Computer Support Forum

HELP-Requested Malware Removal (Infector.Gen2 / Malware Pacger Gen)

Question: HELP-Requested Malware Removal (Infector.Gen2 / Malware Pacger Gen)

I was surfing the web today and I believe I clicked on a pop up by mistake when I shouldn't have. Avira then blew up with Malware alerts and I knew I had a problem...

I did a virus scan and it removed the detections found but when I did a restart they were back again. Also, the virus seems to move itself around to other .exe files. I found it had infected moviemaker.exe so I manually deleted the file as I don't need it but as soon as I emptied my recycle bin the moviemaker.exe file returned back to its original folder.

I'm afraid something really nasty has infected me. Avira is detecting it as a W32/Infector.Gen2 and Maleware Bytes is detecting 2 Malware.Packer.Gen files.

I went through the Read Me First steps on this site and preformed everything it asked. However, I was unable to uninstall my previous JAVA (ver 19) and was not able to install the newest version of JAVA. Both gave me errors that the installation program wasn't working.

I'm attaching the logs here. Can anyone help me get rid of whatever is infecting my machine? I would really appreciate the help!

Relevance 100%
Preferred Solution: HELP-Requested Malware Removal (Infector.Gen2 / Malware Pacger Gen)

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: HELP-Requested Malware Removal (Infector.Gen2 / Malware Pacger Gen)

Here is the 5th log.

6 more replies
Relevance 86.71%

Avira picked up on this problem last week and I have been searching for a fix since then. Almost every program I run causes the Avira warnings to go off with a Infector.Gen2 detected warning. Any help or suggestions would be fantastic. Thank you.
DDS (Ver_10-10-21.02) - NTFSx86
Run by Compaq_Administrator at 13:43:39.31 on 24/10/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1310 [GMT -6:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\vVX3000.exe
C:\Updater.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Hp\HP Software Upd... Read more

Answer:Detected W32/Infector.Gen2 Malware

Hello chdsgr12, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4
Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how. Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator) A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed. If nothing h... Read more

8 more replies
Relevance 86.71%

deleted wasnt supposed to post itI apologize for not reading the rules properly, here is my correct submission. It causes my browser to redirect to other websites and it is making me unable to use some programs, thank you for your help.DDS (Ver_10-10-31.01) - NTFSx86 Run by Craig at 23:12:14.92 on 31/10/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.209 [GMT -7:00]AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exesvchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\MagicTune Premium\MagicTuneEngine.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Program Files\Avira\AntiVir Desktop\avshadow.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files ... Read more

Answer:Detected W32/Infector.Gen2 Malware

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

2 more replies
Relevance 91.02%

I have completed all of the steps in your malware removal guide. I, also, followed the Special SpywareQuake & SpyFalcon Removal Procedure. I believe it?s that (type?) which got me.

At least one of the symptoms of its presence (an icon in my taskbar) is gone.

Attached are 3 of 6 files generated from the list. The other 3 files to follow immediately.

Thank you SO much
Joanie
 

Answer:Malware Removal help requested, please

Here are the other three files.

Thank you!!!
 

41 more replies
Relevance 91.02%

I was fortunate to find your website forum. I spent this weekend following your directions on "Read and Run Me First," and now have all 6 logs.

We have had problems with slow performance, unexplainable quirks, and some suspicious e-mail activity. Each successive program your procedure included seemed to locate additional problems. The last, on-line scanner (ActiveScan) found additional malware - some of which it did not delete. Please help.

-Grant
 

Answer:Malware removal help requested

Here are my remaining 3 log files. - Grant
 

2 more replies
Relevance 91.02%

I did my best to follow the instructions and I messed up. Here's what I did and how I fixed it to complete. I forgot to have HitmanPro ignore all it found and it deleted many things. Since the last time I did this, it caused weeks of software problems, I found a restore point from Midnight before I started the scans. Up until I ran Hitman, none of the scans detected anything. In theory, I was back to the same point as when I ran Hitman incorrectly. So, I ran it, and got the log. I then forgot to run the MGTools as Admin and aborted, then started it over. I hope that didn't mess things up too much.

Next time, I will print out all of the directions like I used to. Just can't remember all the details without the printouts.

Thanks in advance!
 

Answer:Malware Removal Help Requested

Rerun Hitman and have it delete all that it found. Then tell me what issues you are having.
 

9 more replies
Relevance 89.79%

Thank you for reading my post

My computer was infected by a number of different malicious virus, trojans, etc. I began to notice something was wrong when I was prompted with ballon notification "Your computer may be infected..etc..." originating from ared X notification in my task bar. Once I recognized something was wrong I tried to open access Task Manager via ctrl+alt+del (greyed out) and the run command (disabled by administrator). System restore was never enabled on my machine so I set out to remove the malicious code with the tools provided on this website. After running the software per the instructions it seems the majority of problems have been resolved. However, .jpg files on my machine don't display when going to websites or when pulling them up locally. I also receive threat detection prompts from AVG referencing the following file:

C:\WINDOWS\system32\drives\restore.sys
Threat Name: Trojan horse BackDoor.Generic10.ACET

When I attempt to heal I get "Some files cannot be healed" Specified file was not found. I can however move it to the vault.

Thanks for reading.
 

Answer:Malware Removal - Assistance Requested

You did not allow MGTools to run to completion. You need to agree to the HJT license and wait for it to tell you it is finished.

In the mean time, you need to use windows explorer to find and delete:
C:\lwoa.exe
C:\-1607637535
c:\windows\system32\drivers\5522d9fd.sys
c:\windows\system32\drivers\dff9d38c.sys
c:\windows\ms --> unless you know what this is!

Open notepad and copy and paste the following text in the quote box into the window:




sc stop 5522d9fd
sc stop dff9d38c
sc stop FCF
sc delete 5522d9fd
sc delete dff9d38c
sc delete FCFClick to expand...

Save this as fix.bat
Choose to save as all files.
Doubleclick fix.bat and let the program run.
A small black dos window will flash, this is normal.

Now re-run ComboFix.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Combo.
 

5 more replies
Relevance 89.79%

The initial symptoms were CPU hog and unwanted IE window redirections along with launching new windows with advertisements. I completed a scan with Malwarebytes and removed several trojans, but current scans reveal no issues. However, redirections and computer slowness is still an issue.Unable to create GMER log. The program runs for varying amounts of time and ultimately results in a fatal error and system reboot.DDS (Ver_10-03-17.01) - NTFSx86 Run by JHusemann at 14:15:58.93 on Tue 08/03/2010Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.757 [GMT -5:00]AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exesvchost.exesvchost.exeC:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\ActivIdentity\ActivClient\accoca.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Cisco ... Read more

Answer:Malware Removal Assistance Requested

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

14 more replies
Relevance 89.79%

My download speeds are great, accessing the internet is a whole different story, I can get to any site I want if I just wait a few minutes then wait another few minutes after i click on a link  . . files are posted and I would be so ever grateful for your assistance.

Answer:Malware Removal Support Requested

Hello and Welcome on board ,my Name is Machiavelli and I will assist you with your problem.If you booted into safe mode on your computer then print my instructions!I'm in the 'Malware Staff Team' and will provide you with advice:To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.Below are a few tips:Removing Malware is usually very difficult.We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!Please follow these instructionsIf you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!Please stay in contact with me until your problem is resolvedAs Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.Please don't run any other tools without consulting with me as this can complicate finding and removing all MalwareDon't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!Read my post completelyIf you don't do so, you may make mistakes that could result in your System crashing by your own ... Read more

2 more replies
Relevance 89.79%

Aloha,    I am looking to do a Malware removal on my XP desktop and have begun the early process laid down by evilfantasy. I am currently stumped on Step 2. After d/l CCleaner - Slim, I open d/l and select 'Run', after a quick delay, a window pops up. The window header reads, 'NSIS Error' with the body stating...'Installer integrity check has failed. Common causes include incomplete download and damaged media. Contact the installer's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_ErrorI have tried both links and both have the same return. I looked to contact Piriform's support center but they offered no link to start an account to ask the above question. I'm hoping that this issue is not unique and there is a solution to this to continue forward with the Malware removal process. Any help or guidance on this issue would be greatly appreciated. Thank you.

Answer:Malware Removal Help and Assistance Requested

Try downloading from here: http://www.filehippo.com/download_ccleaner/If still no joy, just proceed with the rest of the steps and a malware specialist will be along to help out.

14 more replies
Relevance 89.79%

I have reviewed the Read/Run Me First sticky and am attaching the files as requested. There are two malware bytes text files as I terminated the first one early as I realized that I did not have the latest version (2nd file is a result of the complete run).

I went through this exercise because as of this morning I get a fake firewall popup and when I open IE or Firefox I am immediately taken to a "Insecure Internet activity. threat of virus attack" screen.
 

Answer:Malware Removal Assistance Requested

Additional files.
 

