Computer Support Forum

System Tool Protect your pc (malware)

Question: System Tool Protect your pc (malware)

I have somehow acquired some malware titled system tool protect your pc. It comes up randomly, asks if I want to scan, says I have over 800 Infections, and constantly prompts me to sign up for it to erase my viruses. I know this is malware, and I aquired it after my Norton expired. How can I remove it? Thank you!

I am using a Hp Pavilion Vista.

Relevance 100%
Preferred Solution: System Tool Protect your pc (malware)

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: System Tool Protect your pc (malware)

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.


After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
Don't Bump! It Only Hurts You!!!

Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.

1 more replies
Relevance 70.11%

my laptop not supporting the hp protect tool   it comes like this  installation cannot continue due to the following problem-microsoft.net framework 3.5 or later is required installation will be  now be  terminated.correct the problems and run the product installation again..

More replies
Relevance 62.73%

> I am using sify ISP with limited data tarnsfer package.
>My ISP is showing that i have downloaded 1200 MB which is not true.
>I did'nt turned on the PC on the date prescribed by ISP but it showing i have downloaded 1200 MB and has cut down 20 valid days
>I think some one has hacked my system.
So i am requesting you to tell the best way to protect my system from malware and internet
Thanks in advace.
 

Answer:Best way and best software to protect my system from malware and Internet?

Security is a wide topic. If you browse aound on this forum, you will find recomendations on Anti Virus and Anti Spyware and Firewalls.
If you have Windows XP Professional, MS published an XP Security Guide v2 and tells you how to harden XP Pro. It is available here:

http://www.microsoft.com/technet/security/prodtech/windowsxp/secwinxp/default.mspx#ETE

If you have Vista, there is a Vista version of the Security Guide:

http://www.microsoft.com/downloads/...ed-7f35-4e72-bfb5-b84a526c1565&displaylang=en

Hardening an OS gives the attacker a smaller attack surface by disabling unnecessary features. XP after a fresh install is quite bloated and has a lot of places for an attacker to poke at.

Also you should consider running it daily using a limited user account, as that prevents some malware from working and prevents malware from making system wide changes. In the Unix world, nobody runs a machine daily using the admin account. MS acknowledges that and has made UAC for Vista to achieve the same end.

Here's more details about that:
http://www.mechbgon.com/build/security2.html

Also along the lines of protection and prevention, use Mcafee's Site Advisor, available here:

http://www.siteadvisor.com/

It places a site rating besides every google result and tells you about malware infested sites before you go clicking on them and instantly infecting your machine.
 

3 more replies
Relevance 62.73%

> I am  using sify ISP with limited data tarnsfer package.>My ISP is showing that i have downloaded 1200 MB which is not true.>I did'nt turned  on the PC on the date prescribed by ISP but it showing i have downloaded 1200 MB and has cut down 20 valid days>I think some one has hacked my system.So i am requesting you to tell the best way to protect my system from malware and internetThanks in advace.

Answer:Best way and best software to protect my system from malware and Internet?

Before anyone tells you that,   it may be that someone connected to your internet connection, via wireless?How are you connected to the internet?Because if your computer was off on those dates, even if a hacker got into the system the computer needs a physical connection to the internet, while the computer is off, there is no way of obtaining an internet connection.

3 more replies
Relevance 59.45%

I have the "system tool" malware on the PC this morning. Safe Mode with networking isn't allowing an internet connection so I am left posting from my (virus free) Mac laptop and needing help just to get started with downloads, etc, to fix this.
Please...
 

Answer:System Tool Malware -

unsolved, but marking "solved"
 

1 more replies
Relevance 59.45%

Dear colleagues - I've finished Your removal suite an I'm about to upload the result files:

attach.txt
DDS.txt
ark.txt (from GMER)

Hope this will be what's requested.
My user name is beablanche
My email address is xxxxxxx
My home page - http://beacon.se

Gratefully awaiting Your response at some excitement!
Kent Åsberg, Vellinge (Sweden).

Answer:Malware "system tool"

Hello Kent ,Navigate to this folder in bold and delete it: c:\documents and settings\all users\application data\kkcoa01822This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. IF YOU USE AVG IT MUST BE UNINSTALLED OR THIS WILL NOT RUN. 1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe 2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.If you have trouble running it the first time, then rename ComboFix.exe to kent.exe and try again.Thanks,tea

20 more replies
Relevance 59.45%

Hey there,

Last night I inexplicably found my laptop's desktop over-run with these crappy System Tool virus pop-ups, though for whatever reason it didn't block my internet access so I've tried looking up what to do to remove it.

I used Malware Bytes Anti-Malware in safe mode to detect the virus, which it did, and I removed the threats it found. However, the actual pop-ups (and the changed desktop background) are still present, and I think it's resetting my laptop every 15 minutes or so.

I tried using Anti-Malware again and it detected nothing this time, so I'm assuming it did SOMETHING the first time, but I'm just not sure how to get rid of this thing completely.

Any help would be great thanks!

Answer:Help with System Tool malware

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

2 more replies
Relevance 59.45%

Hi

I keep getting the message about SYSTEM TOOL - It scans and says I have lots of trojans and wants me to buy software. Also, I cannot restart in safe mode and the PC restarts about every 20 mins or so. Every time i try to install MalwareBytes etc i get a message saying that file is infected. I've tried exekill etc but to no avail. Any suggestions please?

Thank you

Ian
 

Answer:System tool malware

I have fixed this problem.

First download RKILL and save to your desktop and run it from there:

http://www.bleepingcomputer.com/download/anti-virus/rkill

Once that is finished download, install and run MalwareBytes:

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

Hope this helps

Ian
 

6 more replies
Relevance 58.63%

Hello again.
I'm no computer wizard as can be seen from my previous post. thought I'd better put a new title up.
'System Tool' infected my computer. In safe mode with networking, I discovered and used the guide supplied by bleeping computer. It was a relief to find something because 'System Tool' stops you using Task Manager or anything else you can use to identify it and destroy it manually.
Everything in the guide worked fine through using RKill, Malwarebytes anti-malware to over-riding the Windows permissions in order to delete the corrupted file C:\Windows\System32\Drivers\etc\Hosts file.
Unfortunately I cannot get permission from Windows to save the replacement file in this directory.
I don't dare shut down the PC in case it won't re-boot without this file in place.
Can anyone help me to save this file where it should be?
Thanks from one tired computer novice !

Hope this isn't classed as bumping. If so, it was not intentional. I'm new to these sites and not familiar with information I need to supply. Apologies if I caused offence.

Operating system is Windows Vista, by the way. Forgot to mention that, too.
Hope that is all the information you need. I understand how busy you are, so don't expect instant replies.
Just wish someone would catch the idiots that design these malware infections.
At least I knew to keep tapping F8 to start windows in safe mode after turning the computer on, otherwise I wou... Read more

Answer:System Tool malware cure

Responded to your other thread, just in case.

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

1 more replies
Relevance 58.63%

UPDATED (7:07 PM EST)I am having a problem with what I think is a system tool virus... So far I have:1. Downloaded and used Rkill2. Downloaded Malware Bytes3. I have installed and used a malware removal program and removed the trojan viruses responsible for the damages to my computer4. Attempted to trade HOSTS files, did not work, could not access internet when replacement was issued, all program files still hidden (do not show up on start menu, or desktop) Desktop is blank (black screen).JUST FOUND OUT!!! My admin tools have all be deleted, what do i do?I only need to restore the program files to their original location, it seems like that is the last step in all of this mess, if anybody knows what to do, please and thank you.Thanks in advance for any help!

Answer:System tool malware problem.

Welcome.. let's try this,1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.2. Restart your computer (very important).3. Download and run this utility. Mbam clean4. It will ask to restart your computer (please allow it to).5. After the computer restarts, install the latest version from here. http://www.malwarebytes.org/mbam-download.phpNote: You will need to reactivate the program using the license you were sent.Note: If using Free version, ignore the part about putting in your license key and activating.Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.Restart the computer again and verify that MBAM is in the task tray and run a Quick Scan and post that log.

3 more replies
Relevance 58.63%

My boss's office cpu is on the fritz and she called me to try and tackle it before we paid someone to do so. TSF has helped me immensely on my home pc ( 206 days clean so far!) so I am seeking your wisdom once more.

Files cannot be opened, a System Tool is running a "free" scan in the toolbar, and the internet has slowed to a drag. I rebooted in Safe mode to run the scans and it didnt show up.


DDS (Ver_10-12-12.02) - NTFSx86 MINIMAL
Run by Judy at 20:44:13.48 on Wed 01/26/2011
Internet Explorer: 8.0.6001.18999
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2942.2502 [GMT -6:00]

AV: avast! antivirus *Enabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Enabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Users\Judy\AppData\Roaming\dwm.exe
C:\Users\Judy\AppData\Roaming\Microsoft\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Judy\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.... Read more

Answer:System Tool 2011 malware

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

It appears you didn't attach the second dds log, Attach.txt, to your initial post.

Press the Windows logo key and the "R" key then copy/paste the following into the Run box and click OK:

%temp%\Attach.txt... Read more

2 more replies
Relevance 58.63%

Hi,

I have Windows XP and just a couple days ago had the System Tool malware popping up and disabling a windows account I have. I have Avast for my antivirus. I used Malwarebytes to remove the malware. It seemed to have worked, but it is back. The Avast keeps popping up saying malware was blocked. It comes up quite often. I have the Avast free version. I ran Malwarebytes and removed it or so I thought, but two days later it is back again. Not sure what to do.

