Computer Support Forum

Windows 7 Malware Read & Run Me First

Question: Windows 7 Malware Read & Run Me First

Hi there.
I just noticed there is no Read and Run Me First specified for Windows 7 version. I was sad, so I thought I would bring it up.

cheers

Relevance 100%
Preferred Solution: Windows 7 Malware Read & Run Me First

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Windows 7 Malware Read & Run Me First

There most certainly *is*

2 more replies
Relevance 48.38%

Hi Everyone,

I found this site through a Google search, it seems like an amazing resource and a great community. Even though I still haven't fully resolved my laptop issues, I feel like I am learning useful things by following your posts.

My post is a bit long, but I tried to cover everything that seems relevant.

Below is a description of what I think might have caused the issues, description of the issues, what I?ve done so far, and the text logs are attached. Any kind of help or suggestions would be really appreciated.


POSSIBLE CAUSES?:
One or two weeks ago I installed uTorrent and went a little crazy with downloads (MP3?s, TV Series, Programs ? specifically Nero). Windows and Internet Explorer as well as Firefox were updated with the latest patches, Windows firewall was turned on, I was using a wireless router, Windows Defender was running and updated, and AVG Free Edition was also running and updated. The first time I downloaded Nero, errors occurred each time when trying to unzip the file. I think this might have been the bogus file? I downloaded another Nero installation file (shareware?of course) and it installed and worked fine. Next time I used my computer, two issues came up.


ISSUES:
1. Pop-ups when using IE, no pop-ups with Firefox.

2. Windows stop error blue screen started appearing forcing a restart. I have no idea if the two issues are related, but both started around the same time. When I ran all the scans i... Read more

Answer:Malware + Windows Stop Error -- Not Sure if related. Followed READ & RUN ME STICKY

Re: Malware + Windows Stop Error -- Not Sure if related. Followed READ & RUN ME STIC

Ran CounterSpy in Safe Mode logged in as Administrator. It found WhenU.SaveNow Adware and deleted it.

Ran Bitdefender and Panda ActiveScan in Safe Mode with Networking Support via IE. Don't think Bitfender found anything. Panda found 4 objects.
 

13 more replies
Relevance 48.38%

Please help. I'm such a newbie and I have no idea what to do.:-o

AVG detected Trojans (a lot) so I tried to do "READ & RUN ME FIRST. Malware Removal Guide." I had no problems up until the part where you have to run RootRepeal.exe, and then Explorer crashed and I can't fix it. The moment I restart explorer it crashes again. :cry I can't do anything on my PC anymore...

What went wrong? What should I do? I attached some of the reports I managed to get. Hope they help.
 

Answer:Windows Explorer crash during READ & RUN ME FIRST. Malware Removal Guide

This is the AVG report and the RootRepeal error log just in case you need it too. thanks!
 

15 more replies
Relevance 46.74%

I got down to the step where I ran shownew.bat, but got this error message.

C:\WINDOWS\system32\cmd.exe
C:\PROGRA~1\Symantec\S32EVNT1.DLL An installable Virtual Device Driver failed Dll initialization. Choose 'Close' to terminate the application.

I have the other requested scans, and I'll attach them to this post and the next. I have been having various issues and can't seem to get rid of them, even after running the various scans. I have HijackThis already installed, but I read that you requested that we downloaded from you link...should I uninstall, and then reinstall?

Thanks in advance for your time, guys.
 

Answer:Various Malware issues, Have read 'READ & RUN ME FIRST'

GetRunKey and NewFiles attached.
 

16 more replies
Relevance 43.46%

My computer recently became infected. At first, my taskmanager and regedit were locked. Next, my desktop background was locked. I fixed these problems, but continue to be bombarded with malware in my running processes which regenerate upon rebooting. Eventually, I could not startup Windows. Once the Windows loading page was finished, my computer would restart. I upgraded to XP Pro, can now log on, but still have malware. Please help! Thanks for your time!
 

Answer:completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have malware

Re: completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have mal

Here is my MGTools.zip log. Thanks in advance for your help. Any addition info needed please let me know. Take care.
 

4 more replies
Relevance 43.05%

i went through it i ran all the test except one combofix.exe because i dont have a Windows CD for Windows XP Recovery Console and when i got my computer from the store it came pre-installed and i cant make floppy one because my floppy drive is broken with tis post is some of my logs from running the programs
 

Answer:i read the read and run malware

this is my MGlogs
ps on my task manager i have running like 8 svchost.exe dose that mean anything
 

9 more replies
Relevance 42.64%

I ran the steps in the Malware removal guide, i haven't seen any new pop-ups, but i noticed that there were a few problems that bitdefender could not fix, and my laptop is still running slow.

I am running windows XP, and will attach all logs.

Thank you in advance for all you assistance.
 

Answer:ran all the steps in "Read & Run Me First malware removal guide," still have malware

Re: ran all the steps in "Read & Run Me First malware removal guide," still have malw

Here are the last three logs.
 

10 more replies
Relevance 41.82%

Hey, I have read and followed all the instructions in the process of the "read and run", but I am not sure if I am totally free of malware. I have the anti virus Webroot and it keept detecting malware every once in a while in my computer, which I removed (before ever trying "read and run"). I was just wondering if I should proceed to the next step of enabling UAC, system restore, etc? Or just wait and see if any malware pops up again. Your help is appreciated.
 

Answer:Malware read and run

Before we continue I would like for you to use MSConfig to put this machine back into normal start up mode, if you haven't done so already.


Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:


[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-514681628-3143843819-1411659263-1000\Software\Microsoft\Windows\CurrentVersion\Run | SearchProtection : "C:\Users\Antonio\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-514681628-3143843819-1411659263-1000\Software\Microsoft\Windows\CurrentVersion\Run | Search Protection : "C:\Users\Antonio\AppData\Roaming\Search Protection\SP.EXE" /autostart -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-514681628-3143843819-1411659263-1000\Software\Microsoft\Windows\CurrentVersion\Run | SearchProtection : "C:\Users\Antonio\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-514681628-3143843819-1411659263-1000\Software\Microsoft\Windows\CurrentVersion\Run | Search Protection : "C:\Users\Antonio\AppData\Roaming\Search Protection\SP.EXE" /autostart -> Found

Place a checkmark next to each of these items, leave the others unchecked.
Now press the Delete button.
When it is finished... Read more

20 more replies
Relevance 41.82%

A couple of days ago my computer started acting weird. All the icons and the start menu will disappear every 10 seconds and appear again after around 10 seconds. I noticed that I have forgotten to activate the antivirus program. I ran it and I found that I had a few Trojan horses. The antivirus program could not fix the problem so I ran the malware removal guide that you have here. The tools that you recommended discovered even more viruses and spyware. My computer started acting normally again but my husband ran some of these tools again today and they were still finding Trojan horses. It seems like we were not able to get rid of all the viruses. I have attached the logs that you requesed.

We would really appreciate it if you would help us fix our computer as we are both not very good with computers. Thank you very much for your help in advance!

Dilyana and Harry
 

Answer:Ran Read Me and still having malware

Attached is the log from MGTools.

Thank you again!!!
 

3 more replies
Relevance 41.82%

Hi there,
I followed all the steps in the run and read me first. The only part I had trouble with was showing hidden folders which my computer wouldn't let me do until after i ran mb. Things are definitely working much better but I want to get rid of all of it so that it doesn't get bad again like it was before.

Thanks for your help!
 

Answer:Ran Run & Read me 1st but I still have malware

sorry i forgot to attach one of my logs
 

4 more replies
Relevance 41.82%

Just would like help to see if I've done things right and if there are any additional things I need to do, I still see in Processes boabu.exe using resources; can't disable / or remove it; What's next?
 

Answer:malware read and run first DONE

Here are the MGlog results
 

5 more replies
Relevance 41.82%

When I run Spybot Search & Destroy I find several
instances of SpyWare. Anenue A, inc., DoubleClick,
Mediaplex, and sometimes Advertising.com.

I remove them, then the next time I connect/sign in to
Yahoo, they re-appear. I can also remove them by
"deleting cookies" within IE properties (or by using
ccleaner). I'm running IE ver 6.0.2900.2180.xpsp
_sp2_gdr.050301-1519.

My machine is an HP Pavilion a527x, product number;PC
032A-ABA, Software Build;42NAheBLU4, Hardware BOM;
0nB121110,Software BOM;NA50, Service ID;061-804.

I have followed you instructions in "READ & RUN ME FIRST
Before Asking for Support" through step 6. Including the
CWShredder and Kill2Me.

Bitdefender found nothing, but Panda ActiveScan indicated
that there are 7 infected files. All appear to be cookies, but
I don't know how to prevent them from running.

And, signin/signout on Yahoo will cause the DoubleClick
malware to reappear. Staying signed in longer will result
in more malware showing up.

I have attached BDSCAN.TXT, ACTIVESCAN.TXT and
HIJACKTHIS.LOG which are the "saved" logs from their
respective scanners.

You might also want to see a 'print screen' of an error that
frequently appears at boot up - see MsWinDefender2.doc.
(Only able to have 3 attached files and I think the logs
are probably more important than the 'print screen'.
I'll send it later if you want to see it.)

Are the... Read more

Answer:Malware still there after READ & RUN ME

Welcome to Majorgeeks!

Cookies are not problems that you need to worry about. They are harmless as noted in step 11 of this link How to Protect yourself from malware!


You do have a few lines you can have HijackThis fix but they are not big problems.


Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)


After clicking Fix, exit HJT.:

Other than that, you are clean!
 

3 more replies
Relevance 41.82%

I have done all the scans in the READ ME FILE but I still have stuff hiding on the pc. All the scans that were requested to be in safe mode were done so

I have attached all the files requested and am asking for advice on how to get rid of the left over stuff.
 

Answer:Have done all in READ ME but I still have malware on the pc

Here's the other two attachements...
 

8 more replies
Relevance 41.82%

Hi, I have done almost everything that I can think of to remove Adware.Fotomoto . Any help in removing this would be greatly appreciated.

Edit by chaslang: Inline HJT log removed. READ & RUN ME sticky not followed.
 

Answer:Followed Read-me,still have malware, here is HTJ

Welcome to Major Geeks!

Sorry but no you have not followed the READ & RUN ME. It does not ask you to post a HijackThis log especially one that is inline.
Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide
 

1 more replies
Relevance 41.82%

Here is a link to the EULA for Vista. Pay special attention to section 6. Look what windows defender can do!

http://download.microsoft.com/docume...9cf5105718.pdf

Answer:Vista Eula Link Must Read!!! Read About What Windows Defender Will Do To You!

Nice. I had scrutinized it hard enough already with a steel hat, so I'm still safe.

Hehe, Veesta is a beast! Most corps, even NIST, MIT, UDoD and ASUS as the largest MB MFG detests it. Not fit for mass consumption eh.

12 more replies
Relevance 41.41%

The computer whirs & loads media cds, nothing happens, the device manager is listed aslite-on DVDRW SHW-16358.This is a newer Gateway pc I transferred data to, from my old one. From XP to 7.