4 more replies
Relevance 88.97%

Running Win7 64-bit Pro SP 1 w/ IE 9.

About 4 days ago I got hit with a version of the Windows Recovery virus/malware. I was able to repair/remove some of it (I don't get the popup on load trying to scan my PC anymore), but I am still having some issues:

- My Google search results are being hijacked, I see several redirects when clicking a result.
- Occasionally an IE window will open trying to get me to log into LinkedIn, Twitter, etc.
- Once I heard something playing but there was no visible window.
- Many of my application folders under Start -> All Programs are missing.

Initially I was infected through Firefox 7.01. The Google redirects were happening only in FF, even after going through this site's redirect fixes, so I deleted FF. I also removed Java b/c I had en error doing an update to that, but it did not change anything. The redirects then started happening in IE. Also, when FF was still installed, something was setting IE to the default browser on each reboot.

Logs are attached in the .zip File. Most of the scan results I looked at came up clean, but the MBR check shows an issue on C:. I may have a custom MBR, but I'm not sure - my system builder has it setup so I can get into Window Setup from a boot menu.

Also, during the SuperAntiSpyware scan, my explorer.exe crashed & came back. Once it came back, I didn't see iexplore.exe being re-loaded until after a reboot. I don't know if that might have affected the... Read more

Answer:Malware Removal/Google Hijack Help Requested

You need to create a recovery disc ( assuming you don't have your Win7 install disc):

Win7 64bit Recovery Environment

Win7 32bit Recovery Environment

You can use ImageBurn to create the disc.

Once you boot into the disc and enter the Command prompt, type this:
bootrec.exe /fixmbr

Reboot to normal mode and re-run MBRCheck and attach the log.
 

7 more replies
Relevance 88.97%

Hello! A friend of mine ran a scan after a very long time and found two trojans (Sefnir and RotBrowse) in her system. We ran both Avast and MBAM to get try and get rid of it, Avast ran a startup scan afterwards (or something similar where the screen turns black and it starts running a scan). It found two files over night but was still busy in the morning and so we decided to abort the scan and just deal with the two files found for now.
 
Problem is: Windows is now asking for activation codes on startup. It works, and I can access the desktop quite normally, but it isn't supposed to ask for any activation code.
 
What can I do to fix that?

Answer:Windows activation requested after malware removal

First - Do you have a legal copy of Windows installed ??
 
Second - Do you see a sticker anywhere on the computer with a mix of numbers and letters like >> ( xxxxx-xxxxx-xxxxx-xxxxx-xxxxx ) << 5 sets of 5
 
This will leave Third - That is your activation code ........
 
It should not happen, but it sometimes it will.

2 more replies
Relevance 88.97%

I seem to have run into a mutating virus/malware/spyware. After trying 5 or 6 anti virus programs it seems to be popping back up on the computer. It seems to be tamed to a point now where it seems only to be giving some pop up ads when surfing however not all functions of the computer are acting as they should. A few instances:

- I'm trying to remove a trial version of a virus scanner and before it removes it seems to undue the uninstall
- it is taking an unusually long time to power down when I choose that option
- it is not displaying the task box when I depress CTRL, ALT, & DEL key
- seems to work with Firefox but when attempting to run IE it hijacks the searches to some other site of its choosing
- I have Firefox set to save the downloaded file until I decide to remove it from the display box but it is not functioning like that anymore
- some tasks which used to run rather quickly now seem to take a fairly long time

I did some reading on how to go about posting for help so here are the files that were requested with this post:

DDS.TXT


DDS (Ver_09-02-01.01) - NTFSx86
Run by The Parente's at 16:20:11.20 on 18/02/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.2.1033.18.2941.1561 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Mic... Read more

Answer:Help requested for malware/virus/spyware removal

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read this: How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?

------------------------------------------------------

It appears that you have three antivirus programs installed and/or running, avast!, AVG, and Norton 360. While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs. Please choose one to keep and uninstall the others via Add or Remove Programs in your Contro... Read more

19 more replies
Relevance 86.92%

We have been without virus or firewall protection for 6 months.  We were VERY infected.  We downloaded the "Safety Center" and "Secure Veteran" programs to try to fix our problems last month--which, of course, made it worse, cause it looks like they were spyware/viruses.  I tried to download Norton 360, and was blocked; also, anytime I tried to go to any websites with "real" AV software, I was redirected.  We had the "My Web Search" toolbar up top, and it never took us to where we wanted to go.  Our computer just went to whatever web site it wanted too; then my wife had her FB account infected, and it started sending all sorts of emails to her friends/family.  At that point, I figured we needed serious help.I found evilfantasy's 9 page process (was referred to computerhope.com thru the manager at our local Office Depot) for removing viruses and spyware, as best I could.  Going step by step, each scan noticed new problems, and was able to fix all of them it found.  My computer seems to be working much better, but the last HJT scan did find a lot of errors.  Following the instructions, I didn't fix the errors.The whole process took me about 6 hours, in case other users are wondering.  I'm fairly familiar with computers, but not very well versed.  Most all of the links worked with the exception of HJT.  I went to cnet to get it. Hope I didn't get another virus ... Read more

More replies
Relevance 86.1%

I have begun to follow the "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help," but I am afraid to backup my computer/data as requested in Step 1. I am quite certain that I have a bad virus/rootkit on my computer. The problem is that if I backup my data to my HP SimpleSave external hard-drive, won't that device become infected? Won't I be backing up infected files?

I have run Norton 360, and it has removed everything it could (just cookies lately), but I continue to get numerous blocked intrusion attempts. This lead me to believe that the Norton firewall is doing its job, but that a serious threat is lurking in the background and trying to frequently attack my computer. Every so often this malware succeeds and opens a random window/tab when I am on Mozilla. Hence, do to all this, I am afraid that since something is on my machine, when I backup, won't I still be backing up a virus/rootkit?

Thanks for any and all who can shed light on this situation.

B

Answer:Afraid to backup data as requested by the Preparation Guide for Malware removal. What should I do?

Hello and welcome. WE will first do this and perhaps we can avoid the guide.Please run the tool here How to remove Google RedirectsWhen it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.Before you save it rename it to say zztoy.exe alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sur... Read more

12 more replies
Relevance 86.1%

Over the past 10 days or so I've been battling with something that was causing IE8 to throw up odd windows (even though I've disabled pop-ups) and also causing IE8 to hang when you click on the desktop icon to open it - if I open Task Manager and stop the iexplore.exe processes (2 of them) and then subsequently open IE8 it does work. I was using MalwareBytes Anti Malware and HiJack this and thought I was getting on top of it.But then yesterday I got a big hit - Avira starting picking up on a couple of nasties that go by the names of W32/Infector.Gen2 and HTML/Rce.Gen which resulted in hundreds of HTM and dll files being thrown into the Avira quarantine bin. I tried running MalwareBytes at the time and although it picked up on a couple of other Trojans both Avira and MBAM seemed to be overwhelmed. So I switched off my computer and started browsing the web with my missuses laptop... which brought me to here So I'm looking for some advice and guidence please. I was going to run Combofix but thought I'd best take advice first.My system is:Win XP Home edition, fully upto date as of yesterday.Anti virus: - Avira Personal free edition; again upto date with the latest definitions.Malwarebytes Anti-Malware - again upto date.And I also have Super Anti Spyware on the system too.Just one word... Help! Please! (Oh OK, 2 words then!)Cheers.EDIT: I'm not sure but I think I may have posted this in the wrong area of the forum, my aplogies if I have (I'... Read more

Answer:System infected by W32/Infector.Gen2...

I'm afraid I have very bad news.W32/Infector.Gen2 is the name used by Avira for variants of Win32/Ramnit.A / Win32/Ramnit.B, file infectors with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A or VBS/Generic. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file. -- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.Understanding virus namesThreat aliases for W32/Ramnit.a!35B43CB537D0Threat aliases for W32/Ramnit.a!5343A023502CWith this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected... Read more

5 more replies
Relevance 86.1%

A family laptop (which I personally do not use) running Windows 7 is infected with W32/Infector.Gen2 virus/malware. It is making Avira Antivirus go crazy with popups. It keeps saying many dlls and exes have been infected with W32/Infector.Gen2 and asks me to quarantine the files. The odd thing is, these dlls and exes are part of software already installed on the Laptop such as Google Earth, Open Office and Internet Explorer. Of course, when I quarantine these files, the corresponding programs fail to run.

I have ran a full updated scan in safe mode with Avira but this is useless as it says hundreds of files have been infected in programs the laptop has installed (I believe these are false alerts). It also lists many enteries for HMTL/Rce.Gen. I ran Malwarebytes which found several threats but unfortunately the problem is not fixed. I also ran Combofix which found threats too but again, this was not helpful.

Any ideas?
 

Answer:Laptop Infected With W32/Infector.Gen2

Clean install, to start.
 