The windows account desktop is dark blue with 001 001 all over it and in red and white letters saying our computer is infected with popups.

Thanks,

Janine

Answer:System Tool Malware Infection

Download and run this Gmer Post It here. A Hijacked Destkop could sigal a rootkit and Post the Malwarebytes Log for anylsis and paste the log in the next replay. If there is a Rootkit a more privlage user will come and guide you.Which bit 32-Bit or 64 Bit pc. The Top One is for 32 Bit 64- Bit Download this and Run http://sites.google.com/site/rootrepeal/

11 more replies
Relevance 58.63%

I recently got infected with system tool 2011, a malware program. I restarted my cpu in safe mode with networking and ran a malwarebytes scan and a microsoft security essentials scan. Niether of them found anything, so I started google searching for other solutions. I found this manual removal guide fasterpccleanclean.com/remove-system-tool-2011]How to Remove System Tool 2011 (Removal Instructions) | Faster, PC! Clean! Clean! but any time I try to get into the C:Documents and Settings\All Users\Application Data folder, it tells me that I cannot get into the folder and that access is denied

I think the virus is doing this. Is there a way to bypass it? Was I jsut reading the instructions wrong? Really scared right now. Help please. Thanks in advance.

Answer:System Tool 2011 Malware! Help!

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 58.63%

Thank you,

System Tool Malware: This is what I have so far in this battle:

First of all: I am running XPpro, AMD Athlon 64x2 dual core processor 4200+, but running 32, ASUS mb 2.2Ghz and 1Gig Ram.

I started up in Safe Mode w/Networking but I can't get any of the Rkill links to work, (I downloaded them all). I tried to run MBAM from my USB drive, but the update was old and infected pc will not connect to the internet. So I can’t get the MBAM update. I went and checked the LAN connections changed out the .bat file and the HOST file like your site suggested on the System Tool Removal page. Still, won’t connect so that I can download MBAM update. The MBAM did run and removed 3 bad files. I will post more after noon today 1/16/11.

I managed to get inside the infected machine through the "save file" on the "system tool" program itself, even into the hidden files, but not into the registry, I guess “system tool” must be blocking it. Also, I turned off system restore, but now it won’t let me turn it back on.

I’m hoping someone has experience with this beast and will help this humble child of God out. . .

Thank you pre-feat,
Terry

Answer:"System Tool" - Malware Infection

sorry to hear of your plight, i just finished cleaning up my machine, what a pain. you'll need a WINPE cd to boot the machine, least thats what i did, it allows you to load a windows mini version on the machines ram, you can edit files and such. You'll need to replace 2 files to get you up and running WINLOGON.exe and Explorer.exe, when you get it backup turn on system restore, then create a restore point (name it ... you'll have many more before your done). run msconfig/startup look for a file "uhaxudipo.dll", its a registry entery, disable it, get out of msconfig and goto the windows directory and deleate the uhaxudipo.dll file, you may have to stop it from working in the task manager before deleating the file and of coarse it has a different name (a numbered file if i recall), but if you disable in msconfig it shouldn't be running. Sorry, i re read your post and didn't notice you installed the supposed repair tool, You'll need to remove the SytemTools program from your machine, you can try, uninstalling, but you may have to stop it from loading, in msconfig. The main trojan file which started you headache will be in the c\documents and settings\#####\local settings\temp folder ... it'll be a numbered .exe, you'll notice a number of .tmp files with the same creation date and time as well, you won't need those either, just remember to always empty the recycle bin prior to any file you deleate, that way if a... Read more

3 more replies
Relevance 58.63%

so......... I have gotten a few malwares and spyware in the past on random pron sites, and I was lucky enough to get System Tool 2011 tonight whilst on slutload.com. Please tell me what to delete from my hijack this logfile!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 04:06:30, on 2011-02-02Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 SP1 (7.00.6000.16915)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files�... Read more

Answer:System Tool 2011 Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the ... Read more

2 more replies
Relevance 58.22%

Hi,
Over two years since my last thread asking for help. Glad you are still here.

I was hit with the System Tool scareware yesterday. I did not fall prey to their scam and did not download their bogus program. However, I kept getting the popup screens warning of the virus and performing the bogus scams which I immediately closed.

I downloaded Malwarebytes Anti Malware onto a thumb drive on my laptop then installed it on my desktop and ran a complete scan. I did not update the software at that time because System Tool had disabled my internet. I was told the version I had was 23 days old. I ran the full system scan on all my drives. If found two files on my C drive and 3 files on my O drive. C drive contains my OS and program files. O drive is an external hard drive where I store all my files, word and excel docs, pics, mp3's etc. I delete the five files using the Malwarebytes program, but the System Tool is still affecting my computer.

System Tool was still in my software list so I uninstalled it. I still have the System Tool warning which has overtaken my Desktop wallpaper. And I still get the bogus virus warnings and bogus scans on my desktop. Below is the DDS.txt and the Attach.zip is attached.

Thanks in advance for any help. This forum has saved my butt before. You guys/gals are awesome.

I run XP with service pac 3


DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by Administrator at 14:46:59.90 on Thu 01/13/2011
Internet Explorer: 7.0.5730.11 BrowserJ... Read more

Answer:Malwarebytes did not remove System Tool malware

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Who ran OTM on this machine? Are you receiving help elsewhere?

Did you try updating MBAM in Safe Mode with Networking? Are you able to connect in Safe Mode with Networking?

I need to see a gmer log in order to help you. If necessary, use your thumbdrive as you did with dds.

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

------------------------------------------------------

16 more replies
Relevance 57.4%

Yesterday, my computer was infected with anti-vermins malware. I executed a system restore to a point earlier in the day before the infection. It seems as though that solved the problem. There are no more "warning messages " or "system alerts" on my taskbar. Is the problem solved by the system restore or is it still necessary to use malware removal tools? Any advice would be greatly appreciated.

Answer:System Restore As A Malware And Trojan Removal Tool

Are you referring to the AntiVermins [rogue] software?In order to answer your question if your problem is solved, you will need to post a HijackThis log. If you don't have HijackThis, then download the current version from here and save it to a convenient location. This is a self-executing file, so just double-click the file and it will install itself in its own folder in Program Files.Double-click onto HijackThis.exe, click "Do a system scan and save a logfile" and copy/paste the log into your next reply.

11 more replies
Relevance 57.4%

Yesterday, my computer was infected with anti-vermins malware. I executed a system restore to a point earlier in the day before the infection. It seems as though that solved the problem. There are no more "warning messages " or "system alerts" on my taskbar. Is the problem solved by the system restore or is it still necessary to use malware removal tools? Any advice would be greatly appreciated.(Moderator edit: moved post to more appropriate forum, added topic description. jgweed)

Answer:System Restore As A Malware And Trojan Removal Tool

It is a good idea if ou run an anti-virus program

1 more replies
Relevance 57.4%

Cannot download Defogger or DDS Tool as recommended by Bleepingcomputer. When I try to download these the "System Tool" in the lower right pops up with "file MinDM.exe is infected. Please activate your antivirus software."
Upon computer startup the desktop now has wallpaper saying "Warning! Your're in Danger!...etc."
Cannot run AVG.

Answer:Infected with fake spyware/malware SYSTEM TOOL

Hello, did you install IE7Pro?EDIT: I moved this to the Am I Infected forum as there is no DDS log.Please follow our Removal Guide here Remove System Tool and SystemTool .After reading how the malware is misleading you ...You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

1 more replies
Relevance 54.94%

Hello Bleeping Computers,PLEASE HELP! It appears that a piece of malware software has magically appeared on the taskbar. It initially looked like a legitimate antivirus software, but upon googling I discovered that this is quite a serious threat! There are two shields in the task bar (bottom right); one red and the other blue. When I hover over these, a random number is displayed (usually begins with 5XXXX, where x are random numbers). I have tried to run add/remove programs from control panel, but this doesn't work. I can't even run microsoft security updates, as this malware blocks and tells me that it's a virus!After 10 mins or so, the blue screen of death appears with a rather lengthy message, before the computer restarts again!Please, please help - I'm so worried that my computer will destroy and infect all of my files! I eagerly await your reply. Thank you for your consideration!Regards,Sara

Answer:SECURITY TOOL protect your pc

Hello ug39mxaWelcome to BleepingComputer Please do the following in Safe Mode with Networking to bypass the malware from blocking it.You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode with Networking then hit enter.==========================Download OTL to your desktop.Double click on OTL to run it. When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\*. /mp /sCREATERESTOREPOINT%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

1 more replies
Relevance 54.12%

 
To help combat ransomware that attempts to modify the MBR, Talos has released a new tool to the open source community, MBRFilter, a driver that allows the MBR to be placed into a read-only mode, preventing malicious software from writing to or modifying the contents of this section of the storage device.

 
http://blogs.cisco.com/security/talos/mbrfilter-cant-touch-this

Answer:MBRFilter: new tool by Talos to protect MBR

You can also read an article by Lawrence Abrams aka Grinler here Testing MBRFilter against Ransomware that modify the Master Boot Record

9 more replies
Relevance 54.12%

Upgraded to WIN10 64bit. Problems: 1- I need to upgrade the BIOS but, even following the instructions, the system reboots without updating the BIOS I thought it was because I have the fingerprint swipe at boot, but  2- I can't remove it (not even from Bios menu) because I set  it with HP protect tools that now can't be opened with win 10 (incompatible). How can I remove the password (fingerprint validation) at boot, so that I can try again with the BIOS update? If I uninstall HP protect tool, will I be able to switch on my pc (will it still require the fingerprint or it will be helplessly stuck) ?