Answer:Is it my pc, or Windows 7? Wont read media, but will read music cds

How old is the Optical drive ? ?They fail...and they dont build them like they used to.QuoteThis is a newer Gateway pc I transferred data to, from my old one. From XP to 7.Also the above is unclear...are you saying you installed Win7 to this Gateway ? ?If so did you remember to DLoad and install the Win7 drivers for the PC ? ?

8 more replies
Relevance 41.41%

Okay so I'm really suspecting malware on my computer...I ran DDS, and I will post the log below and attach the other. I tried running GMER twice, but both times my system crashed (yes I had AVG and Ad aware turned off.) Is GMER suppose to take so long? Mine was running for at least 6 hours...anyway here's the DDS Log 1-

DDS (Ver_10-03-17.01) - NTFSx86
Run by Aidan at 12:16:20.78 on Wed 04/07/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.291 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Fil... Read more

Answer:Malware Check-up PLEASE READ

Hello and welcome to Tech Support Forum.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh DDS Log

3 more replies
Relevance 41.41%

Hi guys,

As of lately I'm getting a popup prompting me to install a certain program, because my system is 'infected'. I ran all the programs in your read and run me first tutorial and have attached the logs. I was kinda hoping that would do the trick but right after I finished running all these programs you suggested I still get the popup. It's redirecting me to http://xpantivirus.com and keeps asking me to install it.

Please advise on how to get rid of this (what I suppose is a) trojan. Thanks alot in advance.

Noc
 

Answer:Malware still there after performing 'read and run me first'

I have made screenshots of the popups, since you will probably recognise them once you see them. But since I can only attach 3 items to a post I had to make a second.

Greetings,
Noc
 

1 more replies
Relevance 41.41%

started this this 2 months ago didnt get it all finished started over,did the read & run system seems to be doing fine no blue screen , will attatch logs, thanks always
 

Answer:malware removal read & run again

here is the combofix
 

6 more replies
Relevance 41.41%

DOS/Alureon.J
Two days working on it
Doing Read & Run; step 3

See attacehd scan

upload failed
AsPatch10430001.exe.vir:
PhysicalDrive0_User.dat:
invalid files?


... retry see below
 

Answer:DOS/Alureon.J doing read & run first malware

You need to do all of the Read and Run FIrst instructions and attach the requested logs.
 

1 more replies
Relevance 41.41%

First of all if I am in the wrong section I am sorry ...I am learning to use a port listener tcp view and I am queering the programs to see what is what and I have come across a lsass.exe wich i read could be a Trojan , worm ect I read it is a Local Security Authentication Server service or it could be malware . I have it in the listening section of this tool my Norton 360 does not pick anything up I would like to know should this be listening on 2 udp port's ? I am running win 7 rc

Answer:lsass.exe I read it could be malware ?

As long as it is in the C:\Windows\System32 You're safe

5 more replies
Relevance 41.41%

Hello,

No matter what I have done do I have not been able to remove malware, trojans, etc.Originally E2Give and Qoologic were in there as well as others. I may have cleaned some, but trojans continue to infect the computer on start-up. I don't know if it is significant, but IE would not shut down when rebooting between safe mode and normal. It says explorer.exe, not responding etc...

I have an Intel Pentium 4a 2800mhz on a Dell Desktop 4600i.Operating system is XP.512 MG Memory, 80GB Disk Drive. I have Anti Vir as an anti virus program. I have Followed the READ AND RUN ME 1st directions to the letter including running all recommended Downloading Tools in safe mode(CC, Adaware, Spybot) with the exception of Windows Defender/Malicious Software Removal Tool which would not run. In their place, I used Counter Spy. I also ran Bit Defender and Panda Scan. Their logs are attached along with the Hijack This scan.

I am truly at the end of my rope and have spent countless hours to this point. Please help. Thanks
 

Answer:Can't get rid of malware after following READ/RUN instructions. Help!

Welcome to Majorgeeks!

Please run CounterSpy again and this time let it fix what it found. You told it to Ignore the malware last time. Then attach the new log.

Also you did not attach your Panda ActiveScan log. Please attach it.

You were supposed to uninstall Viewpoint Manager in step 0. Please uninstall it now!

Also uninstall Mercora

You said you did not run Windows Defender but I do see it installed. Try running it in normal boot mode. Let me know if it runs that way.

Is the below a paid version or a free trial version?
C:\Program Files\CA\eTrust Internet Security Suite


Now let's fix some of your problems!

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [BSz] C:\documents and settings\lou\local settings\temp\BSz.exe
O4 - HKLM\..\Run: [vH] C:\windows\temp\vH.exe
O4 - HKLM\..\Run: [jnNZM] C:\documents and settings\lou\local settings\temp\jnNZM.exe
O4 - HKLM\..\Run: [dDpyKDP] C:\documents and settings\lou\local settings\t... Read more

12 more replies
Relevance 41.41%

Hello, I am in the process of trying to fix my 12 year olds laptop. I am not entirely certain how she got the malware on here but I am attaching all the logs for you to see. After running all the scans, I am still getting big pop up ads in the lower left corner of the web browsers. Also a random "new tab" ad will pop up at random times. Thank you for your help in advance
 

Answer:Read And Run + Malware Removal.

breed120 said:





After running all the scans, I am still getting big pop up ads in the lower left corner of the web browsers. Also a random "new tab" ad will pop up at random times.Click to expand...

Well other than what was already removed during the scans, I'm not seeing anything else. Let's run a couple other tools.

Please download AdwCleaner by Xplode and save to your Desktop.

Right click onAdwCleaner.exe and select Run As Administrator unless running Windows XP where you should just double click to run the tool.
Vista/Windows 7/8/10 users right-click and select Run As Administrator
Accept any prompts for permission to run and then click the I agree button to accept the Terms of Use
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, you may just see a popup stating that no malicious programs were found. Just click OK to continue.
Now click the LogFile button and the report will open in Notepad.
(AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Attach the logfile to your next next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created ... Read more

1 more replies
Relevance 41.41%

i just joined the Forum, and am very new to all of this.
i will try not to ask really dumb questions.

My first question is about the Malware Removal Guide.

Is it Possible that the Guide could be posted as a PDF of DOC Document for DownLoad?? i Guess PDF would make more sense. It could have all the images and Links. We the users could throw it on a Thumb Drive and take it with us on the go.

Just thought i would ask.
Thanks, ThunderBoyDavid
 

Answer:Read & Run Me First. Malware Guide ??

Welcome to Major Geeks!

We have had that suggestion before and it just requires to much additional work on our part and it changes to frequently. You would be out out date in no time and we need you to be running the current online version at all times.

You could always save the web pages to single file web archives ( .MHT files) and use them offline for your own reference but as stated. They would quickly be out of date. Since you have to be online to download the files anyway and get updates for programs, it really would not be of much help.
 

1 more replies
Relevance 41.41%

I use Windows Vista 32-bit, AVG AntiVirus Free and Malwarebytes Pro. Malwarebytes scans always indicate no infected objects. AVG scans continuously show AVG Detection Virus Found Win32/Heur and C:\Windows\System32\perdisk.dll and advise that the threat cannot be removed because the original file was deleted and replaced by a malware file. I have received this virus warning for several months now; however, after researching various trusted forums, etc., I accepted that this was a false positive by AVG. However, within the last week or so, ALL of my files have been changed to read only, I am unable to create new folders, password protect .zip files, etc. - even when signed in as admin.

I have read and performed all of the steps in READ & RUN ME FIRST Malware Removal Guide and am uploading my logs. All of the scans seemed to run successfully until I ran MGTools. With MGTools when the scanning gets to processdll.exe to find . . . I get error msg that application has generated an exception that could not be handled. Process id=0x7a4 (1956, Thread id=0x38 (3384), and when running from GetLogs.bat get similar msg Process id=0x10b0 (4272) Thread id=0x16fc (5884).

I also ran from command prompt sfc /scannow and received msg that Windows Resource Protection found corrupt files but was unable to fix some of them. Please let me know if you would like to review this log as well.

Thank you in advance for your time, knowledge and assistance. I greatly appreciate e... Read more

Answer:READ & RUN ME FIRST Malware Removal

Your problems may not be due to malware.
You have multiple antivirus programs installed. To repair possible damage cause by this, uninstall ALL of the below now and then reboot before moving on:
AVG 2013
Microsoft Security Essentials

Please download and run the correct version of MGtools given in the READ & RUN ME. You are a few years out of date. Attach a new log.

 

7 more replies
Relevance 41.41%

Have windows vista, 32 bit. Have tried numerous malware and virus scans, and they found the virus and quarantined it. Malware is still there because when i try to go to google and do a search, when I click one of the result pages, it redirects me to a fake site. Also, sometimes, not all, when I open internet explorer into Google, google gives me the "we're sorry" page and asks me to confirm that I'm human. When I enter the crypt code, it doesn't register, and brings me back to the same "were sorry" page

Ran Read & Run me first with all except root repeal (would shut down computer when I tried to run it). Logs are attached.

thank you so much!
kristin
 

Answer:HELP!Completed Read & Run Me first, still have malware!

Run this as I review your logs.

Go to TDSSKiller and Download TDSSKiller.zip to your Desktop


Extract its contents to your Desktop so that you have TDSSKiller.exe directly on your Desktop and not in any subfolder of the Desktop.
Now double click the TDSSkiller.exe file to run it ( if using Vista or Windows 7 do not double click on it but rather, right click and select Run As Administrartor.
Allow the application to run and a window will open showing that it is TDSSkiller from Kaspersky
Click Start scan
It will run rather quickly and will notify you of whether anything is found or not.
Follow the instructions to delete/quarantine if asks you what to do when if finds something.
Whether an infection is found or not, a log file should be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post )
 

11 more replies
Relevance 41.41%

Have followed directions but still have problems. i am attaching my logs. My counterspy text exceeds the file size limits thus i am unable to post.
 

Answer:remove malware followed read this

Re: remove malware followed read this more attachments



cajiao73 said:





Have followed directions but still have problems. i am attaching my logs. My counterspy text exceeds the file size limits thus i am unable to post.Click to expand...

here are the additional logs
 

4 more replies
Relevance 41.41%

Is it possible, at all, to get a virus, spyware, key loggers, or any other kind of malware on a read-only drive?
I am considering getting a computer, removing the hard drive, and then installing Windows onto a 64GB SD card, setting that as the C drive. I would then set the card to read only BEFORE connecting it to the internet. It just seems to me that there would be no way at all a virus could ever get onto it, as there is no way to write it. Am I correct in my thinking?
I would use this computer as an online banking, Credit Carma, Mint.com, etc. ONLY machine. I have been terrified of online banking forever, as malware writers are often one step ahead of anti-virus programmers. I recently learned how Chromebooks work, and I see they are ahead of malware programmers FOR NOW. My thought was, if I can take away their ability to write something on my computer, I have beaten them.
With this idea, I know I will have to get updates, etc., from offline sources (and temporarily allow the card to be written on), and I am perfectly okay with that, but is my thought process correct in blocking viruses?
 

Answer:Malware on a read only drive

While it might be theoretically possible to use windows on a read only drive, I don't think windows will actually run from a read only SD card.