17 more replies
Relevance 74.21%

Tried to follow all the directions before posting about malware removal and did not see any issues. Any help you might be able to provide would be greatly appreciated, and thanks for taking the time (when you have it) to address my issues. I assume all malware issues are unique, so I started my own since all advice I've seen seems to indicate not assume one solution works for all problems.

Here are the reports requested:
View attachment RKreport[1].txt



View attachment HitmanPro_20120813_1910.log



View attachment mbam-log-2012-08-13 (18-07-12).txt



View attachment MGlogs.zip
 

Answer:Avira detecting 4 malware...TR/ATRAPS.Gen2, etc...

Welcome to MajorGeeks, johnnybooker

I want you to read and follow these instructions: TDSSKiller - How to run
 

1 more replies
Relevance 74.21%

Ok, I'm having a problem that a lot of people seem to be having lately, mainly with the Atraps.gen2 rootkit that seems to be popping up left and right on people's computers. Now mine is infected, and my windows firewall is turned off.

Also, my folder view keeps changing to detail view no matter what I do to modify the view (though I have no idea if this virus is the cause of that)

I looked on the avira forums, and saw to run OTL, so I did so and here's my log files of what I did on there:

My extras.txt file:

http://pastebin.com/x7EyjZWg

And here's my OTL.txt file:

http://pastebin.com/ikvHs56T

Any help would really be appreciated.

Answer:Infected with Malware (Atraps.gen2), need help removing it!

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/460953 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 72.98%

I have scanned with AVG with the latest updates. On top of that insidious google redirect I get random pop ups even when I don't already have IE or Firefox running. Also getting sounds in the background like I'm clicking on a link, surfing the net when I'm not. And SYSTEM in task manager is hogging a ton of memory.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:52:42 PM, on 8/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeC:\... Read more

Answer:persistent malware undetected by virus scans and malware removal tools

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

2 more replies
Relevance 72.98%

Hi,

I am the IT manager in my company.

I have a co-worker, his computer has search redirect issue. That means most likely it has malware.
Then i installed some major malware removal: Spybot Search & Destroy, SUPERAntiSpyware, Malwarebytes

After i installed them, i cannot launch them(That definitely means it has some kind of malwares)
I needed to rename their .exe files, after i can run them and scan my computer.

SUPERAntiSpyware, Malwarebytes found something, but didn't solve the problem, search redirect and
blocking malware removal software are still there. Now i am running Spybot Search & Destroy will see what happened.

By the way, i run them in safe mode because when i logon window to normal mode, it is slow (like it takes a long time to explore hard drive, etc). I suspect the malware slow down my pc. hopefully not registry corrupted or something, but works smoothly in safe mode.

So you guys have any suggestions? or you need a log file from combofix?

Please advise,
Tommy

Answer:malware: google yahoo redirect and can't launch malware removal software

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

5 more replies
Relevance 72.57%

I did a hijackthis scan and here's what I got:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:18:17 PM, on 4/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\WINDOWS\System32\00THotkey.exeC:\WINDOWS\system32\TFNF5.exeC:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynT... Read more

Answer:Malware Blocking Acess to Spybot, Microsoft Malicious Removal Tool and other anti-malware programs

Hey guys I solved my own problem. I completely reinstalled windows. (It was about that time anyway)

2 more replies
Relevance 72.57%

Please help me,
I cannot access any internet (wifi & ethernet) after malware removal using GridinSoft Anti Malware. I already updated network drivers, but it's still not working.
 

More replies
Relevance 72.57%

Hi, I'm suddenly having a lot of trouble with malware. My computer seemed to be running okay but I ran Malwarebytes as I occasionally do, and it picked up a fair amount of malware on my system. I deleted it and rebooted, but that's when my problems really began. Upon restarting, my internet connection has become almost unusable. It's extremely slow and generally I can't even open a page that I want after trying to refresh several times. Oddly though, google is working perfectly and a few other sites seem to work too, including this one. I've tried running MBAM again and again, each time it picks up more malware and I remove it, then reboot and the cycle renews. I can't seem to get rid of all of it, every time I scan my system there's just more of it. I've tried ComboFix but it doesn't seem to have done anything. One persistent thing seems to be photo_id.exe, I've got a few messages from MBAM saying it can't be removed and I need to reboot. Also, I've noticed that if I'm trying to reach a webpage, although it won't load there seems to be some redirecting, for example I just tried to reach a wikipedia page and it says &quot;The server at topsearchfeed.com is taking too long to respond&quot; For some reason I can't bloody format this properly no matter how hard I try, so here's an attached HJT log:
 

Answer:Malware removal attempt led to unusable internet, still can't remove all malware

problem has become more serious, now my mother has told me that the internet on her laptop is also extremely slow and essentially unusable, I'm worried that something from my computer has got on to hers via the wireless network we're both connected to. Somebody please help me
 

2 more replies
Relevance 72.57%

Gud day to everyone,

My computer having some malware activity, i have used adware 2008, spyware removal tool, norton anti-virus and other removal tool, but still those malware cannot be deleted.. My Computer icon could not display its properties, instead it appears like a file when you see its properties. It also disabled TCP/IP that why until now i cannot connect to the internet.. I don't have WindowsXP SP2 cd for repair..

Please help me as soon as possible, because it is a server..

Answer:Urgent! My XP SP2 have malware activity!.. cannot remove using malware removal tool

Hello frozenfire03, Welcome to TSF!

I recommend that you read this article… "Having problems with spyware and pop-ups? - First Steps"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.

When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Good Luck with it.

Kind Regards,

7 more replies
Relevance 71.75%

Had a machine in riddle with viruses which we duly cleaned up and removed without incident. Uninstalled the applications one at a time, restarting each time it was required and all was good.

After removing the last app (dont ask me which one it was I cant rememebr) the machine no longer starts.

It's boot cycling but once we disable automatic restart on system failure it brings up a STOP 24 error.

Have booted to puppy linux and examined the hard drive (which is SATA btw) and the data seems intact so we can assume, physically at least, that the drive is good.

Booting to an XP CD and attempting to access the recovery console to run chkdsk /r and it appears the drive is either not detected or is empty (the latter we know not to be the case)

Boot to an X CD to attempt a repair install and it tells me there is no hard drive present.

Check the BIOS and the drive is detected properly. swap the hard drive for a SATA CD and it detects the CD without issue which makes me thing the SATA controller must be functioning too.

Now it seems that the this single disk system has some kind of RAID configured on it according to the boot screens. My next step would be to remove the RAID but I'm concerned it might format the drive. Is this likely? It has an ASUS A8R-MX/S motherboard but the info I get from their site is a little vague.

Am I on the right track with the RAID thing or way off base, help me folks its driving me nuts.
 

More replies
Relevance 71.75%

Four steps that will keep your PC happy, healthy, and crap-free

Malware sucks. In the best-case scenario, it craps up your system with unwanted files and occasionally makes itself known in the form of a persistent pop-up window or annoying browser-based toolbar. In the worst-case scenario, malware completely takes over your desktop or laptop and ruins your life.

Your system slows to a crawl. You can’t even boot into Windows in the time it takes you to walk to the kitchen and back. Your data gets sent off to a faraway Internet land or, worse, your actual keystrokes are recorded for some unsavory individual to see. Malware locks down your browser, making you unable to actually do any browsing without being carted off to some bogus domain. You can barely run a program in Windows without getting bombarded by fake advertisements, programs, and dancing people on your desktop.

We can’t make this stuff up.

So what’s a computer enthusiast to do? Step zero: Read this guide, because we’re going to walk you through all the key details you need to know to both rid your computer of this junk and keep it free of downloaded nasties forevermore.



Read more at:
Maximum PC | Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Answer:Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Most excellent reading, thanks for posting for all to see, I , myself, use most all of these myself, the only paid program i have is malwarebytes, the rest are free add ons or are free programs . Thanks.

5 more replies
Relevance 71.75%

Dell m1330 Vista home premium. I have malware isses, frequent memory dumps, google redirection and something is preventing me from running or installing anti-malware programs. I had to install malwarebytes using the rename method, but the program will not run in safe mode or normal. I had spybot previously installed but I was also prevented from opening, so I tried reinstalling, but before it can complete the installation I get the blue screen of death memory dump! Before reading the procedure I ran coolweb, kill2me, windows defender and windows malicious software tool. None of the programs found anything. I also perfomed a couple system restores, but both failed.

Should I continue with the cleaning procedure (combofix), or does anyone know how I can get malwarebytes and spybot to run?
 

Answer:Trying to follow malware removal procedure, but malware is preventing me?

Here's my MGtools log, it was the only program that worked.
 