More replies
Relevance 54.12%

 
To help combat ransomware that attempts to modify the MBR, Talos has released a new tool to the open source community, MBRFilter, a driver that allows the MBR to be placed into a read-only mode, preventing malicious software from writing to or modifying the contents of this section of the storage device.

 
http://blogs.cisco.com/security/talos/mbrfilter-cant-touch-this

Answer:MBRFilter: new tool by Talos to protect MBR

You can also read an article by Lawrence Abrams aka Grinler here Testing MBRFilter against Ransomware that modify the Master Boot Record

1 more replies
Relevance 54.12%

I am running into these errors referencing psdrt.exe and psd.dll every time my computer boots.
1. PSD Runtime Error
Resource File <C_PsdRsDll> not found
PSDrt
2. Protect Tool Module Error
Resource File <C_SpURsDll> not found
I have not added or deleted anything and it has been happening for 4 days. I have run spyware, malware, 3 different ones and they all come back clean.
I am running XP Pro on a HP 8510p.
 

More replies
Relevance 54.12%

I have just got a virus on my other laptop, the one I am using here os fine, its on the same router and I've ran Malwarebytes quick scan and its not found anything on this laptop. I must have looked in a website and it brought up a window on the affected laptop in the kitchen sayng it was potentially dangerous, anyway I now have "security Tool - Protect your PC" which looks like it is in the style of the MSE which I am running on previous advice on this and the other laptop, the prblem is that the laptop with "security Tool" virus on it wont let me open "Malware bytes programme" that I used before to delete the "personal Security" virus I had then, when I get the authtorisation code and payment window to disasspear and then try to open Malwarebytes programme it comes up IMMEDIATELY with the window with a beg red CROSS saying "Harmful software detected. Activate Security tool? which I click "no" for and then it comes up with 45 infections found, and back to "activate security tool" icon again, ad-infinitum., every time I try and open either ccleaner or anti-malwarebytes, it also says in the window: Mbam.exe is infected with worm Lsas, Blaster keylogger is trying to send credit card details usung Mbam.exe to remote host"My question is: WHAT DO I DO???? When this happened before we could open the malwarebytes programme and let that run and it found the virus hidden somewhere in the C drive, and we could delete them all, but this wont even let me open the MSE icon (it doesnt even... Read more

Answer:=== VIRUS; SECURITY TOOL PROTECT YOUR PC +++

Don`t panic! I can`t promise to be here much longer tonight but boot into Safe Mode and run Malwarebytes from there. I won`t be surprised if that doesn`t work. Post back when you can and I`ll pick up the thread in the morning.

10 more replies
Relevance 54.12%

Is there a tool or program which can isolate MBR from rootkit attack aside from using safe practices realtime AV & anti malware progs hips etc
All of latter useless to me when getting zero access rootkit & caro malware wrecking my pc > now using sandboxie but still concerned about rootkits is there anything to block them ?
 

Answer:Tool to sandbox or protect MBR from rootkits

Windows 8))
With safe loading at the moment can completely eliminate rootkits, bootkits, vinlokery ICBM
UEFI allows the firmware to implement a security policy.
Safe boot - is a protocol UEFI, rather than a component of the operating system Windows 8.
Safe boot UEFI is part of the architecture of secure boot Windows 8.
 

11 more replies
Relevance 54.12%

 Unfortunately, my computer is infected with winspyware protect and has been getting worse for two days. I run McAfee and it does not find it nor did it prevent the infection. I am not savy enough to manually remove the infection, therefore my question is: is there a tool that is trustworthy and novice user friendly as shareware or purchase that I can download to rid my system of this pest. Thanks

Answer:Winspyware protect removal tool

If you mean Antivirus when you said 'tool', there is Avira and AVG Free.As for removal, I would look here.http://www.computerhope.com/forum/index.php/topic,46313.0.htmlIf you post the three logs there, one of our Malware Specialists will help give you a clean bill of health. 

14 more replies
Relevance 53.71%

hello,i need helpi install  window 8.1 enterprise 64bit in my laptop hp elitebook 8470p after this when i install hp protecttools security manager. in the  protecttools security manager credenctials fingerprint option is not available.what i do 

More replies
Relevance 52.48%

I installed HP Protecttool but it doesnt let me enroll finger prints as the option isnt Available please help. The Biometric drivers are installed perfectly though.

Answer:HP Protect tool doesn't show Finger print Credential.

Hp ProtectTools are old software and no longer supported Windows 10. If your are upgrade from Win7 to Win10 then you should install latest fingerprint driver. Windows 10 should integrated biometric application (Windows Hello).




I am an HP employee.

3 more replies
Relevance 52.48%

I'm trying to update my computer to windows 10 and it says I need to remove "HP protect tools security Manager".I first had to remove other programs but now I can't remove the last program "HP protect tools Device Access Manager" a window pops up saying you need to be an administrator which I am on my computer. help please











Solved!
View Solution.

Answer:uninstall hp protect tool device access manager to remove HP...

Try this than you get an other account with full admin wrights https://www.youtube.com/watch?v=3NiTNj1pm2o easy done and you can uninstall everything, than you should enable that account when you are finished 

4 more replies
Relevance 52.48%

Ok this is weird. I run Ntl netguard, and Spyware Doctor. A few days ago, SpyDoc refused to auto update. Nothing strange thought I, site must be down.

Well its been four days now. Then I noticed I couldn't connect to Microsoft to do updates either. On further investigation, I found I can't connect to ANY legit malware sites. I have run Spybot, Ntl netguard, Malware Byte's anti malware, and Norton AV, none found anything wrong.

However, I tried setting up a proxy within Firefox, and CAN connect to the sites I couldn't otherwise. (albeit incredibly slowly).

As things stand, I can't update any malware software, and assume my poor PC must have caught something new and nasty.

Please help

Hi jack this follows:-

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:08, on 19/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterSer... Read more

Answer:Help Pls! Can't update Malware Protect or Visit Any Malware Sites

sorry, bump
 

2 more replies
Relevance 52.07%

Poll for COMODO users only. Do you use this tool, bundled with the firewall, to protect while shopping or online banking?
Does it work if one is not using COMODO SecureDNS?

 

More replies
Relevance 51.66%

Please help. I've inserted an SD card from a friends camera with my antivirus disabled and got fake security "System Tool 2011" all over my computer blocking .exe files, throwing warnings, changing background etc.

Can't get HJT, DDS and GMER to run in the normal mode (renaming, rkill and exefix don't help). Everything seems to be calm in safe mode so HJT and GMER logs are attached, DDS doesn't produce any files in the safe mode. Thank you for your help in advance!

----

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:00:17, on 13.12.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Users\Dennis\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Softw... Read more

Answer:Got "System Tool 2011" malware - HJT and GMER only in safe mode, can't run DDS

Bump. Please help!
 

2 more replies
Relevance 51.25%

Hello, was hoping you might be able to take a look at these log files for me please, I think I have followed your instructions correctly.
First I found the original registry key and deleted it to stop it taking over the machine.
Current issues are that the PC will not go online on any browser (IE Firefox or Safari) but is able to ping www.google.co.uk without issue.
I apologise in advance if this shoudl be in the Networking fix forum if all malware is now gone.
Regards, Mike
 

Answer:Recovering from "System Tool" malware on Vista

And the MG tools
 

8 more replies
Relevance 51.25%

The issue is a Malware/Virus Program that is on my Wife's laptop. At startup, the virus shuts down all other programs except the Operating System. The Virus program says the computer is infected, The Virus Program sends the user to a screen to put in Payment information to buy the fake program. This Virus makes the background turn blue and also there are 1's and 0's in the background too.

Scans and attachments are included. I do have a recovery/reboot disk available if needed.








.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Ashley at 17:21:19.86 on Sat 03/05/2011
Internet Explorer: 8.0.6001.19019
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1917.1459 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system3... Read more

Answer:"System Tool Virus" Malware Removal

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

A number of steps are required to remove this infection.

You will find the instructions here:

Remove System Tool and SystemTool (Uninstall Guide)

If at any time you need advice before proceeding please ask for help here.

p.s.
The <random>.exe file mentioned in the article is this one.
uRunOnce: [jNnOkKb06310] c:\programdata\jnnokkb06310\jNnOkKb06310.exe

At any time when you can disable the process via the Task Manager.

CTRL+ALT+DEL KEY should give you the way to the Task Manager.
===

When you ... Read more

2 more replies
Relevance 50.02%

Hi there,

New to the forum and some challenge navigating topics, so please forgive if this has been covered.

I am trying to remove a virus titled Security Tool and any other problems from a XP system.

Following is a history of recent unsuccessful attempts
1. downloaded Malwarebytes, ran full scan, found three items, removed and rebooted. no appearance of Virus.

2. Next day, reappearance of virus

3. could not re-run Malwarebytes.

4. Renamed exe file to alternate on alternate computer with flash drive. Could not execute

5. downloaded again, and try to execute with random name from flash drive. Could not execute.