Too many windows features need to, write to HD tom actually work

If you want read only then use a linux live disc like Linux mint or puppy linux
 

1 more replies
Relevance 41.41%

I ran your most excellent Read Me tutorial on malware/virus removal and want to attach the logs below as instructed. Still to come: SAS txt file and Malwarebytes log in next text, providing I can find them!

Thanks,
Cal
 

Answer:Malware - Ran the Read Me Procedure

LOgs for SAS:

C:\Documents and Settings\cgoldsmith\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs <--- found here.

Logs for MBAM:

C:\Documents and Settings\cgoldsmith\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs<--- found here. Attach the most recent, log showing what it removed.
 

10 more replies
Relevance 41.41%

trojan horse BHO.CVX

hi,
i've got a trojan horse and i don't no what 2 do?:cry
 

Answer:READ & RUN ME FIRST malware guide

Re: trojan horse BHO.CVX

someone????
 

12 more replies
Relevance 41.41%

I think some kind of adware is still running. Yahoo mail gets redirected to Bluelithium ad site(s).

Cleaned up using Malwarebytes then went to this forum and followed the read me steps.

Ran Defogger, ccleanup, Superantispyware, rootrepeal, combofix then ran HJT and saved a log.

I can't tell what my next step is to be. I assume, attaching HJT, but will wait for guidence.
 

Answer:Cleaned via Read Me First. Still have Malware.

If you have completed the Read and Run First instructions, then attach the below requested logs ( we did not ask for HijackThis logs )::

SAS
MBAM
ComboFix
C:\MGLogs.zip --> from running the C:\MGTools.exe.

 

7 more replies
Relevance 41%

Hello,
people on this forum seem to be incredibly helpful and i would appreciate any time that someone has to help me out.

I followed your Read&Run Me First guide to a 't' but my malware infection is very persistent.

I cannot even supply you with any logs from any of the programs (SAS, malwarebytes, MGtools, etc.) because these processes get killed during their scanning procedures.

My System: Windows XP, 64 bit, McAfee virus scanner

Background of my Problem:
About 10 days ago, I updated FireFox to the current version, but this version from the get-go ran VERY slow on my comp (old version ran just fine). Therefore I started using IE.

Using IE yesterday, I definitely visited the wrong site but i dont know exactly which one (it was one of those pdf downloader sites, serves me right for going to these sites). Then Windows Police Pro starts popping up and my IE starts getting hijacked (when i click on a search result from google it redirects me to some random site, for eg datacenter.com). I run through the Task Manager and look for suspicious processes. I find b.exe. Even after killing it in task manager and deleting from my computer, it keeps initiating upon windows start-up. So I remove this by booting in safe mode and removing the 'archive' attribute through the command line prompt and then deleting it. After doing this b.exe does not start up again and is seemingly not present on my computer, but the IE hijacking still happens an... Read more

Answer:Followed Read&Run Me First Guide to a 't' but still malware infected

Welcome to MajorGeeks, in_distress!

I'll post back with a plan of action shortly.

dr.m
 

1 more replies
Relevance 41%

Hello! My computer is apparently infected with TR/Crypt.XPACK.Gen as my avira intercepts it most of the time when I cut/copy a file or doing tasks. The virus is always intercepted in the temp folder of avast. Yes, I had 2 AV's but already uninstalled avast as directed on read & run me first.

But prior to consulting majorgeeks, I tried to remove the virus by installing Paretologic av plus, it found a Trojan-Downloader.WMA.Wimad.v in my C:\recycler but did not remove it since it wasn't freeware (hah!).

I did as instructed in read & run me first and in windows xp cleaning procedure, it worked great! But I'm still quite uncertain of the results since the scans removed only a trojan other than crypt.xpack gen nor that wma.wimad (or any other pests for that matter). I'm still stuck on proceding to the 4th step (Toggle System Restore).

A problem I have before running your method is that my computer restarts when I double click on the Creative volume control while running Cakewalk Sonar & Roland VSC (softwares I use for MIDI sequencing). I don't know if it is infection related or system conflicts. But now, I also observed that my yahoo messenger only slides in the taskbar when i click on it, needs right clicking to restore. Other than that, sometimes when I open up a software, another software/s also open up.

Need your expert help. Thanks!



Additional info: PC specs:

WIndows xp sp3
Pentium dual core E5200 2.50Ghz
2gig kingst... Read more

Answer:Uncertain if malware was removed after read & run me

Here are the 2 other logs
 

8 more replies
Relevance 41%

I completed all of the steps tp the best of my knowledge and I'm still getting the same pop ups... HELP
 

Answer:Malware On Laptop- Completed Read& Run Me- Still Get Pop Ups

Welcome to Major Geeks!

Is your copy of Spy Sweeper a paid version or free trial? If trial, uninstall it now.


Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\rxjddnvj.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file... Read more

3 more replies
Relevance 41%

Hi, and thanks in advance for any help you can provide.

My IP was put onto the XBL and PBL list, it said I had a rustock infection.

I ran the Run and Read me process as described.

I had no virus detected with SAS or Malware bytes, I have attached the CombiFix log.

RootRepeal crashes repeatedly with no explanation why, a dialogue box comes up but the contents wont appear.

MGtools wont run, it just says "MGtools.exe is not a valid Win32 application" - or something v similar.

So I have no clue what's going on, there are no other symptoms. Any help you can provide would be appreciated .
 

Answer:Suspected Malware - failed Run & Read Me

Also I forgot to mention my Windows Firewall turned itself off and wont re start - this is not too much of an issue in that I run Zone Alarm but obviously suspicious. I also use AVG.
 

10 more replies
Relevance 41%

I was directed to your post by another user and read all the details, I started with the C CCleanup and realized I have no idea if there are any cookies that I would need to keep or why. In following the rest of the steps I realized that the remedy is way too beyond my computer capabilities. I'm hoping, if I can describe for you what I am encountering, you may recognize it and what possible malware may have infected me.I have a pretty large music library, just under 3000 songs. Many were downloaded from CD's, some from friends libraries. some downloaded --- primarily from LimeWire (the user that directed me to your post said he believes LimeWire may be where he got his unwelcome friend). I compiled a very large and extremely time-consuming playlist in MS Media Player yesterday. I subsequently loaded and listened to the list for a few hours afterwards. As I was closing down MS Media for  the evening, I looked at the list (still in the 'Play' box) and noticed that every song I had listened to had a duplicate entry on the playlist. I opened the list to edit and the duplicates were all there so I spent about 40 minutes manually deleting them. This just atarted yesterdayI have no idea why this is happening and needless to say I'm reluctant to play that list or even to use the media player for fear that everything I access will be duplicated. I have a fairly new machine loaded with the most up-to-date version of Trend Micro Internet Security. I ran a f... Read more

Answer:Re: Read this before requesting malware removal help

Without the logs there isn't much we can do.

1 more replies
Relevance 41%

I was on the internet and I started to get the fake microsoft virus download. I did a system restore in order to be able to clean my computer and it made my favorites on ie disappear and also my documents and pictures were hidden. I have done the malware read me scans. Also my documents and pictures are back but they are greyed over as if still hidden. I am going to attach the files in hope that if there is something else on my computer that it can be removed as well. Also when I did the MG tools when I did the download it did not do anything other than put the folder on my c drive. On the instructions it said that it would start by itself but it did not do anything, so to not make things worse I left it as is. Thanks for any help
 

Answer:Malware read me done documents still hidden

Please download and save the below tool from Grinler @ bleepingcomputer to your Desktop or anywhere else you can find it ( if the Desktop is not showing )

http://download.bleepingcomputer.com/grinler/unhide.exe

Now run it. Now see if you can find the items that seemed to be missing?

Please click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The purple is merely informational.
cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
GetRunKey <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
ShowNew <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.
 

15 more replies
Relevance 41%

My boyfriend went on a X rated site (against me telling him not too) and of course my computer started acting funny right away. I ran the XP cleaning procedures, could you please read my logs?

Thank you.
 

Answer:Just ran the Malware procedures, could you please read my logs?

Here's the other file you need.


Thanks again! I love this site!
 

4 more replies
Relevance 41%

I have been infected by malware and some of this seems to have been removed using the READ AND RUN FIRST procedures. I suspect however that I may still be infected and I am waiting for the hoax "Install Antivirus" to come up again. I am unable to see the desktop on my account and when I try to run "explorer" using the task manager I am told "Task Manager has been disabled by administrator" although that is an admin account. I am sending this through my daughters account which so far seems to be running OK. I have attached logs as requested. Would appreciate your help (by the way my daughter is the main user of this PC - Dell XPS running XP SP3 - and she uses it for school work but it was an inadveratnt download by me that set things off ).
I successfully eliminated malware two years ago using your procedures and at that time did not require your help but I think I am in deeper trouble now and even ny backup disk may be infected. Hence my first post.
I have attached requested logs but will need to post again for the MGlog.
Thanks in anticipation.
Mark.
 

Answer:Still Malware problems after following READ ME FIRST procedures - help! (please...)

Re: Still Malware problems after following READ ME FIRST procedures - help! (please..

MG tools log.
 

45 more replies
Relevance 41%

OK first I would Like to kindly thank whoever helps me with this issue and understand I have read, performed and understood all stickies before posting this thread.

Understand I always try to fix my own issues via Google (love Google) and read as much as I can when the issue happens but I fear this time I was unsuccessful in doing so. I do feel as if every issue I am having contributes to one another and therefore I feel there is a more serious problem than meets the eye. I have tried system restore, advanced system care,CCleaner, De-fragmenting etc etc. All these things continue to come up and I grow tired of not being able to talk to my wife while here, not to mention the possibility of losing my gaming computer to a virus.

Well without further delay my problems are numerous and shady. For starters at Random my computer will freeze entirely allowing nothing but a hard shut down. This happens at random points in time and sometimes multiple times a day when I am doing any activity on my computer. Doesn't matter what I am doing it will freeze when its just sitting on the desktop even only after it being on for a few minutes. I guess I could say it normally does it after it has been on for a while but does not seem to overheat at all being a laptop. This computer was bought last august before my deployment to Iraq and have taken good care of it since.

Another problem I have been having is my computer will just get ridiculously slow while browsing the internet. So... Read more

Answer:Trojan/Malware Hidden? READ and RUN followed.

I am not seeing any issues on your system.

Please use windows explorer to find and delete:
C:\Windows\tasks\zcazxeue.job

Then clean out everything you can in this folder:
C:\Users\Ahlbrandt\AppData\Local\Temp

I would suggest you try one or more of the scanning tools here:
Alternative Scans and report back.
 

3 more replies
Relevance 41%

Hi

After starting this thread http://forums.majorgeeks.com/showthread.php?t=253271


I was told to do Malware removal and post it here.

There is more attachments that I need to attach. I'm not sure how to do that.
 

Answer:READ & RUN ME FIRST Malware Removal- Log Attached

Here is the last log
 

12 more replies
Relevance 41%

i am running a removal on a family member's comp.

they may have gotten a rather bad one.

occasionally it does not allow OS boot
they booted this morning and their ICQ may have tried(and partially succeeded) in nuking another comp

i followed instructions in read & run, logs are attached

i need to know if anything in the logs are dangerous and need to be removed.
 