4 more replies
Relevance 71.75%

Hi. I am trying to diagnose a problematic laptop for a friend. I don't know the details of what happened to cause the problems. The main problem I can detect is that the laptop is EXTREMELY slow. It seems like anything I try has a delayed response (even a simple mouse click). I followed the Malware Removal Guide, but was only able to run two of the five suggested tools as follows:

1) SUPERAntiSpyware - I ran this after manually updating the definition files on the version already installed and the scan found nothing.

2) Malwarebytes Anti-Malware - I was not able to update the definition files for the current version installed. After several attempts to uninstall this (via the Control Panel), I was able to do it via CCleaner. However, I was not able to re-install a more recent version due to problems with the Windows Installer service. After uninstalling an outdated version of Java (Update 14) via the Control Panel, I have not been able to install/uninstall any more programs.

2) combofix.exe - not compatible with 64-bit OS

3) RootRepeal - did not run on 64-bit OS

4) MGtools - did run; kept getting errors, but continued to completion

Attached are the SUPERAntiSpyware and MGTools logs:
 

Answer:Possible Malware preventing me from running malware removal tools

I am not seeing any malware in those logs. I do not know why MalwareBytes would not run, are you able to run it in safe mode? How does the PC behave when you use safe mode?

More than likely I think I will be sending you off to the software forum.

We can do this:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:



O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsM... Read more

5 more replies
Relevance 71.75%

Hi, i got infected because i was triying to run malwarebytes and it skip the part of analising the files, it ended in arount 1 minute in a full scan, and i tried to download dr web cure it, and it dont allow me, the computer seems fine, but those things are very strange, and when i was running the scan i was in safe mode...
 
thanks for the help

Answer:Malware infected, malware removal tools useless

Greetings samidelcueva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

0 more replies
Relevance 71.75%

Please find attached the logs from the scans in the Windows XP Cleaning Procedures. I followed the Cleaning Procedures but still have a problem. The problems can be pinpointed to yesterday when I surfed to a web site without having an up-to-date Anti-Virus definition files. Before I knew it, I had an infected machine.
There seems to be 2 problems.

(1) After restarting the computer, Windows File Protection gives following message.

Windows File Protection
Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. Insert your Windows XP Profession CD2 now.

I have Dell OEM Windows XP Media Center 2005 installed on my Dell Dimension 5150/E510. Problem is, Dell has a Windows XP re-installation CD but Dell states there is no 'CD2'.

(2) I keep getting pop ups every time Internet Explorer is open. The pop ups occur on their own.

Hopeful you can help me to fix the problem. :confused
Thanks,
Ankur

p.s. Please note, the AVG Anti-spyware log is not attached because it was not generated by the tool. I scanned my computer using Trend Micro (after updating virus definition files) and I can provide the logs if you need.
 

Answer:Malware problem not fixed with Malware Removal instructions

Welcome to Major Geeks!

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
Java 2 Runtime Environment, SE v1.4.2_03

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F3 - REG:win.ini: load=C:\WINDOWS\system32\mlljg.exe
O2 - BHO: (no name) - {3F7BDD0B-0462-4F19-8B87-54D83601B87C} - C:\WINDOWS\system32\mlljg.dll
O2 - BHO: (no name) - {B8AFD866-6B8B-490E-DA2E-39E671810F96} - C:\WINDOWS\system32\mknamps.dll (file missing)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime

After clicking Fix, exit HJT.


Now download The Avenger by Swandog46, and save it to your Desktop.

Extract avenger.exe from the Zip file and save it to your desktop
Run avenger.exe by double-clicking on it.
Check the 'Input script manually' box.
Click on the magnifying glass icon.
Copy everything in the Quote box below, and paste it in the box that opens:




Files to delete:
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\mlljg.exe
C:\WINDOWS\system3... Read more

9 more replies
Relevance 70.52%

Hiya

Im running XP, avg detected trojans, the first one it got rid of, the second one Generic13.ATHP it could only remove it partially, apparently located in in c:\windows\system32\svchost.exe

Started the Malware Removal Process as recommended, SuperAntiSpyware wouldnt install, so I changed the filename, and it has installed but when I attempt to run it I get an error message -

SUPERAntiSpyware Free Edition has encountered a problem and needs to close. We are sorry for the inconvenience

The same happens with any other malware/spyware removal program, Spybot S&D, Malwarebytes etc...

Is there anything I can do to fix this?

Thankyou!
 

Answer:malware halps/malware removal not running

Hi again,

also tried doing this (as seen in another thread)

Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

* Scroll down to ?Non-plug and Play Drivers? and click the plus icon to open those drivers.
* Then search for TDSSserv.sys
* Let me know if you find this or not.
* If you do find it, right click on it, and select Disable. Do not try to uninstall it.
* Also if this is found and you disable it, then reboot and see if you can run the cleaning procedure and attach the requested logs.


but the device mentioned is not present (although there are a few that have error "!" things next to them, but 30 or so others.

:confused have no idea if any of this will help you lovely helper person, but i guess im just trying...
 

2 more replies
Relevance 70.52%

Have got a strange one, where have attempted to remove XP antispyware 2009 using malware antimalwarebytes. Looks to have been partly successful - but have got something else interfering. Frequently have pages on IE as "not found".

Have posted HJThis log and Malware Antimalwarebytes log below. Thanks for any assistance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:58, on 08/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdjserv.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologi... Read more

Answer:Malware - blocking removal by malware antimalwarebytes

16 more replies
Relevance 70.52%

Hi all, 
 
Recently on Chrome browsing on a site a received a web site popup saying "Your browser contains MALWARE. You have to install Chrome Malware Removal Tool". Confirming with OK opens an extension page:
 
https://chrome.google.com/webstore/detail/chrome-malware-removal-to/mbdoonnjlifcmakklcaembokjhjikank
 
I have a strong suspect this is a malware!!!
 
What I'm trying to understand if what kind of malware infected the web site I visited. Some technical specs could be useful . The web site is of a my friend and I'd like to help them to identify the malware infected their web site...
 
 

More replies
Relevance 70.52%

Hi. Thanks for this. I need to first tell you that I don't even know how to generate the logs everyone posts here for troubleshooting. I'm sorry. Maybe someone could tell me how, then I will.

Because my laptop wouldn't even boot to the O/S last week, DELL's tech support helped me move files, reformat and reinstall the OS. I reinstalled McAfee. A security tool warning popped up. I knew it was rogue; I came here and got rid of using mbam and process explorer - very easy. Or I thought I did. On my daughter's desktop this morning, there were 3 porn shortcut links ON HER DESKTOP!!!! There was also a link to "Active Security" - trying to figure out wtf this was it turns out it was another rogue. Awesome. It at least had an uninstall on Add/Remove programs... but obviously it is not gone, if that is even the cause of all this... Thinking MBAM would be a logical quick fix, I figured I would try that. My Mbam won't load - I have reinstalled and it - it reinstalls and then when I try to quicksccan it says I don't have permissions and then I can't even open it again. I can reinstall, then it is hijacked when I try to scan. My McAfee won't scan either so both are being hijacked and I also am having the same browser redirects as others when clicking on sites from search results. McAfee can't even fix itself. In safemode, McAfee tells me the truth at least that it is not working (in regular mode it poses like everything is... Read more

Answer:Ugh - Malware Removal Tools Disbled by Malware

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Relevance 70.52%

About a week ago, I noticed that when running Internet Explorer www.google.com that clicking on a website would take me to an add instead of the website. If I clicked back and clicked on the website again, it would correctly go to the website.

A day or two before noticing this issue I had upgraded to AVG 8.0 Free and had installed the latest Firefox version.

I am running a Windows XP Professional SP2, Intel Pentium 2.8 GHz.

I ran the instructions at forums.majorgeeks.com/showthread.php?t=35407 and am still experiencing the same issue as described above.

Any help would be greatly appreciated! This is the first forum I've ever posted to so be patient!

Thanks,
Deb
 

Answer:Malware - Exists after running MalWare Removal

This is the last of the Malware log files.

Thanks again!
Deb
 

2 more replies
Relevance 70.11%

Mod Edit: Split from http://www.bleepingcomputer.com/forums/topic481908.html - Hamluis.I'm getting the same thing. Also noting massive memory issue with explorer.exe. If I terminate explorer.exe the popular stop. Traditional malware fixes not picking anything up.

Answer:Malware Help Requested

I am not sure if you are aware, but explore.exe and iexplore.exe are two different things. Explore.exe is windows itself and if you end that process you won't have a desktop...just a background pic. iexplorer.exe is IE and is the one that you should end with task manager if you get a popup. But when I get this particular popup, I don't have iexplore.exe in my task manager because I am not using that browser. So I am confused.

6 more replies
Relevance 70.11%

Hello I have recently been getting bad image errors on start up related to a directory in program files titled as GOOGLE, if i delete this file i get no problems for a while but it comes back. Using search on this site i found out that this is malware and began to follow the required steps. I received a BSOD after running gmer but will try running again now. The system is a acer laptop running vista 32 bit. I have avg and spybot on the system if thats any help.