6. Cannot run, regedit; command.com; devmgmt.msc or cmd

7. separately downloaded dds; combofix and win32kdiag; "application cannot be executed." "notepad.exe is infected"
appreciate the support,
IrishO

Answer:Security Tool Virus (System Tool 2011)

Hello IrishO ,Let's disable the main file manually so you can run some tools. What I want you to look for is in Application Data (If using XP). There will be a folder, with a file in it of the same "name". This will appear random, but it has a pattern. Look for letters and numbers in this order: lower case, upper case, lower case, upper case, lower case, then 5 random numbers. For example:Folder -----> pEeHl02508\pEeHl02508.exe <-----file insideDelete the folder. Now, if you still have no access to the internet, download the following tool to a flash drive from a different computer, then put it on the infected one and run it.This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. IF YOU USE AVG IT MUST BE UNINSTALLED OR THIS WILL NOT RUN.1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe 2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.If you have trouble running it the first time, then rename ComboFix.exe to IrishO.exe and try again.Thanks,tea

20 more replies
Relevance 49.61%

Hello to whomever responds to this thread. This is the first time I've used one of these help forums and my knowledge of computer lingo is limited, but I'd be greatful if you could help me with this problem.

A little while ago I downloaded an application which turned out to be a 'trojan', or so I believe. Upon opening it I received an error report, and my antivirus program (Symantec) informed me that several items with .trojan in their name had been detected and deleted. I was also advised to reboot my computer, and after doing so I became aware of a little red shield icon in my system tray. Clicking it brings up a question which reads:

"Would you like to update your security software and download System Live Protect?"

I have not clicked yes because I believe this may be a problem. Furthermore, whenever I open Internet Explorer, there is an error report: "Internet Explorer has encountered a problem and needs to close."

I am unsure as to whether these two problems are related, but that is my suspicion. Is there anything that can be done?

Thanks for reading

Answer:System Live Protect Icon In System Tray And Internet Explorer Error Report

I just looked around on the web and there are a lot of folks with this problem but no answer. Use the programs below and let's see what they find. It is definitely something you don't want.Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds. http://www.superantispyware.com/Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.http://www.bitdefender.com/scan8/ie.html--------------------------------------------------------------------------------Post a Hijack This log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post the log in this forum.http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ --------------------------------------------------------------------------------How To start Windows in Safe Modehttp://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

5 more replies
Relevance 49.2%

hi i think i picked this up clisking on an unknown facebook link msg (stupid but lesson learnednow)
i have tried to follow your link to remove this
Keps falling over at step5 where i try to run the `rkill` or other renamed variations from my desktop . the malware just keeps stopping the black screen running. It pops up for about a sec and then disapears...
is there any other workaround here..

i am aware that this is not that serious but just a real nuiscance popping up evry few minutes etc

Your help would be appreciated

Answer:security tool or system tool problem

tried your link to remove system tool malware

cannot get past step5 (rkill + other renamed copies)

black screen just pops up for 1 sec and disappears with red screen alert from security/system tool

any other work arounds here please

2 more replies
Relevance 49.2%

Please advise on how to remove the system tool virus to a not very computer literate person.

Answer:system tool virus removal tool

Hi, You will need to download a couple of things.Rkill at this linkhttp://download.cnet.com/RKill/3000...Malwarebytes at this linkhttp://www.malwarebytes.org/ update and run a full scan.Malwarebytes should remove it.

4 more replies
Relevance 48.79%

How would you protect yourself from a fud?
 

Answer:How to protect yourself from a FUD malware?

LukeNukesEm said:





How would you protect yourself from a fud?Click to expand...

Supplement your security with something besides signatures.
 

34 more replies
Relevance 48.79%

Something (Malware ? ?) locked up my PC (Windows XP). I got a pop up message that my PC was infected and click "yes" to buy an AV program. I did not click "Yes", but every program I tried to run came up with the same message. I took it where I bought it and they fixed it by cleaning my hard drive and re-loading my OS. Fortunately, I had BU'd my personal files. They called the problem an "intercept". Norton AV did not catch it. They also loaded "Malwarebytes" for me.

What is the best way to protect for this kind of problem ?
 

Answer:How to protect against Malware ?

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.


After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using... Read more

1 more replies
Relevance 48.79%

i Just bought a new PC. i have a couple questions from the 'How to protect yourself from malware' thread.

My Pc is running windows 7.

In the Firewall section it doesnt say if the windows 7 firewall is sufficent? If it isnt i will download and outpost firewall and disable the windows one.

In the Antispware tools i downloaded Micrsoft security essentials for Winbdows 7. Since i also downloaded Avast as my anti Virus is it ok to run both these?

In the disable the autoruns feature there is no update for windows 7?
 

Answer:How to protect yourself from Malware

avilo4u said:





In the Firewall section it doesnt say if the windows 7 firewall is sufficent? If it isnt i will download and outpost firewall and disable the windows one.Click to expand...

While the Windows 7 firewall is better than what was in previous versions of Windows, it is still very inadequate.





avilo4u said:





In the Antispware tools i downloaded Micrsoft security essentials for Winbdows 7. Since i also downloaded Avast as my anti Virus is it ok to run both these?Click to expand...

No! MSE is and antivirus and antispyware. So is Avast. You can only have one of them installed.





avilo4u said:





In the disable the autoruns feature there is no update for windows 7?Click to expand...

Microsoft has never updated their info ( from here http://support.microsoft.com/kb/967715 ) for Windows 7 so I'm not sure if everything that is used for Vista would apply.

You can just run this >> Autorun Eater
 

6 more replies
Relevance 48.79%

Make sure you get your system protected from ocurrences of malware problems. Below are some simple steps you can take to reduce the chance of infection in the future. I strongly encourage you to do them all. There is no perfect solution for totally preventing malware from getting on your PC, however, these steps will help.

Please do not make the false assumption that this thread is old or out of date based on the date the thread was started ( 10-10-04 21:52 ). Look at the Last Edited date at the bottom of this message as this procedures does evolve with time.

IMPORTANT NOTE: It is getting more and more difficult to find real true freeware these days that does not include bundleware, toolbars...etc and junk you just don't want. Make sure you pay attention during installation of anything you download and read license agreements. Be sure to uncheck check boxes for the bundleware and toolbars where you can so that you opt out because the defaults are always to opt in.


1. Visit Windows Update: Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS. For anyone who is not yet running at least Windows 7 (which you really should be running at a minimum if your PC supports it) see the below link before updating. Note: Windows XP is not longer supported by Microsoft and is hence a security risk.

Windows 7 Upgrade Advisor
You should check for Windows Updates at least once a ... Read more

More replies
Relevance 48.79%

I did a hijackthis scan and here's what I got:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:18:17 PM, on 4/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\WINDOWS\System32\00THotkey.exeC:\WINDOWS\system32\TFNF5.exeC:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynT... Read more

Answer:Malware Blocking Acess to Spybot, Microsoft Malicious Removal Tool and other anti-malware programs

Hey guys I solved my own problem. I completely reinstalled windows. (It was about that time anyway)

2 more replies
Relevance 48.79%

Gud day to everyone,

My computer having some malware activity, i have used adware 2008, spyware removal tool, norton anti-virus and other removal tool, but still those malware cannot be deleted.. My Computer icon could not display its properties, instead it appears like a file when you see its properties. It also disabled TCP/IP that why until now i cannot connect to the internet.. I don't have WindowsXP SP2 cd for repair..

Please help me as soon as possible, because it is a server..

Answer:Urgent! My XP SP2 have malware activity!.. cannot remove using malware removal tool

Hello frozenfire03, Welcome to TSF!

I recommend that you read this article… "Having problems with spyware and pop-ups? - First Steps"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.

When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Good Luck with it.

Kind Regards,

7 more replies
Relevance 48.79%

Ran a pcpitstop scan last week as my pc is becoming increasingly slow (particularly when it comes to opening web pages). The scan showed that the pc is infected with Kollah, trymedia as well as various others. Started searching for solutions on the web, and subsequently installed Malwarebytes, HijackThis, Superantispyware, etc (already had spybot S&D) Malwarebytes and hijackthis would install but refuse to run. I found this forum, and followed the READ AND RUN ME FIRST Malware removal guide - to the letter.
Superantispyware scanned ok, but didn't find anything.
Malwarebytes won't run.
Combofix gets to stage three and then i get the BSOD and have to crash and restart.
Rootrepeal and MGtools seemed to work ok and generated reports, although I am unable to find a zip file containing a log in the MGtools folder on the c drive.
Incidentally, Spybot S&D and Adaware both don't find anything more sinister than a few tracking cookies.

I'm losing the plot now!

I have attached logs as instructed. Would really appreciate any help that you can give me!

Thanks
 

Answer:Trojans/malware blocking virtually every malware remover tool

Welcome to Major Geeks!





badlydrawngirl said:





MGtools seemed to work ok and generated reports, although I am unable to find a zip file containing a log in the MGtools folder on the c drive.Click to expand...

It is not in the MGtools folder. See the instructions which said it would be in the root folder of your Windows boot drive. i.e., C:\MGlogs.zip

We need this log to even begin.

Why are you attaching instructions for using SDfix?
 

10 more replies
Relevance 48.79%

Hi all!
Recently while searching for new Anti-Malware tools to try subsequently in order to clean my computer for malware, I came across EMCO Malware Destroyer.
And hence, now I am wondering;What is your opinion on the Anti-Malware tool EMCO Malware Destroyer?
Thank you very much in advance!
Regards,
midimusicman79

Answer:What is your opinion on the Anti-Malware tool EMCO Malware Destroyer?