Answer:malware removal Read Me First instructions have been followed

and their ICQ may have tried(and partially succeeded) in nuking another compClick to expand...

A chat program almost nuked the machine???

Reviewing the logs now...
 

7 more replies
Relevance 41%

1 of 2

Hi, please can you help. I have followed the very helpful ?READ AND RUN ME FIRST? thread http://forums.majorgeeks.com/showthread.php?t=35407 by Chaslang, and now have a number of logs for review.

In summary, I have been running a Windows XP Media Center laptop (Advent Intel Celeron M420 2.6 GHz) from home for a few years without any significant issues. Currently Windows SP3 is installed, and Windows Firewall is the one and only firewall. AVG free v.8.5 was the only anti-virus software (though it has since been removed, so none is currently installed). There is only one PC using the internet connection that I am aware of, which is provided in the UK by Sky Broadband. Though I do have wireless capability, I use a wired connection through the LAN. There is only one user account, ?Catherine?, and the ?Guest? account is switched off. There are a few individuals who periodically log on to the ?Catherine? account within the house though.

Over a week ago, Google searches through my browser Firefox v.3.5.7, once I selected a link, started being re-directed to bizarre pages unrelated to my search, for example ?China online?, and ?triplexfeeds?.
I followed the ?READ AND RUN ME FIRST? guidelines referenced above, and Trojan and Rootkit malware were identified. Following removal of all the malware, I upgraded by AVG free anti-virus from v.8.5 to v.9.0.

Over the last week everything appeared to be back to normal except that the PC was noticea... Read more

Answer:Malware Persisting after READ AND RUN ME process

2 of 2

Following my post above, please find attached the 5th log file, for MG Tools.

Many thanks,
James.
 

6 more replies
Relevance 41%

Hello,
I picked up some malware on my desktop. How, I'm not sure, as it was behaving normally, then I unplugged it to move it, tried it out in its new location (without internet access), and when I returned it to its old spot (with internet access) and started it again it was very slow, and pop-ups appeared.

I followed the instructions. Two notes:

*TDSS asked permission to reboot so it could scan more completely. I scanned it without reboot first, then with reboot.

*When I downloaded MG Tools.exe I got a message I could not save it in C drive so I saved it on my desktop and ran it from there. The zipped log appeared in the MG Tools folder and its name is not exactly the same (it's MGlogsR instead of MGlogs) as in the instructions. Now I find I can drag the exe file into my C drive (I'd wrongly assumed I would not be able to do that after downloading).

After following all the Read Me First instructions yesterday, the desktop is running at its usual speed now, but I just encountered another unusual pop-up (a shaking box warning about Java--not legit) so I don't believe my system is totally clean yet. A check of the logs would be much appreciated--Hitman Pro found several Trojans which I ignored per the instructions.

Thank you for your help,
AddyDog
 

Answer:Malware removal help - Read Me First instructions have been followed

Hello, AddyDog

Now shut down your protection software (antivirus, antispyware...etc) to avoid possible conflicts. *Re-enable them before physically reconnecting to your ISP.

*Other than the tools our guide instructed you to save there, I strongly recommend that you clean up this account's Desktop immediately leaving only shortcut links. [ C:\Users\laddison\Desktop ] Do not store downloads, exe files, iso files....etc on your Desktop. First it is not a safe place to keep them (i.e., you may loose them due to malware, and a cluttered Desktop is an easy hiding place for malware), and last but not least - it can have an effect on your PCs performance.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O20 - AppInit_DLLs: c:\progra~3\perfor~1\perfor~1.dll
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe

After clicking Fix, exit HJT.

Using "Programs & Features" uninstall: (If you do not find it or it will not uninstall, just keep going.)
Ask Toolbar
Java 7 Update 67
Shoppi... Read more

6 more replies
Relevance 41%

Hi,
I want to thank you guys from the bottom of my heart. I cleared most of the malware from my laptop with the usual programs. (Yes, I invited the Devil in). Something(s) was still in my system that would not allow me to access the Windows Update site, or update my virus and mal programs. I found this old thread "READ & RUN ME FIRST. Malware Removal Guide", and followed it to a tee. After reboot, Windows update was already downloading files.

Cheers,
Bill Campbell :major
 

Answer:READ & RUN ME FIRST. Malware Removal Guide

Welcome to Major Geeks!

And your welcome. Thanks for letting us know of your success.





bbillcampbell said:





I found this old thread "READ & RUN ME FIRST. Malware Removal Guide", and followed it to a tee.Click to expand...

While the thread was originally started a long time ago, the procedure in it is frequently updated. Thus it is not an old procedure. The date of the thread starting, does not equal the date of the last update. We don't recreate the thread each time the procedure is changed. We just edit the procedure.
 

1 more replies
Relevance 41%

this computer is an xp, i know its old but cannot afford another quite yet.
its running very slow. completed the read and run first and i hopefully have attached all the logs.
thanks
 

Answer:logs from malware read and run firts

This is a very old slow compyter with an inadequate amount of memory to run properly. Your logs show you only have 1 GB of memory and you really need 3 GB to get better performance.

If you want to extend the life then you should spring for the memory. Otherwise you will still
suffer from performance issues due to low free memory.

Below we will remove some junkware and we will disable a few items you are running at startup that you just don't need especially when memory is low to begin with. And we will uninstall a few items. This may help somewhat.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: HelloWorldBHO - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files\Common Files\Homepage Protection\HomepageProtection.dll
O3 - Toolbar: (no name) - {B... Read more

3 more replies
Relevance 41%

help,

my computer will not read a usb or cd/dvd, it says access is denied.

i have done various virus and spyware and malware tests and it brings back nothing.

i would back it up and re install windows xp, but i have no way of saving the back up, because it will not read.

i have also started getting a blue screen that says hardware malfuntion, and the only thing i can do is to switch my laptop off.

it is an acer travelmate 2420, with windows xp sp2. hav avg 8.0, avira, ad-aware 2008, malwarebytes anti-malware, super anti-spyware and have zonealarm as a firewall. help would be appreciated urgently.
 

Answer:help, computer wont read usb or cd, think it is malware

Welcome to Major Geeks!

It is unlikely that this has anything to do with malware. As such, I'm moving this to the Hardware Forum. Since you are receiving hardware malfunction errors, this makes more sense anyway.
 

4 more replies
Relevance 41%

I'm helping a friend with her computer, so I cannot directly answer what she was doing at the time of infection. What I can tell you is that I've been working through the list of "Read & Run Me First" and am still having problems.

Some information:

Windows XP 32-bit SP3

I started by removing all AV programs that she had installed to start with a clean slate. I cannot, however, remove SPAMFighter. It will not launch, it will not remove from Add/Remove. It will not even respond when hovering over the icon in the sys tray.

I downloaded and attempted to run SAS, but it will start scanning and close out. I rebooted and tried again...same thing.

I downloaded and attempted to run Malware Bytes. It too will start scanning and then close out after about 15 seconds. After a reboot, same thing.

I will often get the error that the path is not accessible and that I might not have administrative rights, etc. etc.

I was able to get ComboFix to run and during the scan process, the following message popped up:

"You are infected with Rootkit.ZeroAccess! It has inserted itself into the tcp/ip stack. This is a particularly difficult infection."

It then indicated that it the system needed to reboot to continue. I was given no other option than "OK". After a reboot, the scan continued.

I also continued with the rest of the instructions provided, and the other scans did complete.

Three log files are ... Read more

Answer:Malware Removal Help Needed After READ&RUN ME's

Download and run Win32kDiag per the below instructions:
Download this Win32kDiag and save to C:\Win32kDiag.exe. You must save it here!!!!
Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please attach this log

C:\win32kdiag.exe -f -r



Now download Junction,zip to your Windows folder
Please download Junction.zip and save it to your Windows folder (i.e, C:\Windows\Junction.zip This assumes C:\ is your Windows boot drive.)
Now unzip it and put junction.exeinto the Windows folder (i.e., C:\Windows\junction.exe)
Do not try to run it right now. We will run something that uses it later.

Now we need to reset the permissions altered by the malware on some files.
Download and save inhertit.exe to your Desktop: Inherit.exe
It must be in your Desktop or the below fix will not work!

Now run the C:\MGtools\FixPerm.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).
A command prompt window opens and also a license agreement from SysInternals will appear for Junction.
Accept the license agreement and the scan will begin.
Wait until it finishes we can take a while to run since it scans your whole harddisk. e patient and don't do anything else while it is scanning.
The command prompt window should close when it finishes.
While this is r... Read more

24 more replies
Relevance 41%

Hi there and thank you for having me , I'm a new member so forgive me if my forum manners aren't up to code as of yet. I'm sure someone will let me know I had a scan earlier with Malware Bytes and it said I had two security hijackers. I quarantined them but now it says there's nothing. But I've been dealing with the browser pop-ups and redirect for a few weeks now and nothing has changed. Now, in fact, my screen shuts off randomly. It's very annoying and I have college courses online and can't afford to have this keep happening. I'll attach my logs for someone to read please. Thanks so much I'm excited that there are cool people like you out there to help the bigger geeks like me.

It looks like I'm having trouble uploading the malware bytes files so i'll see what I can do and attach them in the next thread or something...
 

Answer:Followed Malware Removal/Have Logs please read

I'm adding my malwarebytes files, hopefully...oops, it's telling me I already added it so i'll take the sites word for it and see what happens.
 

5 more replies
Relevance 41%

hi

i have run through the read and run for windows XP.
Malware and antispyware have found some errors and have fixed some errors.
I have run them multiple times but right now, malware and superantispyware can't find any problems.

However, my mcafee have found errors still but it does not completely remove them as everytime I reboot, the problem comes back again.


I believe MGtools and combofix's log has the names of those trojans.

if anyone can tell me what i should do.
i will be very grateful.
 

Answer:malware - unable to read thumbdrive

Let's try doing this:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Now download The Avenger by Swandog469, and save it to your Desktop.

* Extract avenger.exe from the Zip file and save it to your desktop
* Run avenger.exe by double-clicking on it.
* Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:




Files to delete:
c:\windows\system32\drivers\ovfsthypiwgklmnbwsmqfnetdwrquoivbmollw.sys
C:\Documents and Settings\Chng Zhen Hao\Local Settings\Temp\ovfsthx000
c:\windows\system32\ovfsthjnmcyiykywsaotxblsqlmpeeestjqylm.dll
c:\windows\system32\ovfsthqpuymjysxcvjibqbnyudoaalbpsytvyj.dat
c:\windows\system32\ovfsthephaodsffshnkoplqlmmayneuytqnqau.dll
c:\windows\system32\ovfsthcgitlaincudupxjlkxfxabepkktsasrn.dll
c:\windows\system32\ovfsthnwfoloelglbkokbiqxvebvxscothoffn.dat
C:\Program Files\Mozilla Firefox\extensions\{5B11B384-FCF2-400B-8513-64F769E0AC39}\chrome\content\overlay.xulClick to expand...