Logs:

DDS:


DDS (Ver_09-07-30.01) - NTFSx86
Run by James at 22:11:57.70 on 13/09/2009
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.2814.1656 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.ex... Read more

Answer:Malware help requested

Manager to run the gmer scan and have zipped the results as required.

James

1 more replies
Relevance 70.11%

Is it possible for an expert to review this hijack log and offer a solution. I have a yellow triangle in the bottom right corner of the screen and keep getting those annoying messages saying I need to purchase various packages to protect my computer. Any help would be appreciated. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 10:19:45 PM, on 8/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\IMSafer\bin\imsc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\Explorer.EXE... Read more

Answer:malware help requested

7 more replies
Relevance 69.29%

Hello I'm new to the forums and I bumped into a tricky problem here. I recently on Sept 18, 09 noticed a pop up ad from no where, nothing running and was on the desktop. Figured ok lets Spybot SD the bad boy got as far as the scan computer and the program shut down. Error from SpybotSD.exe with an error checked folder and saw no exe file there. I did a remove programs then reinstalled, tried again and same deal. Ok so it may also be malware. Ran Malwarebytes got as far as scan computer and it shut down but no missing exe file within folder. AVG Free Edition also has Email Scanning is disabled and cannot enable it manually. Came to the forum to look for steps to get logs from HJT or whatever the steps request me to do. Went to "Preparation Guide For Use Before Using HijackThis and other Malware Removal Tools" section and followed instructions. Attempted to back up files with Cobian and Windows XP Pro but both failed. I followed the dds.scr instructions and it had ran for a second then shut down. What now? Off topic here but i assume backing up or copying an infected computer to an external hard drive will transfer the infection?

Answer:Possible Rootkit/Malware Help requested!

Hello Envision,Sounds yucky to me. Let's see if we can get something to run so we can fix you up. Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.Thanks,tea

42 more replies
Relevance 69.29%

Thanks for any help on this folks. Looks like a common issue...
 

Answer:Malware/Browser help requested...

Hi,

Please download zoek.zip or zoek.rar by smeenk () from here or here and save it to your Desktop.
Unpack the archive...

Close any open browsers
Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

Double click on zoek.exe to run the tool .
Please wait while the tool does not start...

Copy the text present inside the code box below and paste it into the large window in the zoek tool:
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code:
createsrpoint;
gpt.ini;z
C:\Windows\System32\GroupPolicy;v
C:\Windows\SysWOW64\GroupPolicy;v
StandardSearch;
emptyfolderscheck;
installer-list;
installedprogs;
uninstall-list;

Click on button.
Please wait until a logreport will open (this can be after reboot)

Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named "zoek-results.log"

 

1 more replies
Relevance 69.29%

Hello all, I'm new here. I have read through and followed every instruction in the "READ & RUN ME FIRST Before Asking for Support " thread, but am still having problems on my PC. I get recurring popups, mostly for WinAntiVirus2006, AdultFriendFinder, 888.com and others. I may have also received a few fake alerts from sysprotect. Additionally, my toolbars along the top of my internet browser keep getting placed out of order randomly, and sometimes the address bar disappears entirely despite me locking my toolbars. Also, my internet explorer browsers have been running EXTREMELY slow, and if I try to open and run multiple browsers, they often crash or freeze and I get the "send error report" message.

For some reason my log files for HiJack This, Active Scan and the Bit Defender scan (which supposedly deleted around 19 trojans and viruses) are not attaching, so I will post them in the next post. Sorry for any inconvenience.

Any help would be very much appreciated. I've spent most of the day trying to fix this annoying problem. Thanks!
 

Answer:Malware problem Help requested

Again, sorry, but for some reason my computer would not allow me to place attachments.

Here is my HiJack This log posting:

Edit by chaslang: 3 Inline logs attached.

Here is my Active Scan log file:

Here is my bdscan result:
 

13 more replies
Relevance 69.29%

Problem with Sales and Advertisement software downloading, repeatedly and pop-up Ads on husband's computer (8.1). Using Iobit Unistaller to remove the errant programs ... finally let me run some scans.

MGTools scan resulted in message "... System Denied write access to Hosts file .... Hijack this may not be able to fix this ...." Then gives instructions on how to find them and delete them.

Attached are results of the other scans:

Appreciate help in figuring out the source of this problem.

Thanks,
Holly
 

Answer:Pop-up Ads Malware assistance requested

Hi there. There should still be a MGlogs.zip. Do you have that to attach, too please?
 

10 more replies
Relevance 69.29%

I am not sure of exactly what happened, because my son was online looking for xbox game help. It was on 04/15/11 that he was using Google Images to look for a character that he likes for his background and got a page that was a trap (one of those fake virus scanner pages) and would not let him X out of it. He said that he used the task manager to end Internet Explorer. He said that he ran SUPERAntiSpyware Pro and it found some things and then it rebooted. I found out the next day when I noticed that my background image was missing and my desktop icons were all hidden along with many of my start menu items, plus all my IE settings and favorites were gone & My Adobe Gamma profile was reset. I ran the "READ & RUN ME FIRST Malware Removal Guide" and then the "Windows XP Malware Removal/Cleaning Procedure" Most things are still hidden, I can unhide some things, but I do not know why they would be hidden. Is it a sign that there is still an infection or an unintended consequence of the cleaning instructions. Thank you!
 

Answer:Assistance Requested-Malware

We still need to see the C:\MGlogs.zip from running C:\MGTools.exe
 

5 more replies
Relevance 69.29%

Hey everyone --

My laptop has picked up a malware infestation recently --


I suspect the diagnostics will tell you all the required information but in short:

Running Win XP pro -- SP2 (I think)
Mozilla Firefox browser 3.0.7

My problem focus on google redirects which I covered up by using Redirect Remover 2.5.5 but of course this just covers symptoms and does not actually solve the problem.

I've also noticed pop-ups when browsing sites which should not have any pop-ups. (notably the kingdom of loathing wiki)

Ad-aware and clamwin do not detect any problems, but I have noticed that clamwin is has problems with automatic updates.

Here are the required diagnostics. Thanks in advance and please let me know what else is needed to clean this problem up.


Robert Gibson


DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 20:41:34.26 on Sun 03/08/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.567 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS... Read more

Answer:Malware Infestation Help Requested!

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

---------------------------------------------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

You can read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. ... Read more

10 more replies
Relevance 69.29%

Hello-

I am in desperate need of help. I have eset NOD32 and it alerted me that it cannot clean from the operating memory this file :

Win32/rootkit.Agent.ODG trojan

I have tried scanning with the anti-virus both in normal and safe mode. I have tried ad-aware, Malwarebytes, and Norman Malware cleaner. None worked. All in safe mode with the antivirus off and the system restore off. Nothing. I am afraid of sensitive information being compromised.

Combofix seems to be the only one that works but comes with many disclaimers of causing more harm, hard to use, expert use only etc. I am hesitant and apprehensive about doing this myself. More importantly, I want to know that if I back up my files on an external hard drive, will the trojan migrate also....

I would like a "helper" to walk me through this process so I don't have to uninstall everything and reinstall xp home and reset all my preferences...

Help!!!

Answer:More Malware help requested [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.To everyone reading this topic: Please note that ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Running ComboFix by yourself is like performing open heart surgery on yourself--the scalpel and other surgical tools that is ComboFix is meant to be wielded by a highly trained surgeon only in emergencies or dire circumstances. When the surgeon is thru s/he leaves the room. So combofix should be removed from a system once it has accomplished its job, unlike an AV that is there to protect you from future infections.. . . CF does make some alterations to your system if you run it. Even if you had no malware removed and run the uninstall command, some things may be different now on your system. I can tell you that one thing is that all your restore points will be flushed out and a new one created. There is a good reason to do that when you have a severe infection--but if you aren't infected y... Read more

14 more replies
Relevance 68.88%

Hi, Chaslang recommended I go through the malware removal steps after the post I made below. I did go through it and have attached the logs. Please let me know if you have any questions. I appreciate your help!

Hi All,
Thanks for looking at this. The problem is every few weeks one of my 2 yahoo accounts sends spam, even after I have changed the password. This never happens with my gmail account. I thought it was possibly me logged into a public wifi but now I'm thinking it's something on the computer. I have a powerful Lenovo X1 Carbon so the performance isn't being effected much. I have no pop ups and things seem to be running fine. Please help, people are getting very frustrated from all the spam they are getting from me.

Thank you
 

Answer:Repost as requested: Possible malware/Keylogger'

Sorry. Not seeing any malware in those logs at all.


If you are not having any other malware problems, it is time to do our final steps:
We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.


After doing the above, you should work thru the below link:
How to Protect yourself from malware!
 