I have seen it advertised on Major Geeks and other third-party hosting sites but write ups and reviews never impressed me.EMCO Malware Destroyer by Softpedia...To start with, you should note that it does not provide active protection, heuristic scans or an active shield of some sort. This utility will only search for baddies currently loaded in the memory or running processes that are infected...Malware Destroyer is designed for manual virus checks and the fast scans recommend it, but bear in mind that it is mainly aimed at non-techy users and will only provide an occasional supplemental layer of protection.

10 more replies
Relevance 48.79%

Hi all!
Recently while searching for new Anti-Malware tools to try subsequently in order to clean my computer for malware, I came across EMCO Malware Destroyer.
And hence, now I am wondering;What is your opinion on the Anti-Malware tool EMCO Malware Destroyer?
Thank you very much in advance!
Regards,
midimusicman79

Answer:What is your opinion on the Anti-Malware tool EMCO Malware Destroyer?

I have seen it advertised on Major Geeks and other third-party hosting sites but write ups and reviews never impressed me.EMCO Malware Destroyer by Softpedia...To start with, you should note that it does not provide active protection, heuristic scans or an active shield of some sort. This utility will only search for baddies currently loaded in the memory or running processes that are infected...Malware Destroyer is designed for manual virus checks and the fast scans recommend it, but bear in mind that it is mainly aimed at non-techy users and will only provide an occasional supplemental layer of protection.

0 more replies
Relevance 48.38%

Hi. I am rather a person with basic knowledge about computers so don?t be surprised if my question will sound stupid to you.
I have a Windows PC and I often use my thumb drive to print some documents in my university. I?m afraid that it will become infected someday so I thought it would be a good idea to use it only with Puppy Linux when I'm at home. This is why I made my thumb drive a bootable one with Puppy on board. What I want to do is to boot to Puppy, copy the files I need to print or use at the university to the USB drive, then close the system and disconnect the USB drive. To be clear, only one USB stick is involved in this process (Puppy and data are on the same USB stick). Would that prevent infecting my Windows PC? If not then how can I avoid viruses spreading through USB? Can malware do any harm to Windows OS when Puppy is booting?
 

Answer:Can puppy protect me from malware?

Good idea if I understood correctly
 

7 more replies
Relevance 48.38%

Hello,

Is there any thread for "How to protect yourself from malware (for vista)" as the one written by chaslang for windows xp.

Another question plz. Is there any site to give ranking for antivirus softwares like matousec for pro-active internet security softwares.

Also kindly tell me plz that avast antivirus is better or comodo internet security with antivirus is better.

Thanks.
 

Answer:How to protect yourself from malware (for Vista)

ablaze said:





Is there any thread for "How to protect yourself from malware (for vista)" as the one written by chaslang for windows xp.Click to expand...

It was not written for Win XP. It is for all versions of Windows althoough obviously there is more in there that relates to WinXP and older since they have been around longer.





ablaze said:





Another question plz. Is there any site to give ranking for antivirus softwares like matousec for pro-active internet security softwares.Click to expand...

You should ask in the Software Forum. But reviews of AVs are typically out of date by the time they are published. This happens because many programs update 3 to 5 times per day and even just one update can drastically improve or reduce an AVs test score.





ablaze said:





Also kindly tell me plz that avast antivirus is better or comodo internet security with antivirus is better.Click to expand...

You are not comparing apples to apples. Avast is just an antivirus. Comodo Internet Security includes all of the below:

firewall
antivirus
Host Intrusion Protection System (HIPS)
BOClean Anti-Malware is not being included in CIS

 

3 more replies
Relevance 48.38%

Hello - First, let me say thank you for helping me rectify a really poor choicesof opening software I wasn't 100% certain was verifiable. As a result I have the Virust Protect Pro problem (at a miniumum) which seems to tie up my machine a lot and causes problems with my wireless network adapter. I have used Spybot and Adware to no avail. I've copied and pasted the Hijack This log below and won't make any changes until I hear from you.
With great thanks for your help!
K

Logfile of HijackThis v1.99.1
Scan saved at 3:52:29 PM, on 8/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program F... Read more

More replies
Relevance 48.38%

We maintain several PCs from a library, a research lab for students in a university. Just recently bunch of malwares swarm inside the lab and nearly affected all the machines. Most of these malwares are being imported from student's flash drives in which they're freely allowed to plug on the PC's. So cleaning the infections was really tedious. We cloned the drives and some were fixed using anti-malware softwares. 
 
Each computer is running a Microsoft Security Essentials for virus protection, and that's it.

Our main problem is, how should we setup each PCs so that we can prevent those viruses from porting inside the system? Is there any particular software or windows configurations that can offer such functionality? MSE merely detects all these viruses and most of it already infiltrated the system and removing each as I said is very tedious and time consuming.
Maybe you guys got some efficient workarounds with this type of predicament.NOTE:
All PCs have the same hardware and uses Windows 7 32bit.
 

Answer:How to protect PCs from USB-malware carriers?

Simple, look at:
 
http://www.bleepingcomputer.com/forums/t/541639/security-suggestions-post-3-of-7/
 
Have a great day!

 

11 more replies
Relevance 48.38%

I have read this threadhttp://forums.majorgeeks.com/showthread.php?t=44525 and i am paying particular attention to #5 AntiSpyWare Tools, and it states ONLY USE 1 REALTIME BLOCKER So my question is, i use ESET'S nod32 Antivirus to protect my machine, but it has antispyware protection included. I also have Malwarebytes Pro providing real time blocking, so am i in effect useing more then 1 realtime blocker? If so what do i do about that? I paid for Malwarebytes Pro, not using it will defeat it's purpose and be considered a waste of money!
 

Answer:How to Protect yourself from malware Thread

You;re fine. One AV only, but you can have more than one AS (Anti-spyware ).
 

3 more replies
Relevance 48.38%

I continue to get the "SysProtect" download window on both I.E. and Mozilla. Followed your steps listed to clean my system, but same "Virtumonde" files appear each time I run Ad-Aware. Here is the Hi-Jack this log (after running Ad-Aware, see end of log for HijackThis log generated after restarting computer w/o running Ad-Aware):Logfile of HijackThis v1.99.1Scan saved at 9:48:28 PM, on 5/18/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\System3... Read more

Answer:Malware - Virtumonde & Sys Protect?

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.Step #1Scan again with HijackThis and check the following items:R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\system32\jkhhe.dllO20 - Winlogon Notify: jkhhe - C:\WINDOWS\system32\jkhhe.dllAfter checking these items, close all browser windows except HijackThis and click "Fix checked".Step #2Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Put a check next to Run VundoFix as a task.You will receive a message saying vundofix will close and re-open in a minute or less. Click OKWhen VundoFix re-opens, click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will shutdown your computer, click OK.Turn your computer back on.Please go HERE to run Panda's ActiveScanOnce you are on the Panda site click the ... Read more

7 more replies
Relevance 47.56%

Hello,
My son went to an untrusted site and the computer was infected with the conduit searchprotect.  I tried removing it with Eset Home Security.
 
However, my PC is still acting strange. I think the internet is a bit slower. As well, when I try to run some .exe files, such as Eset's ERARemover tool, windows gives me an error "this app can't run on your PC".  I have windows 8.1 64-bit and have tried both 32bit and 64bit programs.
 
I can't attach a DDS log because it's now win8.1 compatible.
 
thanks.

Answer:Conduit Search Protect and other malware?

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===These tools are compatible with your operating system.Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by click... Read more

8 more replies
Relevance 47.56%

I just got my degree and have not been able to find work so I can only thank all the people at MajorGeeks.
I am 'Gunk Free' but was reading the chaslang's post "dated 10-10-04, 21:52, How to Protect yourself from malware! - MajorGeeks Support Forums"; and under the firewalls to use "Outpost Firewall Free" is listed when I went to download it, it is Dated: 2009-05-08 is it still a good firewall to use?
Thank you in advance for your help.

At a point in time I was 01 of them that understood some binary.
 

Answer:How to Protect yourself from malware! post question

Yes, it is still a good firewall. Just make sure you keep it updated as you would with all other protection software.
 

1 more replies
Relevance 47.56%

Will Ad-Aware only detect the malware in its definitions during a scan, or does it also prevent it from being installed on your computer in the first place? What about A2? Many thanks. - Tye

Answer:Does Ad-Aware protect your computer from malware?

No on both counts. Try Spywareblaster click here

3 more replies
Relevance 47.56%

Hey!
I am a web designer and I just got permission to work from home for the next week. I am allowed to take my work laptop home for it. I would like some advice regarding the security concerns before I start the work.
I have heard about spyware and malware attacks that can cause severe loss of data. I don't want such things happening to me in my work system. As of now it's clean and no malicious files are present in the system. It's installed with Kaspersky Internet Security and ExpressVPN when connecting to the Internet. Will it help in protection from spyware and malware? I have seen articles mentioning not clicking on emails and installing antivirus softwares will help, but still I have heard a lot about such attacks. What else can I do to ensure nothing harmful will happen?
 

Answer:Will Kaspersky and VPN protect from malware attacks?

It being a work laptop, you shouldn't replace any of the pre-installed software, correct?
 

3 more replies
Relevance 47.56%

Malware Protection is a rogue anti-virus application that runs a fake system scan and then concludes that your computer has a malware infection or serious security/privacy issues. To fix the malware infection you must pay a fee, about $50. The rogue program copies user interface elements from real programs and it looks like a legitimate application. Plenty of people shell out $50 to register this fraud and that's a big problem because if you're transacting with these guys online you're offering them your credit card details. Cyber criminals can later user that information to their benefit. You should protect yourself with common sense and legitimate anti-virus software because such fake anti-virus applications as Malware Protection now represent about 20% of all malware in circulation. If you made a mistake and purchased it, please contact your credit card company and dispute the charges. And if you still have this fake AV on your computer, please follow the removal instructions below to remove Malware Protection and related malware for free.