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the Reboot now? question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now re-run Comb... Read more

3 more replies
Relevance 41%

Hello all and thanks in advance for any help I can get! I don't mean to get long winded, but to try to get you up to speed, here is what I?ve done. I'm working on my mom's laptop. it's a Toshiba running Vista with only 1gb of RAM and McAfee VirusScan 2009. last January, she got a trojan that took a little work, but after following some threads and running some fixes, I thought I had it licked Since then I installed Malwarebytes, ATF cleaner, and Spyware Blaster and instructed her to run periodically. (and you know how that probably went) Last weekend she told me the computer will not work properly and that she restored to a date in late august to no avail. So I?ve taken it to my place to work on it. Start up was slow, which I expected, but I was unable to connect to internet -concerning since my PC is able to connect with no issues. I tried to run Malwarebytes but it would not open.

I uninstalled some programs that seemed unnecessary and while in the middle of doing some processing, it crashed and I got a BSOD memory dumping error. Hard restart and wa-lah, the internet connected! so while I had connection I installed firefox and tried to do as many updates as I could. Malwarebytes updated but did not run so I changed the file name and did a quick scan, it only took 6 mins which was concerning to me and found no malicious items. I restarted and ran a full scan, again no malicious items. I really don?t remember what I did next but do ... Read more

Answer:malware problem; read and run me first complete

Starting with SUPERAntiSpyware, I had to change setup file name to SAS.exe so that it would run. No malicious items found. Next I ran Malwarebytes but had to change file name to MABM to run.Click to expand...

Then you need to attach their logs regardless of whether they found anything or not.

Rename combofix.exe to 123.com and run it in safe mode if normal mode is posing problematic for you.





but due to the fact that Combofix won?t run and SAS and MBAM need to be altered, I?m suspicious that there is something the computer somewhere.
Again, sorry for the long post, but that is where I am at.Click to expand...





. Last I ran MGTools. It is complete.Click to expand...

Then you need to attach the C:\MGlogs.zip as well as the log from Combofix if you were sucessful and also the logs from MBAM and SAS
 

10 more replies
Relevance 41%

To evilfantasy:I am attempting to follow your steps for malware removal. In STEP 2 is it enough for me to create a restore point to back up my registry or do I need to do more?  Dumbo for sure

Answer:Re: Read this before requesting malware removal help

You can skip the registry part and just move on to the rest of the steps.

1 more replies
Relevance 41%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:16:12 PM, on 2/2/2009Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v8.00 (8.00.6001.18241)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\sttray.exeC:\Windows\System32\WLTRAY.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\ATI Technologies\ATI.ACE\CLI.EXEC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Ares\Ares.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\Program Files\ATI Technologies\ATI.ACE\CLI.exeC:\Program Files\ATI Technologies\ATI.ACE\CLI.exeC:&... Read more

Answer:Virus/Malware possibly, cant read.

bump!

3 more replies
Relevance 41%

Hello,

My PC got attacked by Antivirus XP 2008, Trojan-Spy.Win32 (GreenScreen, KeyLogger and more) and a Virtumonde adWare trojan.

I read and executed your read & run me guide, when running some of the freeware apps they flagged many other threats (I had only been using Mcafee antivirus and not specifically an anti- spyware or adware app).

I got rid of these with the various apps downloaded but could not get rid of the Virtumonde one despite Spybot saying it had found it.

I then uninstalled Mcafee (in case it had been infected itself) after installing another antivirus but then back came the Antivirus XP 2008 and the Trojan-Spy notifications (which read "Windows Security Alert" - "To help protect your computer, Windows Firewall has detected activity of harmful software", with 3 buttons "Keep Blocking" and "Unblock" being greyed out and "Enable Protection" being enabled which leads to a presumably bogus antivirus and spyware products PC Antispy & PCclean Pro).

Despite running the scans and removals for all the freeware (lite and other) versions of these recommended apps from your guide, several times and rebooting I have not rid myself of these malware apps - any further advice you can give me to locate and remove these would be massively appreciated.

Many Thanks,

Radiallica.
 

Answer:MalWare still present after read & run me executed

You need to attach the requested logs from running the Read and Run First instructions.
 

1 more replies
Relevance 41%

First week Sept pages started freezing, FF crashing, I ran Malwarebytes and it found and quarantined several items-this was Sept 9th. I then ran Macafee Suite ( which I get from Cox) and it found several more Trojans- it said it had quarantined them, however, when I looked in the vault there was NOTHING there. ( This all got through Macafee!) I ran Housecall - clean- SuperAntiSpy- cookies and adware, cleaned and the computer was working fine for a day or so. Then FF crashing etc... kept trying different things. Last night my Macafree Suite from Cox expired, it does that every few months. I tried to renew, download again and it would not let me. I called Cox Tech Support we tried many things and they said I must have a virus - duh!
When I tried to download it via IE message was "Windows cannot connect to Internet using HTTP, HTTPS, or FTP, check Firewall, HTTP port 80, HTTP port 443 and FTP port 21, check with Internet provider" I checked with Cox again, there was nothing wrong with my ISP or bandwith.
I could not get Combofix to run, I tried twice. The first time it ran for 30 minutes and the second time it ran for 55 min, and I had the blue screen the entire time. I got a bit of information when I did a search files and I have included that.
I did everything else you said to do. Before I started, I uninstalled all the programs and then reinstalled them. I installed Avast Free until I can figure out what to do, I ran it and it came back clean.
Those first T... Read more

Answer:Did Read and Run Malware process - results

Part two, the information I was able to find by searching files concerning Combofix. See above.

I am trying not to do anything much with the computer. However, I do some work from home on a online crisis line, so, I am hoping this is safe to do.

Thank you very much.
Raven
 

11 more replies
Relevance 41%

Hi all,

New to forums so hopefully doing it right.

I think I have a Malware problem because my antivirus program (McAfee), malware program (Malawarebytes), and internet explorer won't run (although everything else appears to be working ok). Also my usual fix (Kaspersky Rescue Disk 10 then Rkill in safe mode then Malawarebytes) doesn't work.

I followed the instructions on the READ & RUN ME FIRST post as best as I could and have the following to report:
(1) RogueKiller did not run
(2) Malawarebytes Malaware did not install (I already have this installed but downloaded an additional copy as per the instructions).
(3) TDSSKiller did not run
(4) HitmanPro ran and produced a log file (attached).
(5) MGtools ran a bit but reported a lot of errors in the pop up window and did not produce an MGlogs.zip file. I thought I had error message type 4 (as the pop up window reported being unable to find files). So I installed Microsoft .Net Framework and re-ran MGtools but no luck.

Original problem still exists.

Hopefully someone can help?
 

Answer:Continuing Malware Problems after READ & RUN ME FIRST

Hi there looks like you have a boot sector infection, is Hitman able to remove this?


Malware _____________________________________________________________________


Volume Boot Record (Sector 206848)
C:$VBR_206848


and these...


HKLM\SOFTWARE\Classes\AppID\secman.DLL\ (Babylon)
HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}\ (Babylon)
HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\ (Babylon)
HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}\ (Babylon)
HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1\ (Babylon)
HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager\ (Babylon)
HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}\ (Babylon)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\secman.DLL\ (Babylon)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}\ (Babylon)
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\ (Babylon)
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}\ (Babylon)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\ (Babylon)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}\ (Babylon)
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}\ (Babylon)


Also have it fix items on the "Repairs" tab please.

Let me know how it goes.
&nbs... Read more

21 more replies
Relevance 41%

and I still have a question. I have Vista on my laptop(please don't hurt me, I got the laptop I wanted at the price I wanted and it came with Vista). Is the Windows Defender inadequate? You said I should use only one malware tool, so should I forget about Defender and use something else like AVG or another one you mentioned? I'm looking for the free versions.
By the way, you are the anti-malware god!
Mike
 

Answer:i read your post on malware removal...

Hello, Gargoyle2009

1) Is the Windows Defender inadequate? There are far better anti-malware tools - such as SUPERAntiSpyware and Malwarebytes Anti-Malware.

2) You said I should use only one malware tool... <--- Not completely accurate. See our guide

How to Protect yourself from malware! - What do we recommend ?

dr.m
 

1 more replies
Relevance 41%

Hi, I've been having a problem with iexplore.exe running and playing audio ads in the background. I started to follow the read and run me first thread, but after running the program to disable cd emulation when my computer restarted it now crashes to Bsod after the user log in. This happens with both normal and safe mode.

The error code is 0x0000007e (0xc0000005, 0xe2084430, 0xb4c07c70, 0xb4c0796c)

Any help would be appretiated.
 

Answer:BSOD after following read and run malware thread

Hmm, how long does Windows stay up before crashing?
 

49 more replies
Relevance 41%

The Problem:

I have been experiencing logins that have taken up to 10 minutes before I can bring up a FireFox browser and even with that, the FireFox browser takes way too much time before it starts. In addition, I run AVG Antivirus (Free Version) that takes 7 hours to complete. My computer is basically slow and my C: drive is constantly "chattering". I was thinking it may have something to do with MalWare that none of my other scanning programs (Spybot, etc.) isn't finding. A Google search brought me to your website.

While going through the Read and Run Me list which suggests that I defrag my disk using one of the defragmentors other than the default Windows Defrag, I notice that the analysis defrag screen looked like "Red Dawn" and after it defraged my C: drive, it eliminated 100% of the fragmented files. EXCELLENT product. I think that may fix the problem with my AVG scans.

Secondly, the only problem I've had during the entire Read and Run Me was that I could not delete Red Swoosh EDN program, which you listed that should be removed with the Add & Remove program. When I click on uninstall, the Remove program would freeze up. I had to open Task Manager to cancel the program before I could get control again. Considering that Red Swoosh could cause problems, I would like some help getting the program deleted.

I have completed all the steps suggested and ran all the malware scans and have created logs for you to view. ... Read more

Answer:Malware Read & Run Me Complete and Ready for Help

You are clean as far as malware is concerned. And the answer to your question is no, you do not have to let SAS be a startup program.

The reason for your slowness is this:




Total Physical Memory 256.00 MB
Available Physical Memory 34.55 MBClick to expand...

We can do a little cleaning by doing the below:
Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
18 - Protocol: bw+0 - {311B0FE7-B118-487A-A5E6-F2ADE276546F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {311B0FE7-B118-487A-A5E6-F2ADE276546F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {311B0FE7-B118-487A-A5E6-F2ADE276546F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {311B0FE7-B118-487A-A5E6-F2ADE276546F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {311B0FE7-B118-487A-A5E6-F2AD... Read more

3 more replies
Relevance 40.59%

First of all, I am pretty certain that I have malware...my main problem is that I have the blue default background saying "Warning: Spware Has infected your PC..."

I am running into obstacle after obstacle trying to perform the read & run first instructions. I first uninstalled all the listed malware programs and then tried to install the latest Java (in safe mode) and I got a message saying "The system administrator has set polices to prevent this installation". I then finished the rest of step 1 "house cleaning and setup" with no problems. I also had no problems in step 2.