3 more replies
Relevance 68.88%

Hello,

I have run through the malware removal procedure and feel that something still isn't right. I have attached the three log files, but there is something you should know. Even after choosing "create log file after every scan:nly when threat is found" AVG did not create a new log file. Instead, I attached my first log from Jan 10.

note: I ran all of these scans on the admin account, not the infected user account. When I ran hijackThis on the user account, after all of this, it still showed many entries which point to malware. Was I suppose to run everything under the user account?

The problem with this workstation began several weeks ago. It didn't come to my attention at first because the user didn't want to be blamed. They didn't admit to anything directly, but another user informed me that they ran an online scan because they were to their system was infected. I suppose I didn't educate enough, meh.

So, popups galore. - and here I am.

I ran combofix all the way through and restarted. I wasn't expecting it to start running again and inadvertantly moved one of the windows during the 'generating log' stage after rebooting. All I know is that program didn't finish - I had to terminate it.

Thank you so very much for your time. I will rerun the AVG scan this evening in hopes of generating new logs. The problem is that AVG was one of the bad files it quarantined. I'm having trouble ope... Read more

Answer:malware log review humbly requested

Ok - I'm having some trouble with the malware removal procedure.

1.) ComboFix does not entirely complete - even if I do nothing with the mouse. It gets through the whole first part, reboots, and begins running again when I log in. It opens two kmd.exe windows. This is where it stops with a blinking cursor. I've left it alone for over 30 minutes with no change. If I close one of the kmd.exe windows the remaining kmd.exe window says 'cancel batch', I put Y and it continues on to generate logs. It then freezes here with another kmd.exe window - blinking away. I let it sit and nothing.

2.) My AVG log didn't create so I went back to rerun it. However, AVG found its own executable (avgas.exe) to be infected. I found another in the main folder called avgas .exe (with a space). I'm not sure if this is a viral copy, or what.

I could use some direction.

Thanks for your time.
-Shawn
 

4 more replies
Relevance 68.88%

Hi all, I attempted to run the DDS download but no file would download for me. DDS Is there an alternate site/link to download from? I was signed into BC at the time. I was instructed to post as per instructions here by AustrAlien. He was helping with BSOD's. I have MBAM(updated last on 2/27) and MSE (updating daily) running on my system. MSE scans daily. edit: I should add that I don't really have any signs of infection. I run MBAM roughly once a week as backup. System info Speccyif more info needed, here is my jcgriff tool most recent update. Please let me know how to proceed.MBAM Log (I don't know how to find MSE logs. I couldn't find an option for enabling logging)Malwarebytes Anti-Malware 1.60.1.1000www.malwarebytes.orgDatabase version: v2012.02.27.04Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421owner :: LIVINGROOM [administrator]2/27/2012 1:31:59 PMmbam-log-2012-02-27 (13-31-59).txtScan type: Full scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 442234Time elapsed: 54 minute(s), 35 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detecte... Read more

Answer:Possbile Malware - requested to post in here

DDS download worked in IE but not chrome. Odd.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by owner at 9:07:39 on 2012-02-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.1870 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90�... Read more

24 more replies
Relevance 68.88%

Hello,

Having a problem with google searches redirecting, random walmart 1000 gift certificate popups, and things of this sort. It appears that this is not a unique problem so I am requesting help.

I get an error message that says "Generic Host Process for Win32 Services"

Running windows XP. Ran Malwarebytes and Spybot and found nothing.

Thanks!

Answer:Google Malware Redirect Help Requested

Hello,Having a problem with google searches redirecting, random walmart 1000 gift certificate popups, and things of this sort. It appears that this is not a unique problem so I am requesting help.Running windows XP. Ran Malwarebytes and Spybot and found nothing.Thanks!Same here this is the first problem i've caught in years(that didnt get caught by avg or malware-bites). if anyone finds anything that detects it that'd be awesome. oh and I'm on win7

2 more replies
Relevance 68.88%

Hi,

I recently started to play this Browser game called Kings of Chaos which was a browser game that was based on statistics, but I also noticed that I got a malicious malware from it called Http Tideserv. My Norton has been frequently blocking the intrusion from two primary IP's

I Don't know where to start but there is somethings that I don't want to do:

1) Reformatting
2) Deleting any precious files
3) Buying anything

I be most appreciated if someone can help me start off with trying to get rid of this malware

Thank you!!

Answer:HttP Tideserv requested Malware

Hello. Is this PC on a network?Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan... Read more

5 more replies
Relevance 68.88%

I tried booting up a friend's computer yesterday evening and was not able to load into the desktop successfully. When I hit CTRL + ALT + DEL, task manager was disabled. I tried booting into Safe Mode and ran into the same problem as I did earlier. I pulled out the hard drive and set as external and ran NOD32 anti-virus and it found 80 or so trojans that were cleaned. I also ran Malwarebytes & SuperAntiSpyware and it also found between 200-400 malware files that were cleaned. However when I tried running Spybot Search & Destroy and Lavasoft Adaware, several window prompts came up indicating that a trojan may have changed the settings for these two applications. Here's the report that I ran:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Kenny at 15:13:32.53 on Thu 12/10/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.995 [GMT -5:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\Explorer... Read more

Answer:Help Requested (Possible Trojan/Virus/Malware)

Bump!

1 more replies
Relevance 68.88%

Hello, I had good success on this site several years ago so I am hoping for some more help today.

I somehow contracted a very nasty malware or virus I am assuming while opening an image on the internet today while searching for pictures. It brings up a false anti-virus program that it is telling me to buy, and has completely shut down my computer. I am unable to open any virus programs I have, such as Ad-Aware or Spybot and am even unable to open System Restore.

I am Windows XP.

I am on my girlfriend's computer now. Any help is greatly appreciated. Thank you.

Answer:crippling virus/malware - help requested

Found some other sites with some info on this...it is the Antivarus malware...trying to remove it now.

2 more replies
Relevance 68.88%

Hello,
 
My bank asked me to proceed to  a search for a possible malware infection on my pc, as my online account had been subject to an attempted hack. Could you help me do that? the only thing I have noticed is sometimes a slow web connection and a high CPU rate when using Chrome browser.
with gratitude...
André Apicella
 
Résultats d'analyse de  Farbar Recovery Scan Tool (FRST) (x86) Version:27-04-2016
Exécuté par numerouno (administrateur) sur NUMEROUNO-PC (27-04-2016 13:28:20)
Exécuté depuis C:\Users\andré.numerouno-PC\Desktop
Profils chargés: numerouno & andré (Profils disponibles: numerouno & andré & DefaultAppPool)
Platform: Microsoft Windows 10 Professionnel Version 1511 (X86) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: Edge)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processus (Avec liste blanche) =================
 
(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corpor... Read more

Answer:requested search for a possible malware infection

to BleepingComputer.Hi there,my name is Jo and I will help you with your computer problems.Please follow these guidelines:Read and follow the instructions in the sequence they are posted.print or copy & save instructions.back up all your private data / music / important files on another (external) drive before using our tools.Do not install / uninstall any applications, unless otherwise instructed.Use only that tools you have been instructed to use.Copy and Paste the log files inside your post, unless otherwise instructed.Ask for clarification, if you have any questions. Stay with this topic til you get the all clean post.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.*** Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.Vista / Windows 7/8 users right-click and select Run As Administrator.A Notepad document should open automatically called checkup.txt; please post the contents of that document.*** Please download Malwarebytes Anti-Rootkit and save it to your desktop.Be sure to print out and follow the instructions provided on that same page.Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.Double click on downloaded file. OK self extracting prompt.MBAR will start. Click in the introduction screen "next"... Read more

14 more replies
Relevance 68.06%

When I try to run a scan from usind AVG anti-virus, Avira, Windows Defender, or SuperAntiSpyware; when the scan gets to a certain point, Windows shuts computer down with a blue window. It says Kernel_Stack_ Inpage_ Error plus some standard verbage about if you recently installed sortware/hardware,see administrator, etc. At bottom it says: STOP: 0x00000077 (0x00000001, 0x00000000, 0x00000000, 0xF79B1D24). I could sometimes run AVG scan in "select drives/folders" mode but recently it quit allowing that after I upgrade to AVG 9 (free). I uninstalled AVG and went to Avira but with same results. Scanning with Windows defender did the same. I recently installed and ran SuperAntiSpyware and was able to pinpoint problem to " System Volume Information" directory. I am unable to open to see contents as Windows shows no files in it. When I ask Ariva to scan it, Ariva says no files also but if I use AntiSpyware to scan, it shows many files during it's scan but will get to a certain point and computer will shut down. I can almost see file that shuts it down but it happens too fast to catch it. I was able to run "RootRepeal" and log is below. I was not able to run "DDS.scr".