Manual Malware Protection removal instructions:

1. Right click on the "Malware Protection" icon, click Properties in the drop-down menu, then click the Shortcut tab.

The location of the malware is in the Target box.

NOTE: by default, Application Data folder is hidden. Malware files are hidden as well. To see hidden files and folders, please read Show Hidden Files and Folders in Windows.

Under the Hidden f... Read more

Answer:How to protect and clean your computer from malware

Is this a removal guide for this rogue or ?

 

1 more replies
Relevance 47.56%

I am getting three screens that come up when ever I try to do work on any program. (1) Windows Security alert (2) Spyware Protect 2009 alert (3) Spyware Alert

DDS (Ver_09-02-01.01) - NTFSx86
Run by Kim at 10:54:20.07 on Thu 02/19/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2430.1853 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)

============== Running Processes ===============

J:\WINDOWS\system32\Ati2evxx.exe
J:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
J:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
J:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
J:\WINDOWS\system32\Ati2evxx.exe
J:\WINDOWS\Explorer.EXE
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\McAfee.com\Agent\mcagent.exe
J:\WINDOWS\svcho.exe
J:\Program Files\AIM6\aim6.exe
J:\Program Files\Windows Live\Messenger\msnmsgr.exe
J:\Program Files\Messenger\msmsgs.exe
J:\WINDOWS\sysguard.exe
J:\Program Files\AIM6\aolsoftware.exe
J:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
j:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
j:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
J:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
J:\Program Files&... Read more

Answer:Spyware Protect 2009 malware

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

2 more replies
Relevance 47.56%

Hello,I recently managed to aquire a virus that seems to have taken over my computer. There's a bar that appears right below the address bar for internet explorer telling me to download the latest antispyware to protect my computer. I cannot pull up my Task Manager, my computer prompts me that it has been disabled by my administrator. My desktop background has been changed to a message stating the computer has several fatal errors. and occasionally music will play at random that i've never heard before.here is my log:Deckard's System Scanner v20071014.68Run by Josh UWL on 2008-04-09 16:35:51Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --49: 2008-04-09 21:36:32 UTC - RP521 - Deckard's System Scanner Restore Point48: 2008-04-08 16:12:26 UTC - RP520 - Restore Operation47: 2008-04-08 16:08:59 UTC - RP519 - Last known good configuration46: 2008-04-08 16:08:42 UTC - RP518 - Restore Operation45: 2008-04-08 16:08:41 UTC - RP517 - Last known good configuration-- First Restore Point -- 1: 2008-04-08 16:08:11 UTC - RP473 - System CheckpointBacked up registry hives.Performed disk cleanup.Percentage of Memory in Use: 85% (more than 75%).Total Physical Memory: 447 MiB (512 MiB recommended).-- HijackThis Clone --------------------------------------------------... Read more

Answer:Protect.antivirus Malware Infection

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

10 more replies
Relevance 47.56%

Microsoft said:

A view of the current landscape
Criminal attacks continue to evolve and malware has become their standard weapon against anyone who uses the Internet?on traditional form-factor devices, as well as on mobile devices like tablets and phones. Malware targets all operating systems and browsers, and in recent years, criminal attacks against applications have increased substantially.

Criminals also use social engineering to trick you into performing actions that put you at risk. An increasingly common social engineering strategy uses online advertising campaigns to lure you to a site that installs malware on your computer.

An economy has developed around building reliable vulnerability exploits, which criminals buy to help distribute their malware. Criminals make money from their malware, so they invest in ways to keep it alive such as producing a higher quantity of malware, updating it more frequently?e.g. multiples times each day?and increasing its size and complexity. Some malware is as complex as commercial applications.

Secure by design
We use the Security Development Lifecycle (SDL) to build Windows with the best security design, development and testing practices available. Some highlights include:
Threat modeling and security design reviews. During the design process we consider how criminals might seek to attack features and scenarios, and incorporate this analysis into our designs.
Writing secure code. Training and code quality tools help to pre... Read more

Answer:Windows 8 will better protect users from malware

Well its like malware writers would take time to discuss how they will bypass those features. Its like Windows 8 were built in security and could led to few vulnerability probably.
 

6 more replies
Relevance 47.56%

Topic title pretty much says it all. How can i prevent hijacking of my browser or even worse my entire computer? Last night i made a stupid move and attempted to download something off Pirate Bay, i read the comments and it looked legit. Since i didn't have a software that downloads the torrent i clicked on whichever one Pirate Bay offered me. The software was successfully installed and was downloading the program but it froze the halfway and my google chrome completely stopped working, Later on i found out that Conduit is a malware that sometimes installs itself without the user's permission and takes over the browser. Now i'm paranoid about downloading anything. By the way i have a supposedly good anti-virus : Bitdefender for which i paid good money! Very disappointed that it pretty much welcomed the bad malware with open hands and allowed it install itself. 

Answer:How to protect your computer from malware like CONDUIT??

attempted to download something off Pirate Bay : < Anything off these Torrents sites is 50 to 90% infected and not usually legalWinPatrol Free is one of the better programs to warn you if there is going to be an attempt to change your Home Page. This may help after you do a full scan with your Antivirus -Please download AdwCleaner by Xplode onto your desktop.*Close all open programs and internet browsers.*Double click on adwcleaner.exe to run the tool.*Click on Delete.*Confirm each time with Ok.*Your computer will be rebooted automatically. A text file will open after the restart.*Please post the contents of that logfile with your next reply.*You can find the logfile at C:\AdwCleaner[S1].txt as well.  Thank You -  

1 more replies
Relevance 47.56%

QUESTION _Sticky:" How to Protect yourself from malware! "

In the below instructions, Is it necessary if I *NEVER* use IE, only Firefox?

Thanks!


"6) Adjust Active X security settings

* In Internet Explorer, click Tools, Internet Options, Security. Click on the Internet globe. Then select Default Level, then click OK. Now select Custom Level and scroll down to the ActiveX controls and plug-ins section (some may already be set correctly):
o Set Download signed Active X controls to Prompt
o Set Download unsigned Active X controls to Disable
o Set Initialize and Script ActiveX controls not marked as safe to Disable
o Set Installation of desktop items to Prompt
o Set Launching programs and files in an IFRAME to Prompt
o Set Navigate sub-frames across different domains to Prompt
o Set Allow paste operations via script to Disable (see: http://support.microsoft.com/kb/224993 )
o Click OK and OK again. "
 

Answer:QUESTION _Sticky: How to Protect yourself from malware!

Re: QUESTION _Sticky:" How to Protect yourself from malware! "



jilter said:





In the below instructions, Is it necessary if I *NEVER* use IE, only Firefox?Click to expand...

Yes! Some applications will automatically launch IE sessions since that may be all the can use. Also you need to use IE to be able to get all of your Windows Updates. And some websites (just like some applications) do require IE.
 

1 more replies
Relevance 47.56%

hello friends-i hope my title makes some sense. i wanted it to convey what i was asking about so people browsing could tell. cuz i couldn't find a question like mine.

i have a new hd completely installed and setup. my old hard drive is now the secondary master and although i still have the OS and programs installed, i never use it. lately i have been actively file-sharing via lime wire. i am behind a zone alarm firewall and running spyware blaster and AVG free. i also regularly scan with spybot S&D. i also scan each file with AVG b4 opening (thanks to majorgeeks for advising me on security)
however, i've been warned the limewire is notoriously risky as far as spyware etc. so my question is:

If i choose to open my secondary OS at start up, and browse and download these risky files to my secondary HD. will that protect my primary HD from infection?

if not, any other advice u have regarding the risks of file sharing are appreciated.

one thing i look out for is files that are too small to contain what they say they do. for example 100kb song files. i just dont download these.
 

Answer:2nd HD for dwnlds/protect primary from malware?

IMHO, I keep an operating system and a backup drive, without an operating system. Just put it on the same cable as primary slave. Frankly, if you are not dual booting 2 operating systems, theres no need to keep them both installed. That said, no any files on a second drive can, and probably will, affect the main drive, in your case, probably infect both drives. A drive formatted without an operating system for backup should be safe from virus and spyware infections, but can affect the other drive, in other words. Having that second drive is great for backups of important data in case of a need to format. I love having my spare drive. Your also correct about Limewire, but it is not specific to Limewire. Any file sharing application is a risk.

Did I answer what you needed?
 

2 more replies
Relevance 47.56%

If you know about security in website and computer then tell me how to secure Website from Malware Attack. And what is the role of Google Webmaster in security purpose?
 

More replies
Relevance 47.56%

If I visit a malware site with latest version of Firefox with the NoScript extension without allowing any scripts, whats the chance of me getting infected if I don't download anything?
 
Also, I hope this is the right place to post this.

Answer:Will using NoScript protect you from a malware site if..?

COPIED FROM NoScript:
The NoScript Firefox extension provides extra protection for Firefox, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank).
NoScript also provides the most powerful anti-XSS and anti-Clickjacking protection ever available in a browser.
NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not known yet!) with no loss of functionality...
You can enable JavaScript, Java and plugin execution for sites you trust with a simple left-click on the NoScript status bar icon (look at the picture), or using the contextual menu, for easier operation in popup statusbar-less windows.Watch the "Block scripts in Firefox" video by cnet.
 
