91%
Question: Malware removal

When I try to access my hard drive, the message "resycled\boot.com" appears. Also, I am often re-routed to different websites than the links I click on. Help please!


DDS (Version 1.1.0) - NTFSx86
Run by Eric at 12:10:51.70 on Sun 12/21/2008
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.615 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~... Read more

Answer:Malware removal

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------

2 more replies
Relevance 61.91%
Question: malware removal

Hi,
i have been given a machine to clean.
Ran all programs except mgtools. having a hard time downloading it.
other logs attached. tdskiller found no threats.

any help would be greatly appreciated

thanks
Andy
 

Answer:malware removal

Can you download MGTools.exe to another computer and transfer it via thumb drive?
 

7 more replies
Relevance 61.91%
Question: malware removal

There is a software on my computer called attune. It came bundled with my computer when i bought it new. I have tried to remove it but cant. Any simple advise on how to remove this program would be appreciated. I am one step above the idiot level in computer knowledge.
 

More replies
Relevance 61.91%
Question: Malware removal

I am using XP Pro. I have after-market parts. I have NOD 32. It has caught a number of trojans. I also have AVG-80. So far, I can still use Outlook Express for email. I have Internet Explorer 7. I noticed a slow-down right after it was installed. Over the past year, my computer has been getting slower and slower, to the point that I cannot open my Yahoo page. I had to get to you through Google, and it is VERY slow.
--I get pop-ups especially on sites like weather.com and accuweather.
--I can no longer get to many of the links that I receive in emails (mostly youtube and wmv-type stuff--which is probably where I have picked up something bad). I'm afraid my computer is going to grind to a halt.
Thanks very much for any help!
 

Answer:Malware removal

16 more replies
Relevance 61.91%
Question: Removal of malware

Hello everybody,
I am new to the forum and I am happy it exists. I found the forum accidantally searching for help with the FBI Money Pack virus. I am reading on this forum to use safe mode with networking, I can go to safe mode with or without networking.However, as soon as I log in the laptop shuts down. I have tried using repair computer function using the available downloads on a USB stick........It does not seem to work, Can somebody please help be to get access back to safe modes without it shutting the computer down. I think that all the explanations and descriptions here are easy to follow and I could go there and look for help once I have access to safe mode again.

Thank you very much in advance for your help,

I truly apopreciate your efforts to help me.

Leo
 

Answer:Removal of malware

Please do the below so that we can boot to System Recovery Options to run a scan. There will be two options to choose from. One if you do not have your Windows 7 boot DVD and another when you have your DVD.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Option1: Enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

Option2: Enter System Recovery Options by using Windows installation disc:
Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



Startup Repair
System Restore
Windows Complete PC Resto... Read more

22 more replies
Relevance 61.91%

The original thread I googled into, and which got me interested in the forum, was in a sub-forum called Malware Removal FAQ. Now that I have joined the forum the sub-forum does not appear to be visible from the group tree. This is no big deal since I can get back to it via my browser history via
http://forums.majorgeeks.com/forumdisplay.php?f=39

Just curious to know if this sub-forum has it been purposely hidden for some reason, or am I missing some simple forum method ?
 

Answer:Malware removal FAQ

When you are on the first page of the malware forum.....just change the 35 to 39 in the address bar.
 

1 more replies
Relevance 61.91%

Well, where to start. My computer has been getting progressively more problematic the last few months. I can't specifically remember where or how it started. The earliest symptoms I remember are applications taking anywhere from one to 4 minutes to open, or just timing out completely. I would have to create tabs in my browsers and never close them to avoid this. This went on for a while, and every now and then it would clear up and act fine. After that my computer, namely the internet, started to lag constantly. Just recently it began to lag so bad that I couldn't load any pages without waiting up to 5 minutes. So I began to run some cleaners, CCleaner and MBAM. This resulted in my computer getting worse. Firefox would no longer open, so I had to uninstall it. Explorer kept giving me multiple pop-ups, so I uninstalled it.. although unsuccessfully. Automatic updates are turned off, unable to turn them on. I attempted the windows XP cleaning procedure in the sticky. SAS wasn't able to run at first so I ran it last when it allowed me to. My registry at first wouldn't allow me to edit, for a while my computer had created a separate administrator account. Both of these are fixed for now. Firefox is still not opening, my automatic updates are still not allowing me to turn them on. Some things are still lagging. Thank you for taking the time to read this.
 

Answer:Please help with malware removal

Welcome to Major Geeks!





Axsca said:





Explorer kept giving me multiple pop-ups, so I uninstalled it.. although unsuccessfully. Automatic updates are turned off, unable to turn them on.Click to expand...

You should NEVER attempt to uninstall Internet Explore (which is not the same thing as Explorer). You need Internet Explorer or you will not be able to get all of your Windows Updates and will not be able to access many websites that require it. Attempting to uninstall could break your ability to get updates.

Uninstalling these programs would not help you anyway. The infections are the source of your problems and the infections need to be removed, not IE or FireFox. Your Windows Operating System files are infected and this can be problematic to remove. The first thing you should do is backup important personal data since the act of trying to fix these kinds of infections could cause your PC to become unbootable. Do not backup any executable type file since they may be infected.

We will have to perform your fixes in stages to avoid make your PC unbootbable. So the below is only the first step. It is not a complete fix. From now on do not run anything except what we ask you to run. Do not download or install anything but what we request. Once we finish your malware removal you will be free to do what you wish.

You are way out of date with your version of SUPERAntiSpyware.
Please uninstall your current version (this is neces... Read more

13 more replies