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/30 13:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepe... Read more

Answer:Unknown malware/virus won't let any anti-virus/windows defender/malware removal progran to complete scans

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

23 more replies
Relevance 68.06%

Here is the link to my other topic: http://www.bleepingcomputer.com/forums/topic404707.html/page__gopid__2309837#entry2309837Anyways, I am unable to run DeFogger and the same with DDS.scr.I can download them to desktop, but when I try to run them I get the error, "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access them."I am the administrator on this laptop, there is only 1 user account, and I am running Windows XP.I had google redirects, but that is since fixed, but the computer still overall runs slowly, there are 60 processes running the background, some files that I download etc I cannot open them, same case as with trying to run DDS.scr. I have ran Malwarebytes with the more currect version on a full scan and it finds nothing. Same with Super Anti-Spyware on complete scan, still nothing.I was able to run GMER.Here is the log for that.GMER 1.0.15.15640 - http://www.gmer.netRootkit scan 2011-06-26 19:50:47Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541616J9SA00 rev.SB4OC74PRunning: gmer.exe; Driver: C:\DOCUME~1\Gini\LOCALS~1\Temp\fwrcraod.sys---- System - GMER 1.0.15 ----SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB63C5982]SSDT \SystemRoot\System32\Driver... Read more

Answer:Requested to make topic here, help with malware issues

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

10 more replies
Relevance 68.06%

Hi folks,

My fiance recently installed some crazy tool bar from cursormania.com. It put toolbars in both IE7 and Firefox 3. I went through and removed the program in add/remove programs and disabled both toolbars. I have gone through the "Read & Run Me First" thread and it seems that my system is pretty clean, but I did find a number of mywebsearch hits in a few of the scans. My fiance frequently goes onto MySpace and I'd like someone to take a look at my logs. Some of them seem pretty straightforward, but some of them are too confusing for me to decipher.

Thanks in advance,
Bob
 

Answer:Malware Cleanup Help Requested - Logs Attached

MG Tools log.
 

4 more replies
Relevance 68.06%

Hello,

I recently contracted some sort of malware. The symptom I am seeing is that it is causing my internet traffic to go through a proxy server and keeps resetting my proxy settings to on and adding an ip address. I tried handling this manually by adjusting the settings in FireFox and removing the relevant .js file, but I haven't gotten a full removal. I also noticed that it was impacting my IE8 when I loaded that. I also had an ad/web page popup this morning. I downloaded HijackThis v2.0.4 and ran a scan. The logfile for it is below and attached. I'm not knowledgeable enough to know which item(s) I need to remove. Can someone help me with this. I am running on a Windows 7 machine and this impacted each of my browsers.

I have notifications turned on so I should be able to reply promptly to anything.

Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:05:17 PM, on 8/11/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system3... Read more

Answer:Malware Infection - Including Log from HijackThis - Help Requested

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Any underlined text in my posts indicates a clickable link.If you have any questions at all, please stop and ask before proceeding. Please download DDS by sUBs from one of the following links and save it to your desktop.DDS.scrDDS.comDDS.pifDisable any script blocking protection (How to Disable your Security Programs)Double click DDS icon to run the tool (may take up to 3 minutes to run)When done, DDS.txt will open.After a few moments, attach.txt will open in a second window.Save both reports to your desktop.---------------------------------------------------Post the contents of the DDS.txt report in your next replyAttach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD. Download GMER Rootkit Scanner from here to your desktop. Double click the exe file. If asked to allow gmer.sys driver to load, please consent . If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

Click the image to enlarge it
In the right panel, you will see several boxes ... Read more

4 more replies
Relevance 68.06%

Hello my new computer savvy friends i have an issue that nothing seems to solve. It started when i was using IE8 as i was looking at mixed martial arts videos on yahoo video. The free Mcaffee that my school provides blocked something with a title similar to JSbiogen exploit. i scanned my computer and spybot scanned it but nothing was found so i assumed it must have been an attack that was dealt with. Later while i was playing chess with a facebook application my mcafee blocked the same exploit. I scanned again but found nothing. I uninstaled my mcafee since i was no longer at school and installed avast which has always been good to me. Then i scanned again and found nothing. while i was researching this i found that IE8 started locking up. pages would load and never stop loading. my memory usage was fine and everything else was good but the browser would not go anywhere. i would close the program and reopen it and it still wouldn't work. i also tried logging out and back in and it still wouldn't work, nether would putting the computer in standby or hibrinating it. the only way to fix the problem was to reboot the computer. I then switched to chrome which i find to be awesome lol. the problem happened less frequently but sometimes when it did happen it would take me to a random ad page which is suspicious to say the least. I also noticed that chrome was still alive in the processes even after i closed it and when i tried to end the process or it and its tree it would... Read more

Answer:Possible Hijack/Malware: IE8 + Chrome (Contains Requested Logs)

Hi and welcome. We are currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Thanks for your patience during this time.

kestrel13!
 

21 more replies
Relevance 68.06%

Hi,

Currently snagged a bit of malware trying to run its course on my workstation. However, instead of cleaning it, I have pacified it and am now attempting to gut and analyze it out of personal interest and to further knowledge of security analysis. I've already done the initial data collection and a bit of sleuthing but ran into a couple snags that I'd like assistance on if possible. If anyone here is capable and curious I'd like to proceed on this thread, otherwise if they have any other forum or resource they'd like to recommend to direct my attention too that will better suit this kind of request then I'd gladly accept that too.

I'll post details I've garnered so far under condition that I receive notice that others are interested in it. I will say that Trend Micro detected only some of its activity (attempting to access certs on illegitimate sites) but not the actual offending items (I have, however). I have not ran it through other AV software yet to determine virus definitions, so for now it is considered an unknown strain.

Thank you for your consideration in the matter. I hope this ends up becoming a worthy adventure that people may profit from.

Answer:Analysis on Unknown Malware - Assistance Requested

Upload the file to Jotti's malware scan and have it scanned and analyzed by several anti-virus companies.

9 more replies
Relevance 68.06%

Hi folks,

OK, this is my first post on this forum, and surprise surprise, I'm looking for some help with PC performance and possible malware. Recently, my wife's PC (running XP2) has been getting slower and slower. So, I took it upon myself to clean some stuff up.

I went through your suggestions for "basic computer maintenance everyone should do" first, and removed some startup entries that I didn't need - that should help. However, there were a few entries in that list that looked suspiciously like a malware/trojan I dealt with on my PC fairly recently, so I wanted to run it by you folks.

I run AVG as my antivirus, but it's not picking up any problems. I run ZoneAlarm for firewall, and AdAware occasionally for spyware removal.

Next, I went through your Housecleaning steps. I enabled viewing of hidden files, and then went through your XP cleaning procedures.

I have attached the combofix and MGtools.zip files. However, despite setting the AVG antispyware settings as you indicated, no report was generated. (I confirmed the settings afterwards, and it definitely was set to "automatically generate each time". The AVG antispyware found just one entry, which was deleted. (It was deleted, not quarantined.) Unfortunately, I don't have the specific information, as I expected to be able to get at the report. I can certainly run the process again if necessary.


So, please find the files attached.

Incidentally, some of th... Read more

Answer:Help requested with unidentified malware / PC slowdown issue

Sorry, didn't want to bump, but apparently you can't edit your posts here.

I was able to get the AVG Spyware to save the report, attached here.

Thanks!
 

4 more replies
Relevance 67.24%

Hi,

I have a dell xps 8300. It started acting up about 1 week ago (freezing while working online, freezing while trying to boot). Today i got the Blue screen asking me to restart if this was the first time I had received a blue screen.
I restarted it was fine for 30 minutes and everything froze.
I restarted it and I received error beeps ( 4 beeps)
I looked that up on dell support and they said it was RAM problems.
I opened up the computer vacuumed a bit, took out ram cards and reinstalled them.
It had been working o.k.for about 1 hour and only froze once more.
I decided to try the malware removal guide and here are the logs
Malware bytes did not find anything
TDSSKiller did not find anything
MGtools ran but as soon as it was done the window closed. i don't know how to find the log
Your help will be greatly appreciated
 

Answer:malware removal - have followed malware removal guide

I still want to see the log from Malware Bytes please.





MGtools ran but as soon as it was done the window closed. i don't know how to find the logClick to expand...

Should be directly on C:\ if that's where you boot Windows from. If you really cannot find the log, you'll have to run MGTools.exe again in order to produce a MGlogs.zip. Thanks.
 

20 more replies
Relevance 67.24%

I have run the malware removal intructions and when through each programs as they did remove some of the malware and virus. The issue that I am having is that when I open the computer under seperate user and try to run the malware removal programs via internet or through USB drive, I keep seeing a window which pops up asking me which program I want to use to open the program. I have run the computer under the adminstrator and do not seem to have problems running the

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log



View attachment hijackthis.log

malware removal steps and have attached the reports from the intructions.

Even when I try to open add or remove programs under control panel- I get the following message: "C\windoesn\system32\rundll32.exe- application not found. I am thinking that It is something to do with AVG and have removed the program with the step.

Please help....