If I were using Windows and could only have one security program/ add-on....it would be NoScript. I use it in Ubuntu, too.
There is a learning curve. It is not just install and forget. Install it and go to a popular site and then view all the scripts you never knew
were active on that site and are now blocked from running. You can click to allow just the site's scripting and still block all the others.
The ones that you want to play videos on will be one that you will spend the most time learning which script to allow only the videos to play.

11 more replies
Relevance 47.15%

Hello. My kid's PC -- an HP (Model M7567C, with 2, 260 GB hard disks and 2 GB RAM) is infected by "Spyware Protect 2009" malware. The malware repeatedly displays at least 3 different pop-ups saying there's a spyware infection and offers to sell a fix; the program also prevents Explorer from working properly. There are no obvious programs/processes to shut down from the control panel. The machine has Zone Alarm Security Suite installed - I'm not sure if my kids ignored a warning or if the software mistakenly let something in. Zone Alarm technical support said to try running Malwarebytes' Anti-Malware automated removal tool, but the program doesn't seem to run (nothing happens after the program is downloaded and launched). I tried running Zone Alarm virus and spyware scans, but the program runs slowly and eventually hangs (I think I ran the Zone Alarm scan in the Windows Safe mode). I can boot the PC in Windows Safe mode, but unfortunately there is no useful restore point. I can boot the PC in the normal Windows mode but it takes 2 or 3 cold starts. I can use Microsoft Explorer (through a wireless LAN connection), but in the normal Windows mode Spyware keeps hi-jacking Explorer and displaying its rouge messages.

Before I give up and reformat the hard disk and re-imaging the disk from the backup system disks, I would like to try a less time consuming solution. Any suggestions are welcome! Thanks!

I ran the DSS scan as instructed. Here are the res... Read more

Answer:"Spyware Protect 2009" malware problem

I wanted to add some new information to my original posting that seems to be related to my problem.

When my spyware infected PC boots, I get the following messages:

"The application or DLL c:\windows\system32\digeste.dll is not a valid windows image."

"View Manager has encountered a problem and needs to close."

"Error loading c:\windows\griwapaxim.dll. The specified module could not be found."

I noticed that there was a Windows update available today (the February update of Microsoft's anti-spyware program). I installed this application; after this, Zone Alarm Suite was then able to run (up to now, it just hung up), and 2 items were quarintined: WIN32.SYSGUARD adn WIN32.TROJAN.FAKEALERT.IEH

However, there are still problems with my PC. I still can't get Malwarebytes' program to run, even when I rename the *.exe file to *.bat. It seems like whatever is still injecting my PC interferes with any anti-spyware/malware program from running properly and interferes with the operation of Explorer.

Thanks.

4 more replies
Relevance 47.15%

To start let me thank you for putting all these great programs in one easy to download area! Just following this guide has cleaned out several items from my supposedly secure system.

I did find one broken link however and got lost going through the giant comodo forum trying to find another thread with a similar ease of use allure.

This one: Configuring CIS for Maximum Security with ZERO Alerts for Novices

If you could give me an updated link it would be much appreciated.
 

Answer:Broken link in: Sticky How to Protect yourself from malware!

Thank you for bringing it to our attention. We will see what can be done to fix that issue.
 

2 more replies
Relevance 47.15%

I would really appreciate some assistance with "Internet secruity designed to portect" malware and/or virus.  I have attempted to remove this with no luck.  I did install and run Malware Bytes.  Initially it listed several virus which I removed.  However, I still have a problem.  Anytime I try to run/download anything it is blocked by this annoying virus.  What can I do? Any and all help would be greatly appreciated.

Answer:Internet Secruity Designed to Protect Malware Help Please

Hello, I moved you from WIN7 to the Am I Infected forum for now.
Please try following this GUIDE.

1 more replies
Relevance 47.15%

My computer is infected with a malware program called "Spyware Protect 2009" how do I get rid of it? I followed instructions and have copied DDS and Attach files below. popup windows keep appearing saying my computer is infected with a virus and I need to install their software.
DDS (Ver_09-03-16.01) - NTFSx86
Run by John Schlatterer at 2:44:20.15 on Mon 03/16/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.96 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files&... Read more

Answer:remove malware, Spyware Protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any scri... Read more

2 more replies
Relevance 47.15%

Hi everyone,
I want to tell my story about protection of ESS on my computer. Today, when my friend plug in his USB into my computer, I noticed that his USB shows only 1 USB shorcut in explorer. Before, my previous machine is infected by this malware type (malware creates USB shorcut) so I have experience with it. And when he plug his USB in, I run ESS Smart Scan but it found nothing. This afternoon, when I plug my USB in my machine, I saw that all things in my USB turn into 1 USB shorcut, I run Smart Scan again with my USB and found nothing, too (I also run a scan by Zemana AntiMalware, and it found nothing, too). After that, I installed MCShield AntiMalware Tool, and scan my USB with it. Magically, It found .ink malware in my USB and cleaned it sucessfully! This is screenshot about log of MCShield:

And now, I'm very disapointed with my ESET . It makes me got infected easily! . How do you think about my problem, please share with me.
 

Answer:ESET Smart Security can't protect me from .lnk malware

ESET protects against malware coming from USB devices.
Probably did not recognize the malware that caused the problem.
You have done well to use McShield.
 

71 more replies
Relevance 47.15%

Hi Folks, Yes I've got the privacy protection Malware, currently running windows XP on a dell laptop and I cannot start up in the safe mode, no Internet start up or execution of any programs allowed. Looks like I can strip documents & information off but thats about it. Can anyone share my options to cure this problem?

Thanks in advance - L

Answer:OK I've got the Privacy protect malware & no safe mode

Hello LarsLind,I moved this to Am I Infected.For the connection try these...Please click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.Now check if the internet is working again.ORGo to Start ... Run and type in cmdA dos Window will appear.Type in the dos window: netsh winsock resetClick on the enter key.Reboot your system to complete the process..Please follow our Removal Guide here Remove Privacy Protection (Uninstall Guide) .After reading how the malware is misleading you ...You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Also the other tool log.. A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.

1 more replies
Relevance 47.15%

How does comodo firewall protects against signed malware at cruelsister's settings? Also i can disable its processes via task manager. How its self protection?
I am going to use it on my system with cruelsister's settings but these issues are my main concern which do not let me believe in comodo's power.
So,help me out and give the required info.
Thanks.
 

More replies
Relevance 47.15%

I finally found a fix to the malware the the Virus Protect Pro created and it cleaned out everything. The free software (to use and clean) is called Super AntiSpyware (that's quite some name) and you can download the free home version at http://www.superantispyware.com/superantispywarefreevspro.html
I'm going over there now to donate some money as it was my stupidity that had me lose about 6 hours trying to fix what I did. It's always nice to find a hero.

With blessings for a great day.
K
 

More replies
Relevance 46.74%

I have recently been infected with a fileless malware. I have run a scan with ksc and it reported some memory detection. So,i run a scan with fully updated avast free and emsisoft eek but they didn't find anything. Finally, i have to scan with zemana and only after it detected and removed a fileless malware,ksc was able to give my system a clean sheet. Does kaspersky and zemana the only one to protect against such attacks? I need a free tool to protect my system against such attacks. The detection by zemana was "trojan poweliks: fileless malware". I don't need any whitelisting software and i also sincerely think that even they cannot counter such attacks.
 

Answer:Do you know any free software to protect against fileless malware attacks?

avast and bitdefender free are both goof
 

23 more replies
Relevance 46.74%

Hi

I was just wanting to know the reason why Spybot S&D was removed from the "How to Protect yourself from malware!" sticky.

I am using version 1.6.2 since I found the newer v2 to be quite bloated and annoying. Should I still be using 1.6.2 since it still downloads the lastest malware signatures? Or is there an important reason why it was removed as a recommended antispyware tool?

Cheers
Sam
 

Answer:Reason for Spybot S&D removal from How to Protect yourself from malware thread?

Just not that useful anymore and as you noted V2 is too bloated. We also never liked Teatimer.

You can still use the old version and make use of the bad download blocker and hosts file protection if you wish but I would not use Teatimer. Modern antivirus programs already included antispyware too.
 

1 more replies
Relevance 46.74%

Hi, i'm having a problem with my web browser since using the malwarebytes anti-malware scan. Before I ran the scan and removed the infections it found, I was able to open webpages and go to sites although when i would try to search it would redirect the page. After I ran the scan and deleted the infections, I tried to open a webpage and it said it couldn't display it although I was connected to the internet. One of the things the scan found said "adware.mywebsearch" I would assume that was the reason it was redirecting the page. As of right now, I have done a system restore to a point before i removed the infections so i could display a webpage to get help. If someone can please help me, I would be very grateful.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Leslie at 14:54:14.01 on Wed 05/06/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.496 [GMT -4:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEn... Read more

Answer:malware agents/koobface,spyware protect removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Relevance 46.74%

I've been using AVG, and have bought the full version, yet was confused with what I had to do.  Can anyone tell me which product is user friendly, yet a good system choice.  Thanks,
Would be appreciated. 
 

Answer:What is a good product to buy to protect and remove virus, malware etc...