I then went to step 3 "Windows XP cleaning" and had no problems downloading the tools to a thumb drive from my laptop. I then started my PC in safe mode and tried to run SAS and kept getting an error message saying "SUPERAntiSPyware Application has encountered a problem and needs to close".

I then tried to install Spybot - Search & Destroy, but when I clicked install, I got a file download error "Error sending request. The server name or address could not be resolved." Of course, at this point, I was pretty dismayed but kept pushing forward with the "Windows XP cleaning" instructions.

Well, I then went to try to install Malwarebytes Anti-Malware and it got hung up and never fully installed. This is when I decided to finally give up. So where do I go from here? Please help.


Here are my main ques... Read more

Answer:Problems with Malware Removal Guide Read & Run First

Hello, YOYOADRIAN

These instructions should help.

First:
Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.
Scroll down to ?Non-plug and Play Drivers? and click the plus icon to open those drivers.
Then search for TDSSserv.sys
Let me know if you find this or not.
If you do find it, right click on it, and select Disable. Do not try to uninstall it.
Also if this is found and you disable it, then reboot and see if you can run the other scans that would not run.

Secondly:
Important Notice: A new version of SUPERAntiSpyware is out that should help with this problem from Vundo.

Please uninstall your current version (this is necessary).
Then download this SUPERAntiSpyware
Install this new version. It may tell you that you need to reboot to complete the installation. You must reboot at this time.
After the reboot, run SUPERAntiSpyware and immediately click the Check for Updates button to get more updates for the database.
Now run a new full scan of your system. And attach this first log later.
Since this infection has been reappearing after a reboot, you will have to reboot again and then run an additional scan to make sure it comes back clean. Attach this second log too.

*If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run the steps in safe boot mode but make sure you tell us what you did later when you post logs.

Links are given in ... Read more

1 more replies
Relevance 40.59%

Welcome to Tech Support Forum

Virus/Trojan/Spyware Removal Help (formerly Hijackthis Log Help)

* DO NOT FIX ANY ENTRIES OR DELETE ANY FILES YOURSELF. Do not run any specialized tools that you see being used in other threads without direct supervision from one of our trained analysts. Be advised that running any specialized tools not listed in this topic, on your own, is done solely at your own risk * It is also this forum's policy that we only address users with a legal copy of Windows. If during the course of a fix it is determined that the copy is not legal, we must stop the cleansing process.

=============================

How Soon Can I Expect Help?

=============================


Please be considerate of the fact that the people helping you are all volunteers, and in many cases usually have a job, and a limited amount of time to help, and therefore can only do so much. Also please note that there are many more people in need of assistance than there are trained staff members who may assist. Patience for this free assistance is required. If there is an immediate need, please take the machine to a local technician.

If no one has replied to your thread within 72hrs after you posted, please reply in your thread with the words "BUMP, please" to move it forward. Do NOT bump the thread unless 72 hours has passed. We try to work from oldest to newest posts so your wait will... Read more

Answer:NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

Why we don't ask you to run ComboFix from the onset

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

We first need to verify if there's any rootkits present and how they could affect our tools. DDS & GMER are preliminary scans. We use their logs to map our strategy for attack.

With these logs we can determine the infections present & decide whether to deploy ComboFix.

2 more replies
Relevance 40.59%

My friend heavily infected his computer with malware and asked me, the most tech savvy person he knows, to help fix it. Now I don't know too much about malware removal, but I ran the guide in the read and run me first. When I first got the laptop, there were some pop - ups and this fake notification in the system tray about spyware. From what I can tell, the pop ups are gone but the notification still sits in the system tray and pops up every once in a while, even in safe mode. Any help would be appreciated.
 

Answer:malware infected laptop - followed read me guide

Here are the other logs. Counterspy and the online scans were run in normal mode since the resolution in safe mode wasn't able to fit the programs.
 

9 more replies
Relevance 40.59%

While using the Google Chrome internet browser, moments ago, the page I was attempting to open turned bright red and was overtaken by what appears to be a Security Essentials message. There are various smaller windows with messages telling me that my personal logins and bank information was targeted so I need to freeze my accounts and contact 1(888) 944-5964 for the urgent help needed.

Because I have had a Security Essentials message in the recent past that turned out to be nothing, I am not panicking. Last time, I did call the phone number but found that it was just a company trying to get me to pay for their clean-up services. I declined their services and, instead, went to the Major Geeks Malware Removal Guide and had an expert confirm that all was well.

Consequently, I think it is possible this alert (although it has a much more elaborate screen presentation) may also be a fake so I am back again to follow the removal protocol. I am now at the prep-step of using the CCleaner, but the supposed Security Update will not allow me to close the Google Chrome window. It just makes a dinging sound. Should I tell the CCleaner to force it to shut down?

Thanks, in advance, for any guidance that can be provided. I would like to get through the protocol ASAP in case the alert is valid!
 

Answer:Question About Following Read & Run Me First Malware Removal Guide

I am sure it is a fake alert. Go ahead and force the closure then do the requested scans and we will look at your system.
 

2 more replies
Relevance 40.59%

This morning, my wife's Yahoo email account was hacked, and someone tried sending a bogus "I was mugged, please wire money" message to everyone in her contacts list. I figured it was a spoof, but when we got the PW changed, there were two messages in her Sent box, including the original and a secondary response to a skeptical friend who had written back. To be safe, I had her shut the computer down for the rest of the day until I could get home and try running the READ ME.

Until that point, the computer (a Dell Vostro laptop running XP SP3) appeared to be running fine, with all Windows security updates and standard, up to date protection via AVG Free, Spyware Blaster, Spybot S&D, Windows Firewall. I was paranoid about doing anything before going through the READ ME steps, but did keep the wireless connection on to catch the SAS and other necessary updates prior to running and did not notice any slow response throughout the process.

Several items were picked up - a few related to a Coupon printing program and a few other things I did not recognize. After completing the READ ME steps, the things (especially Internet-related) seem to be locking up - I was unable to update Spyware Blaster, Gmail was taking forever to load and that made me worry even more. Logs are attached.
 

Answer:Possible Malware, READ ME seemed to make things worse

MG logs zip attached.
 

4 more replies
Relevance 40.59%

I am infected with Adware.Fotomoto according to Spyware Doctor, and I can only be on the internet so long before it kicks me off, so please help.

====================================
 

Answer:Malware destroying my Comp, followed read-me, HJT Included

Welcome to Major Geeks!

Please uninstall HJT as it will be properly installed when you do the following:

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide
 

8 more replies
Relevance 40.59%

I have pop ups on my computer and strange activity taking place, after removing a couple of detected viruses, the problem persists.

Attached are the files that I was asked to collect. Please see the notes below, as this may help you solver the problem.

1. I was unable to connect to the internet in safe mode, so I had to run BitDefender and Panda Active scan in normal mode.

2. Here are some of the domains of the pop ups that are coming up
- url dot cpvfeed dot com
- pcsecurityshield dot com
- contentpurity dot com

3. I'm pretty sure this malware came from a space screensaver that I dowloaded.

Ok that's all I have for you, attached are the first three files, and in my next post are the following three. Your help will be much appreciated as this has taken all weekend to go through!
 

Answer:Read Malware Guide, now I need your help (files included)

Here are the other three files.
 

14 more replies
Relevance 40.59%

Hi,
I was hit with a trojan virus. First of all, MajorGeeks.com had come through for me in the past so I decided to use it again this time. Thank you. Now, I followed the steps to clean a Windows XP machine. Initially, I wasnt not able to run malwarebyte's mbam.exe. During the installation, mbam.exe kept getting deleted (I suppose the trojan was at work with this). But I continued with the steps. Then I came back and reinstalled/ran mbam.exe. It worked this time. Overall, the steps did a great job, I think. The symptoms of the trojan disappeared. However, it doesn't mean that my computer was fixed. Can you please tell me if I am truly cured? Thanks!
P.S. If you need the MGlogs.zip file, please let me know.

Here are my logs:

This HijackThis log was made after running through the steps.

Logfile of HijackThis v1.99.1
Scan saved at 7:14:38 PM, on 10/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)

Edit by chaslang: Inline HJT, ComboFix, SAS, MBAM, and RR logs removed. READ & RUN ME FIRST. Malware Removal Guide sticky not properly followed or completed.
 

Answer:Tojan hit and followed the Malware Removal Read and Run Me First. Am I clean now?

Re: Tojan hit and followed the Malware Removal Read and Run Me First. Am I clean now

Welcome to Major Geeks!

You need to follow ALL of the instructions in our cleaning procedure all the way thru to running MGtools and attaching logs. We do not ask for or want a HijackThis log especially from a 3 year out of date version of the program. You did not update Malwarebytes as requested and were more then 225 database version out of date

Also you MUST attach logs. Inline logs are deleted!!!



Please read ALL of this message including the notes before doing anything.

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide



and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.
After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:
If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the probl... Read more

1 more replies
Relevance 40.59%

Blue H1 laptop
1 GB RAM
60 GB Hard disk
VIA C7-M 1000Mhz Processor
Windows Xp version 2002 Home edition
Service pack 3

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:52:28 AM, on 7/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\s3graphics\chrome3\S3Funkey.exe
C:\Program Files\s3graphics\chrome3\Chrome3.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\BisonCam\BisonMnt.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\SilentSoftech.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.co... Read more

Answer:Pls help me in malware removal...read my laptop Description and HJT

9 more replies
Relevance 40.59%

HELLO. I NEED TO GET HELP WITH PC ISSUES. ATTACHED ARE ALL THE LOGS THAT WERE SPECIFIED IN THE INSTRUCTIONS. I DO HAVE ACCESS TO A BOOT DISK/INSTALL DISK FOR MY SYSTEM. PLEASE HELP!!!!



DDS (Ver_10-03-17.01) - NTFSx86
Run by jason.bartram at 8:17:30.33 on Thu 03/25/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1551 [GMT -4:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\jason.bartram\Local Settings\Temporary Internet Files\Content.IE5\7KAKFFY0\dds[1].pif

============== Pseudo HJT Report ===============

uSearch Bar =
uStart Page = hxxp://google.com/
BHO: Adobe PDF Reader Li... Read more

Answer:HELP! RE:NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help (HELP)

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I see no sign of infection in your logs. What issues are you experiencing?

------------------------------------------------------

4 more replies
Relevance 40.59%

I have run through all the steps in the run me first and have still seen the browser looking for v1.adawarefeed.com when I use a search engine. I have attached the logs from everything that I ran.

Thanks in advance for all the help that can be given.
 