My personal choice is ESET NOD32 Anti-Virus if choosing a paid for program as it leaves a small footprint...meaning it is not intrusive and does not utilize a lot of system resources. Kaspersky Anti-Virus is also a good choice if looking for a paid for program. If you don't want to pay then I recommend avast! Free Antivirus.For more specific information to consider, please read:Choosing an Anti-Virus ProgramSANS Institute Choosing Your Anti-virus SoftwareImportant Fact: It has been proven time and again that the user is a more substantial factor in security than the architecture of the operating system or installed protection software. Therefore, security begins with personal responsibility and following Best Practices for Safe Computing.

6 more replies
Relevance 46.74%

Hey guys, I am sure you can relate to my current woes here. I have a family member who is just always getting malware on their computer. Getting tired of cleaning it up so frequently and I wanted to ask you guys what you do. Personall I install Chrome and MSE, and set MSE to a Full Scan once a week with real time monitoring. I also preach safe web surfing, but honestly, it's like telling a Crack Head that crack kills.

So what do you guys do to try to ease the pain of fixing a family members computer?
 

Answer:How do you Setup your family members computer to protect from malware?

They now have Macs
 

46 more replies
Relevance 46.33%
Question: System Protect

Anyone tried 'System Protect' from Spyware Terminator? You'll see it advertised in 'News & Tips' on the system summary screen when you open Spyware Terminator.

More replies
Relevance 46.33%

help me to protect my pc against from a malicious user on the other computer over the LA

Answer:i want my system protect from lan

If there is a malicious user on your own lan, then you should report him/her to your supervisor.:: mike

2 more replies
Relevance 46.33%

I am setting up a new system & would like to protect it in the Best way possible. It has Win XP ( Pro )

Which software should I install to best protect it before I transfer the data from old hard disk ?

I have installed the NOD 32 Antivirus & turned on the Windows firewall.

Thanks
 

Answer:How To Best Protect my New System ?

The Windows Firewall is not good enough, I wouldn't even call it a firewall.

For Antivirus I recommend AVG AntiVirus, fore a Firewall I recommend ZoneAlarm Free Edition, for Antispyware I recommend Spy Sweeper.

You should see this article on How to Protect yourself from malware!
 

2 more replies
Relevance 46.33%

Hello Malwaretippers!

By making this thread i mean to ask you how you protect your system from malware, hackers, and similar. Which security softwares do you use to defend yourself and your data? And maybe to hide data from family/intruders?

In my case:
Kaspersky Antivirus, as an antivirus solution
MalwareBytes Antimalware, as an antispyware solution
Zemana AntiLogger, as a keyboard input, webcam, and a screen recording protection
ZoneAlarm Firewall, as a security solution against hackers and controlling incoming and outcoming internet connections
TrueCrypt, to encrypt all my data with the best algorithms

Just to highlight, everything works 100% and doesn't slow down my system at all.

What can you tell me about yourself?
 

Answer:How do you protect your system?

My realtime protection : AVG Is 2016 ( tweaked )
cryptoware protection : cryptoprevent ( maximum and beta settings )
system hardening : emet 5.5 ( maximum settings )
anti pup : unchecky
on demand : mbam , zemana , eek
chrome is my main browser : https everywhere , crumble , privacyfix and AVG webtuneup , ublock origin as extensions
for online privacy I use peerblock and steganos VPN

avg does slow down my system , but I do not realy care ; I do not game or use heavy photo / video editing software on this machine.
 

1 more replies
Relevance 46.33%

I have Windows XP pro, I have a firewall and I use AVG. What is the best, most secure protection I can have against malicious hackers?
 

Answer:How to best protect system?

16 more replies
Relevance 46.33%

I am using NOD 32 Antivirus & updating it regularly.

But yesterday when I scanned my hard disk, some partitions are showing some viruses.

How do I remove them if those partitions have the latest virus that would wipe out the data ?
 

Answer:How Do I Protect My System from D day ?

Are you referring to the MyWife (aka blackworm) virus? Antivirus sigantures should have been updated in anticipation of this virus as of January 23? 27? Either way, today is supposed to be the day when it strikes, so I hope you haven't posted too late and that your signatures have been updated since the above date.

Of course, if you have existing viruses, they could open the door for others. Back up your data, and visit this thread, to be on the safe side.

Also, since this is an email worm, practice caution with attachments (particulary ones claiming to be explicit Kama Sutra pictures). It can also spread through network shares, so eliminate as many as possible.
 

1 more replies
Relevance 46.33%

Hi Guys,
Can I begin by saying a MASSIVE thank you to you all-I'd be totally lost without your help
Ok, down to business-I've done as the guide suggests, performed the XP clean up, ran the programs and I've got all the logs which are hopefully attached. The problems started a almost a week ago when the dreaded "spyware protect 2009" screen started popping up and the icon lodged itself in my system tray and I got suspicious when there was no option to get rid of it-it's disabled my windows firewall, is blocking/redirecting my IE browser with it's phony msgs etc. If you need any more info or if I've somehow left something out/attached the wrong logs just let me know-it's purely out of ignorance and not laziness if that's the case!!!:-o

Thanks again- Cheree :wave
 

Answer:vundo/spyware protect 2009 malware-logs attached

here's the last log
 

6 more replies
Relevance 45.92%

OK so I have this pop-up thing that tries to automatically download this system protect program. I haven't actually downloaded the program, but I think my computer has a virus from this thing. I did the whole Vundo scan and remove thing and have also downloaded Hijackthis. I have a file on the C drive and such. I have no idea what to do with the list hijackthis creates after the scan. I have been doing research and it looks like other people copied and pasted their list and someone helped them determine what to delete. Is this safe security wise? and can someone please help me with this?? i will be forever thankful!
Thank you!
 

Answer:Need help in removing System Protect Please Help!

6 more replies
Relevance 45.92%

NOTE:You must unhide the system files first.
This How To helps a lot to those pupil who don't want any virus in there computer. This how to deals with protecting your system from virus that enters your computer from Pen drives and other removable drives
You should do following thing to protect your system from VIRUSES-
1. HAve an updated antivirus program i recommend Quick Heal plus 2008 because it actually repairs the file in 90% cases.
2. If u recieve an email attachment from an unknown source delete it
3. If u recieve an email attachment from one of your freind, first confirm from it and before opening read the complete file name of the attachment. Viruses most probably have the extension like these
"school girl.avi.vbs", "hot.jpeg.bat" etc always look at the last extension.
4. When you want to use a pen drive or any usb drive, CD/DVD Drive then as soon as you connect the drive presss SHIFT key it disables AUTORUN. Now scan it from ur antivirus program. If u r not satisfied then do the following
open cmd
type the drive letter of ur usb drive say H: and press enter
now look for the Autorun file if any using DIR command
If there exist AUTORUN file then type AUTORUN.INF and press enter
the autorun file is now opened in notepad

Sample Autorun File[autorun]
open=foo.exe bar
;ShellExecute=index.html
icon=foobar.ico
action=Foo Bar
shell=doubleclick.exe
shell\configure=&Configure...
shell\configure\command=setup.e... Read more

Answer:How to protect your system from VIRUS

Nice information. I would like to see the full post here. Keep up the good work.

9 more replies
Relevance 45.92%

Hello,I've been trying to remove a trojan from my roommate's XP computer which appears as "System Protect." It pops up with dozens of messages explaining that the computer is infected and asks to register for about $80.00. It slows down the computer dramatically, and will not allow me to open any programs that could remove it (AVG, Malwarebytes' Anti-Malware, HijackThis!, etc.).This link gives a guide on removing System Protect. However, there is a randomly named .dll file that I cannot delete. On this system it's called "cbdfbeeacba.dll".I have deleted the following files and registry entries listed in the guide(except for the .dll file above):%UserProfile%\Application Data\install.exe%UserProfile%\Application Data\lsascs.exe%UserProfile%\Application Data\shellex.dll%UserProfile%\Application Data\Microsoft\windll32.exe%UserProfile%\Application Data\SpyProtectorSC_Base_new.dat%UserProfile%\Application Data\SpyProtectorSC_Config.ini%UserProfile%\Desktop\System Protector.lnk%UserProfile%\Start Menu\Programs\System Protector\Purchase License.url%UserProfile%\Start Menu\Programs\System Protector\Support Page.url%UserProfile%\Start Menu\Programs\System Protector\System Protector.lnkC:\Program Files\System ProtectorC:\WINDOWS\system32\spyprotector.cplHKEY_CURRENT_USER\Software\Microsoft... Read more

Answer:System Protect .dll file

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

17 more replies
Relevance 45.92%

my sister clicked on a link given to her on msn, now we have a red shield prompting us to install "system live protect" to get rid of our "spyware infection" with balloons poping up every 5 mintues or so from the system tray. I have been trying to get rid of this with the regular anti-virus/anti-spyware tools I use, {adaware SE personal, Spybot Search & Destroy, spysweeper(w/o virus scan), NOD32} to no avail. I have no idea what information I need to give you to diagnose this problem, so:
HEELLLLLLLLPP!!!~

Answer:"system Live Protect"

I have not found any sure cure for the malware you have. I did find one site where it was advised to use the SDFix. Download SDFix and save it to your Desktop.Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, the Advanced Options Menu should appear;Select the first option, to run Windows in Safe Mode, then press Enter.Choose your usual account.Open the extracted SDFix folder and double click RunThis.bat to start the script.Type Y to begin the cleanup process.It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.Press any Key and it will restart the PC.When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.http://downloads.andymanchesta.com/RemovalTools/SDFix.exe--------------------------------------------------------------------------------Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds. http://www.superantispyware.com/--------------------------------------------------------------------------------Post a Hijack This log in the Hijack This Forum ... Read more

1 more replies