Answer:malware v1.adawarefeed.com still shows after performing Read & Run Me First

Let's just do this:

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
[ If it is not on your Desktop, the below will not work.
* Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
* If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
* Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::

File::
C:\WINDOWS\system32\besideko
C:\Program Files\Mozilla Firefox\extensions\{2B49E145-15A1-44DA-8BB0-BA061E0C2998}
C:\Program Files\Mozilla Firefox\extensions\{2EB0648F-6D21-4892-86FE-B1F9201F1AA4}
C:\Program Files\Mozilla Firefox\extensions\{31BB9CAA-7B36-475A-B45F-7AA15BD2A642}
C:\Program Files\Mozilla Firefox\extensions\{46397A2C-5930-42A0-AFF2-1414B9FD9C7F}
C:\Program Files\Mozilla Firefox\extensions\{584A710E-79D9-4026-9858-10F6A0D480CD}
C:\Program Files\Mozilla Firefox\extensions\{68DC3F85-1B99-490A-A7E3-BB076D58B54E}
C:\Program Files\Mozilla Firefox\extensions\{B664DE4A-1BFE-4DDE-AD2F-38AF96709932}
C:\Program Files\Mozilla Firefox\extensions\{BDC6B2C5-3FA8-46C7-85D8-70117DE79003}
C:\Program Files\Mozilla Firefox\extensions\{BF97209F-3480-40CD-81AB-BCD11A430D15}
C:\Program Files\Mozilla Firefox\extensions\{C5569AC1-C4CF-4261-804F-A8455AE3ACDC}... Read more

5 more replies
Relevance 40.59%

Hello,

I have followed the ReadMe guide on this site and have ran GooRedfix. I have been noticing redirecting toward infomash.com and other sites.
Here is my log:



Any suggestions? Thanks in advance for your help!
 

Answer:Gooredfix.txt file (after following read me malware guide)

Lpearson42 said:





Hello,

I have followed the ReadMe guide on this site and have ran GooRedfix.Click to expand...

Not part of the Read and Run first instructions. You need to attach the requested logs:
SAS
MBAM
ComboFix.
C:\MGLogs.zip
 

1 more replies
Relevance 40.59%

We could not find a solution in my last attempt.  I may not have been clear that this is malware that is causing this problem of no boot.
 
I am running windows 7 64
I have a highly infected machine that has caused my system to not boot -- boot into safe mode -- or boot into repair itself. 
I do have a repair disk and can get into cmd. 
I have attempted to rebuild and fix in cmd and the malware has somehow hidden the files completely or the Linux dual boot I put on it to attempt to fix the no boot is hiding it.
 
Either way it is above my head and I need help please.
 
I have run frst and obtained the log. 
Is there somebody who could take a look at it and give me some help with it.
I am not able to read it and could make things worse if I go rooting around lol
 
I have seen a couple forums where this has been done but because it contains personalized fixes I can not attempt it by myself.
 
Thanks

Answer:Need someone who can read my logs and help fix malware causing no boot

I'll report this topic to appropriate helpers.
1. Please let us know what Windows version you have and if it's 32- or 64-bit.
2. Is the computer bootable in any mode?
Hold on there....

more replies
Relevance 40.59%

I have extreme amounts of malware and spyware on my computer (since yesterday) I ran ad-aware, spybot and cwshedder. Could anyone please read my log and tell me what to delete further? This is an on-going probem, it continues to return. TIA

Logfile of HijackThis v1.97.7
Scan saved at 12:09:49 PM, on 28/07/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTSvcCDA.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\crpc.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\PROGRA~1\NORTON~3\navapw32.exe
C:\PROGRA~1\DATACA~1\FLashKsk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\java\trustlib\taskjava.exe
C:\WINDOWS\crtn.exe
C:\WINDOWS\System32\nv4mgmts.exe
C:\WINDOWS\System32\dmaeng.exe
C:\Documents and Settings\Kathy\Application Data\psao.exe
C:\WINDOWS\System32\ubs.exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Winamp\win... Read more

More replies
Relevance 40.59%

Hello I am new to the forum.
My daughter downloaded what she claimed was an active-X add-on that ended up putting about 8 different virus/spyware/malware on my computer including cycberlog-x, worm_nucrp??, icthis.exe etc.
Following some of the reccomendations on this site and utilizing some of the online scans I was able to find and kill all of them but I have one lingering problem. One of those programs seems to have shut down all my access to the control panel, internet options and the security center. The link to the control panel is completely gone from my start/settings table. I had placed shortcuts to the control panel, securtiy center and internet options on my desktop but now when I click them I get the following error "This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator"
It's like the malware has setup some kind of network and locked me out.
I went to the MSN help site and it told me to login as the administrator and click Start, Run, and then enter gpsedit.msc. When I did that that i get a "file not found" error.:cry
I know I can load programs because I was able to load Hijackthis, Spyware Doctor and a couple others but I can't uninstall anything.
Does anyone have any idea how to fix this?
Thanks in advance,
Marc
 

Answer:Tried to run the READ & RUN ME FIRST. Malware Removal Guide/ can't even do 1st step.

Re: Tried to run the READ & RUN ME FIRST. Malware Removal Guide/ can't even do 1st st

OK I was actually able to find a way to do everything but the "Add or Remove" programs.
Still have the same issue.
 

11 more replies
Relevance 40.59%

I believe I still have root kit or something else. I can't connect to wireless and If it helps the big problems began when I downloaded a media codecs file and AVG from CNET website. Neither file worked at all and C:\$AVG file keeps returning no matter how many times I delete it. Also After I downloaded AVG and was trying to run it my comodo firewall went nuts and was allowing everything. And I keep blue screening when I start sorting through files.

I followed the instructions to, "The NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help" And here are the Logs...



.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 19:53:39 on 2011-06-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1007.493 [GMT -6:00]
.
FW: COMODO Firewall *Disabled*
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report =============== ... Read more

Answer:RE:NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

Hi,

Please do the following:
Please download aswMBR.exe and save it to your desktop.
Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

2 more replies
Relevance 40.59%

Hello again MGs! Working on a friend's computer today. It's a Dell XPSP3. Having some real problems getting through the run & read me. This person decided they would try to "fix" the problem themselves before they called me and (needless to say) made things worse I presume.

I cannot install the latest Java - It returns the error: "ERROR 25099: Unzipping core files failed". I tried installing it several times again after some progress was made, but it still fails.

A while back I installed Online Armor on this system (because these folks need a computer babysitter - I clean their system at least once or twice a year!!). It appears as though OA is no longer functioning - I tried removing via add/remove with no luck. It is still running something in the background because on start-up you get an error from OA saying it is unable to start services. I want to get OA off this system and replace it with something more streamlined, like Comodo.

Initially unable to install SAS - returned the error: "Install Error: Error starting services, aborting installation". I tried the portable version with no luck.

Then just for fun tried running MB. It, and most anything else I tried to run returned an error: "Windows cannot access the specified file...you may not have the appropriate permissions..."

So, then I went to Safe mode. Was able to install and scan with SAS - it had 13 hits, but it left no log. Then, I was a... Read more

Answer:assorted malware & trouble completing Run & Read...

I am not seeing a lot of malware in your logs. Let's do this and see where we end up:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exeClick to expand...

After clicking Fix, exit HJT.

Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.




REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Ru... Read more

21 more replies
Relevance 40.59%

I ran all the malware removal steps and everything went well. I am attaching logs. I also have MGlogs.zip on my hard drive will you guys need this? Thanks for the help its worked well. Everything went in the order the directions said.
 

Answer:I ran all steps from READ & RUN ME FIRST. Malware Removal Guide

Sending the MGlogs.zip file
 

2 more replies
Relevance 40.59%

Hi I was following "READ & RUN ME FIRST. Malware Removal Guide"
Completed till "... locate the DisableUAC.reg file in the C:\MGtools folder and double click on it."
When double clicked Spybot ? Search & Destroy poped and scaned "DisableUAC.reg" said nothing found and asked to close.
How do I go about now.
 

Answer:Help Needed with READ & RUN ME FIRST. Malware Removal Guide

XP-96943172.EXE hoping somebody would notice and help

Unable to log into safe mode when tried to do so i was asked to Press Esc to to stop loading of Sptd.sys watever i do system reboots.
Scaned with Malwarebytes there were 67 instances of malware removed them but still could not log into Safe mode.
Found the following in Startup of MsConfig
Startup Item-----Command ---------------------------------------Location
XP-96943172 ----C:\windows\system32\XP-96943172.EXE----SOFTWARE\Microsoft\Windows\CurrentVersion\Run
iiiiii --------------- C:\windows\system32\XP-969~1.EXE -------SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Unchecked them but when ever i reboot i find them checked.
Searched the Net and found its 278.EXE Trojan/malware....
There is another Thread of mine here
" Help Needed with READ & RUN ME FIRST. Malware Removal Guide " in Forum: Malware Removal
I am struck at the Step 3 don't know how to go about, hoping somebody would notice and help
I know i cant post a new thread but I am desperate :cry please help me
 

21 more replies
Relevance 40.59%

My friend heavily infected his computer with malware and asked me, the most tech savvy person he knows, to help fix it. Now I don't know too much about malware removal, but I ran the guide in the read and run me first. When I first got the laptop, there were some pop - ups and this fake notification in the system tray about spyware. From what I can tell, the pop ups are gone but the notification still sits in the system tray and pops up every once in a while, even in safe mode. Any help would be appreciated.

Answer:malware infected laptop - followed read me guide

Hello and Welcome to TSF.
I'm nasdaq

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

We want all our members to perform the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post the logs in your next reply for my review. It's the only way I can suggest sound advice.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

2 more replies
Relevance 40.59%

I've searched and downloaded for days trying to rid myself of countless problems my computer seems to be encountering, but with little success.
I've run or installed Ad-aware, SpyBot, SpywareBlaster, the BitDefender online virus scan, McAfee Stinger antivirus, Microsoft's Antispyware tool (which no longer works, for some reason), CCleaner, aboutbuster5, kill2me, cwshredder, the Zone Alarm Firewall, and several other programs which ultimately either failed to work, screwed up my computer further, or would not install in the first place.

I have recently been getting the infamous blue screen of death after logging on for a few seconds, though only sometimes.
Random freezing has been a problem for as long as I can remember. Normally when using explorer or switching between programs.
Explorer also closes down randomly when I try to access Control Panel.
Windows Update will not work, and the XP Service Pack 2 will not install. I have also had difficulties installing the latest version of DirectX 9.
I'm almost postive a number of malware programs still exist despite my best efforts.
There are four accounts on this computer, one for each member of our family. Some seem more stable than others. I've fiddled around in all of them.

Now, I am tired and defeated.
I downloaded HJT, closing the browsers and programs that I could, saved the log, then used the KRC log analyzer as recommended. I am a high school student who desperately needs a functioning computer for schoolwork, ... Read more

Answer:Crashing, Malware, Update malfunctions - Please read my HJT log and help me.

It occured to me that the above log was taken while I was running in Safe Mode.
I do not know if that would cause anything to act differently, but to be safe, I restarted in normal mode and took another log.
I will post it here.

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 4:23:51 PM, on 09/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM32\ati2sgag.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\System32\javascript.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\System32\jjxgz.exe
C:\WINDOWS\System32\msnzx.exe
C:\WINDOWS\surfmonkey\smproxy.exe
C:\Program Files\Common Files\services.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/mor...on/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar... Read more

19 more replies
Relevance 40.18%

I have had several issues with malware and viruses Trojan.General and Trojan.Virtumonde.  I was unable to open my system restore, had popups, unable to download or run malwarebytes, etc.  I ran combo fix, and my system restore has come back, however, I still have popups and unwanted processes running.  Here is my Combo Fix Log.  Any help would be appreciated!!  Thank you muchly in advance!ComboFix 10-03-14.01 - Michelle 03/14/2010  14:49:25.2.2 - x86Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2038.1525 [GMT -4:00]Running from: c:\documents and settings\Michelle\Desktop\ComboFix.exeAV: a-squared Anti-Malware *On-access scanning enabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}.(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\bezuyiza.dllc:\windows\system32\fogiguzu.dllc:\windows\Tasks\krynixfk.job.(((((((((((((((((((((((((   Files Created from 2010-02-14 to 2010-03-14  ))))))))))))))))))))))))))))))).2010-03-14 18:11 . 2010-03-14 18:11   --------   d-----w-   C:\VundoFix Backups2010-03-14 17:51 . 2010-03-14 18:10   --------   d-----w-   c:\program files\a-squared Anti-Malware2010-03-14 17:37 . 2010-03-14 17:37 &... Read more

Answer:Help! Trojan and Malware issues, Need ComboFix logs read!

ComboFix logs should not be run without the guidance of a helper. It is a powerful tool and is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private or regular use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please download Malwarebytes Anti-Malware from Malwarebytes.org.Alternate link: BleepingComputer.com.(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)Double Click mbam-setup.exe to install the application.(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)Please save the log to a location you will remember.The log is auto... Read more

12 more replies
Relevance 40.18%

Read the thread but already ran scans on AVG, Malawarebytes, and Super anti spyware, and CCleaner before coming to Computer Hope..I have a used computer from sister in law, When you turn it on , It asked for a reentry of the Windows 7 Product Key... I chose ask later.. and got to the desktop..I went on internet to update all the above software(programs).Scanned for each one.. making sure I am off the internet , and only one program running at a time..either by disabling them or exiting them.There were so many threats, viruses, spyware. malaware, that I feel that the Windows 7 Product key may be a virus ect..11 on AVG.. 18 on Malaware, and 1130 last night on Super anti spyware, and 1180 on Super anti spyware after updating this morning.. I am trying to get all of her info, documents. pictures ect off and put on CDs. Will have to mail them to her.I want to get the computer clean for my husband. I did put him on as a administrator, so I can remove her when I get all of her files off..Is ghost a good program or just use alot of CDs..there are hundreds of important documents and pictures ect. Any suggestions for what I should do?

Answer:told to come to READ BEFORE REQUESTING HELP WITH MALWARE REMOVAL .BUT TOO LATE

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. *************************************************************************Please download AdwCleaner by Xplode onto your Desktop.Double click on AdwCleaner.exe to run the tool.Click on Search.A l... Read more

9 more replies
Relevance 40.18%

Hello!
I'm having issues opening Google Chrome. A couple days ago, I was using Photoshop and my whole system was being piggish. I opened up Task Manager to see which processes were sucking the most out my CPU and RAM. Chrome was near the top for RAM usage (even though I had already closed all of my Chrome windows) so I ended the process. Since then, when I click on my Start bar Chrome shortcut, the typical highlight shows up on the icon, stays there for a few seconds, and fades without any Chrome windows ever opening. In addition, there is no indication in Task Manager that chrome.exe has begun. Before finding your tutorial, I had tried reinstalling Chrome and rebooting and experienced the same results. I also saw one warning from my anti-virus software (Webroot SecureAnywhere v8.0.4.46) around the time that this started about what I believe was a Firefox plug-in. I dismissed it because of this assumption I made.
I've run the READ & RUN ME FIRST malware removal process and have attached my logs. Let me know what you find and if you can help. I'm happy to provide any further needed information. Thank you so much!
 

Answer:Chrome won't open, one malware warning (Finished READ & RUN ME FIRST)

Hi there and welcome.

Are you deliberately set up to use a proxy?
 

7 more replies
Relevance 40.18%

HELP! I was following your steps for malware removal (I was trying to get rid of Shield Deluxe 2008 on my Toshiba laptop running Windows XP) I got as far as running the first recommended scan program (Super Anti Spyware) and had a crash. I tried to restart but no start, no screen, no power...nothing. I retraced my steps and I think I failed to start this whole process in Safe Mode. Please help me out if you can...I have a few important things not backed up! I feel like such an idiot...

Thanks!
 

Answer:READ ME FIRST Malware Removal - computer shut down and won't turn on

No power? Nothing turns on such as fans? Is this a laptop or a desktop? You have few choices if absolutely nothing happens. Do you have your OS CD?
 

3 more replies
Relevance 40.18%

Original problems before following the removal guide
1. bprotector
2. Ngnix (chrome, IE)
3. Yontoo
4. Babylon (Chrome, IE)

i also had firefox but removed before running the steps.

Please see the logs attached.

After running the steps:
1. bprotector - STILL AN ISSUE
2. Ngnix (chrome, IE) - Resolved
3. Yontoo - STILL AN ISSUE
4. Babylon (Chrome, IE) - seems to be Resolved

Note: bprotector also spread to my external hard disk.
 

Answer:LOGS - after completing the READ & RUN ME FIRST Malware removal guide

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




O4 - HKCU\..\Run: [MSIDLL] C:\Windows\SysWOW64\rundll32.exe msihez32.dll,pvnWkKAGtClick to expand...

After clicking Fix, exit HJT.

Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.




REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSIDLL"=-

[HKEY_USERS\S-1-5-21-3441783611-3546664065-2954317798-1000\Software\Microsoft\Windows\CurrentVersion\run]
"MSIDLL"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Expl... Read more

9 more replies
Relevance 40.18%

I have a laptop that is having various issues. It started out when my browser was hijacked and continued on to not being able to get on the internet at all and to not being able to update any programs....virus/spyware or other wise.

Many times these programs would run and then error out with Dr. Watson errors when trying to delete any found issues.

After various iterations of Safe Mode/Regular Mode, I finally got some of the programs to run. The one thing that I must do to get to the Windows GUI is to start explorer via Task Manager after every reboot. Sometimes, I must start explorer more than once before the GUI shows up.

1. SUPERAntiSpyware - ran ok. Log attached
2. Spybot S&D - never could install the latest version. Ran an older version and finally got it to update the definitions. Log attached.
3. Malwarebytes Anti-Malware - Scans ok, but fails when trying to remove found issues.
4. ComboFix - ran ok, rebooted the machine and hung. I killed the ComboFix window and started the GUI. Then I saw the ComboFix window flash by. There is no c:\combofix.txt , but did find one in C:\cf\combofix.txt that gives a warning about not having the Recovery Console installed. Log attached.
5.
 

Answer:Issues with various parts of READ & RUN ME FIRST. Malware Removal Guide

Last log file.
 

16 more replies
Relevance 40.18%

A couple of days ago I was searching a torrent site and got attacked by about 8 Trojans in the space of a couple of minutes AVG picked all of these up and quarrantined them, but ever since I have not been able to run any antivirus software, AVG opens but will not let me scan, Spybot won`t open at all ( I get an error message saying " windows cannot access the specified device,path or file, you may not have the appropriate permissions to access the item and it was the same story with a few other antivirus/spyware programs ( malwarebytes anti-malware, Avast ) I have run the Read Me, Run Me First malware removal guide and when I ran superantispyware it removed 4 trojans and 2 rootkits and then rebooted my system, at which point I got the same error message as before, preventing me from getting a log for the scan. Tried downloading Malwarebytes anti - malware running it again and had the same issue as before, it installed fine, started running and then quit a few seconds later. So after running the read me run me procedure I have the RootRepeal log, the combofix log and the MGtools log. Hopefully you guys can help because I am stumped!!!
 

Answer:Have run the Read Me, Run Me First Malware Removal Guide and I stll have problems

Re: Have run the Read Me, Run Me First Malware Removal Guide and I stll have problem

Welcome to Major Geeks!


Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)

After clicking Fix, exit HJT.



Now we need to use ComboFix

Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.

Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
Open Notepad and copy/paste the text in the below quote box into it:


... Read more

9 more replies
Relevance 40.18%

After stupidly leaving my Firewall down, I got hacked and someone uploaded 13 gigs off my PC this morning.

Can anybody see anything suspicious on the following HJK Log thanks?

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\SYSTEM32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\SYSTEM32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\brsvc01a.exe
C:\Windows\system32\brss01a.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgrssvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
... Read more

Answer:Calling all Malware Experts do read my Hiack file

Hi it seems that there are some illegitimite processes running onn your system used to steal your information. However I am not able to help you with hjt logs since I am not qualified to so so. I suggest that you politely pm one of the moderators and ask them to move your thread to the malware removal froum where the security experts there can help solve your problem. (btw pls turn on your firewall you are prone to being attacked)

Hope this helps
Gerchan
 

1 more replies
Relevance 40.18%

Hi there.

This is my first ever post so bear with me if I get things wrong.

The problem is on my daughter?s laptop. It started back in May with the XP Defender virus, the Google results hijack virus and possibly more (all at the same time). It seems that AVG had also been attacked and whilst it was disabled she suffered multiple infections.

By following your Malware removal instructions, I had managed to get to a state where just the Google hijack seemed to remain. However, she suffered a further attack which, amongst other things, stopped the DHCP client from auto-starting and is overriding the Windows theme, mouse pointer, etc.

Current state is that after re-running the programs as advised in your Cleaning XP procedure, DHCP starts OK, Windows theme is still compromised, and other tasks that should run at startup (see list below) aren?t. MSCONFIG is in the correct state and I?m sure that some scanning software that I?ve run during the last few weeks has flagged the associated startup registry items as having missing code (even though all the programs exist). Affected startup items are:-

c:\program files\Apoint\Apoint .exe
c:\program files\Belkin\F5D9010\Belkinwcui .exe
c:\program files\CheckPoint\ZAForceField\ForceField .exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier .exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\QuickTim... Read more

Answer:MALWARE - Problems remain after following the READ & RUN ME guide. Help requested.

Re: MALWARE - Problems remain after following the READ & RUN ME guide. Help requested

Welcome to MajorGeeks, 35Ken.

I am currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Our queue is working the oldest threads first.

Thanks for your patience.
dr.m
 

8 more replies
Relevance 39.77%

my computer got infected with some malware so I did all the steps on READ AND RUN ME FIRST post to remove them and after doing all the scans my computer was fine. However, my Microsoft Outlook wont open it is trying to down load then it says "Error 1402 Setup cannot open the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet.....verify that you have sufficient permissions to access the registry....". Why is this happening did I delete something I shouldn't have. Can you please help me with this. thx.
 

Answer:Cant open Microsoft Outlook after doing READ AND RUN ME 1ST for malware removal scans

Re: Cant open Microsoft Outlook after doing READ AND RUN ME 1ST for malware removal s

We cannot help you if you do not attach all of the requested logs from running the READ & RUN ME.

However it does not sound like a malware problem. You should start looking at the below:

http://support.microsoft.com/kb/838687

http://support.microsoft.com/kb/236427
 

1 more replies
Relevance 39.77%

HELP! Really need some assistance on what to do now....
Steps I can follow?
Phone number or other website for help?
Nothing?...computer poopoo now?

Thanks!!
 

Answer:Malware Removal result = disk read error, cant get into system

I handled it.
 

2 more replies