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log
 

Answer:Help with malware removal- have run malware removal instructions

ssmehta007 said:



....try to run the malware removal programs via internet or through USB driveClick to expand...

Specific download and installation instructions are in our R&R ME FIRST guide :
ComboFix
Running from: l:\combifix\ComboFix.exe <--- belongs on your desktop

RootRepeal
Save it to your Desktop

SAS & MBAM
Installed to the Default Location - "C:/Program Files", as we suggest that you keep them after malware removal.

MGTools.zip
Download this file to the root folder of the drive where you have installed Windows (Typically this would be C:\ and thus you would have a C:\MGtools.exe file after downloading). ​
Please make those corrections and attach the missing RRlog.txt (from RootRepeal) and MGlogs.zip - normally it is C:\MGlogs.zip . Please tell me any problems you still have.
 

18 more replies
Relevance 67.24%

Hi there.

This is my first ever post so bear with me if I get things wrong.

The problem is on my daughter?s laptop. It started back in May with the XP Defender virus, the Google results hijack virus and possibly more (all at the same time). It seems that AVG had also been attacked and whilst it was disabled she suffered multiple infections.

By following your Malware removal instructions, I had managed to get to a state where just the Google hijack seemed to remain. However, she suffered a further attack which, amongst other things, stopped the DHCP client from auto-starting and is overriding the Windows theme, mouse pointer, etc.

Current state is that after re-running the programs as advised in your Cleaning XP procedure, DHCP starts OK, Windows theme is still compromised, and other tasks that should run at startup (see list below) aren?t. MSCONFIG is in the correct state and I?m sure that some scanning software that I?ve run during the last few weeks has flagged the associated startup registry items as having missing code (even though all the programs exist). Affected startup items are:-

c:\program files\Apoint\Apoint .exe
c:\program files\Belkin\F5D9010\Belkinwcui .exe
c:\program files\CheckPoint\ZAForceField\ForceField .exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier .exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\QuickTim... Read more

Answer:MALWARE - Problems remain after following the READ & RUN ME guide. Help requested.

Re: MALWARE - Problems remain after following the READ & RUN ME guide. Help requested

Welcome to MajorGeeks, 35Ken.

I am currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Our queue is working the oldest threads first.

Thanks for your patience.
dr.m
 

8 more replies
Relevance 67.24%

Greetings. I believe a computer I am responsible for may be infected with some malware/virus. Several months ago I removed on this same system a google redirecting virus. I believe I used Malwarebytes Anti-Malware to remove it. Since then, we have had two episodes where using either Internet Explorer (versions 6, 7 AND 8) as well as Firefox (versions 3 and 4) lock up when attempting to browse the web. They usually load the initial homepage and then fail from that point on. Note that they lock up after reading SOME (but I presume not all) of the data received from the webserver. I know this because when the GUI freezes, the correct title is displayed on the tab. Also, if I wait it out, the GUI eventually returns and runs better, but still slow following the initial freeze. I can't say how long the initial freeze took as I wasn't timing it, but I would guess anywhere from five to 10 minutes.If I telnet to, for example, www.google.com:80 and type:GET /I get data back instantly. I am concerned that some part of this old virus (or part of a new one) remains. I run ESET NOD32 Antivirus and have completed several scans with Malwarebytes AntiMalware. Neither scan produces any results, although the NOD32 startup scan a few days ago reported Mebroot trojan which it claims it was unable to remove. After downloading the manual remover from the ESET website, the removal tool said that Mebroot was not found on the system. I have no explanation for the seeming contradi... Read more

Answer:Possible malware infection - Windows XP Pro (requested logs attached)

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/418742 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

5 more replies
Relevance 67.24%

Boopme asked:

> Please go here....
> Preparation Guide ,do steps 6 - 9.
>
> Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not > in this topic,thanks.
> If Gmer won't run,skip it and move on.
> Let me know if that went well.

I'm attaching the dds.txt and attach.zip logs. I was able to run GMER but it took several hours (like, 5-1/2) and at the end of it I could not create the ark.txt file as requested because all of my system resources had been consumed. There are a zillion files in documents and settings/me/local settings/temporary internet files/ie5.content/* GMER did report that I had a rootkit problem.

To recap: Google redirect, BSOD, I followed steps 6-7, everything was fine, I started GMER as requested, but could not create a log file after many hours of scanning. DDS reported finding TLD4 MBR, which I've put in the subject line.

Here is the dds.txt file:
=========
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by Robert at 7:15:45 on 2011-07-04
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.1716 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe... Read more

Answer:Google redirect, BSOD, TLD4 MBR malware -- as requested

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

20 more replies
Relevance 67.24%

I believe my system to be infected by malware. Specifically, Yellowmoxie and Browse to Save. I'm pretty sure it was bundled in a download.

What I have tried:
Jetclean
Glary Utilities
AVG anti-virus
Ad-Aware anti-virus
MalwareBytes Anti-Malware

Still getting pop-up ads as well as the ads that are underlined in various sites from surfing, researching and working.

I am running Windows 7 Home Premium. Version 6.1 (Build 7601: Service Pack 1)

Suggestions?

Answer:Malware Infection: Yellowmoxie and "Browse to Save" Help Requested

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

15 more replies
Relevance 67.24%

Hello valued Tech Experts.

To begin, here are some features of my hardware:

Hardware / System Info
Computer Model: HP Pavilion g6 Notebook series laptop.
Operating System: Windows 7 Home Premium.
Processor: AMD A6-3400M APU with Radeon HD Graphics 1.40 GHz
Ram: 6 GB (5.48 GB usable)
System Type: 64-bit Operating System

Symptoms began a few weeks ago, and are listed below:
-Slowness in processing speed.
-Quickly draining battery.
-Overheating

Background Info / Case History:
-I had Avast installed on my computer prior to any problems arising. I assumed it was fairly reliable and caught things on occasion.
-I began to check the processes when my computer started up to see what was wrong.
-One of the first (I think) processes that started utilizing excessive memory was chrome.exe *32
-I ran Avast, but it did not detect anything.
-Over time, I think more processes started having the *32 marker beside them and using excessive memory. [A full list as of this morning is listed below.]
-I noticed that the Avast applications also have the *32 marker, which makes me think that something in the Registry (maybe?) has affected Avast's ability to detect whatever I've got.
-I started to poke around on forums and online (I will now refrain from doing that until I receive your feedback).
-I downloaded Malwarebytes and upon running it for the first time, it detected several applications that were immediately quarantined.
-Upon restarting my computer, the Malwarebyt... Read more

Answer:Malware Assistance Requested (Possibly Trojan.Poweliks?)

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Why Does Chrome Have So Many Open Processes?

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.Do NOT click the green 'Download' button(if visible).
Click the blue 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Clean
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). ... Read more

19 more replies
Relevance 66.83%

My computer recently became infected. At first, my taskmanager and regedit were locked. Next, my desktop background was locked. I fixed these problems, but continue to be bombarded with malware in my running processes which regenerate upon rebooting. Eventually, I could not startup Windows. Once the Windows loading page was finished, my computer would restart. I upgraded to XP Pro, can now log on, but still have malware. Please help! Thanks for your time!
 

Answer:completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have malware

Re: completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have mal

Here is my MGTools.zip log. Thanks in advance for your help. Any addition info needed please let me know. Take care.
 

4 more replies
Relevance 66.83%

I have followed recommended protocols to suceessfully remove the "Trovi" malware from my computer.
But have one minor problem.
The virus removal programs successfully removed the malware programs, as the program no longer runs on my computer.
But the malware appears to have left code in the windows startup directing the computer to run files which are now no longer present on my computer.
Problem is that this causes the following Windows Popup box "Run DLL" to come up , before any other windows startup programs run.

The Pop up box contains the following wording"

" There was a problem starting
C:\Users\LESTER\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
The specified module could not be found."

Does anyone have any suggestions on how to get rid of the code lines in start up that lead to the popup box, so that it will no longer occur at computer start up.

Thanks.
Lester
 

Answer:Trovi Malware - "Run DLL" pop up box remains on windows startup after malware removal

Follow this thread and attach requested reports

http://malwaretips.com/threads/malware-removal-assistance-how-to-get-help.20334/
 

1 more replies
Relevance 66.42%

Hello, I'm looking for information about other vendors in order to make sure the information I have in my article about How to Report Malware or False Positives to Multiple Antivirus Vendors is as concise and accurate as possible. Below I've listed some vendors I'm specifically interested in because of missing information, but if you find other vendors I've haven't mentioned also feel free to point out things about them as well. The type of information I'm looking for is defined in the article in the section about How You Can Help.

Does anyone have information (including whether the companies are still in business), that is not already included in the article, about the following vendors/products? Please review the information in the article before commenting as I will be updating it with the most up-to-date information I have.

ALYac
Antiy
Artav Antivirus
Avertive
AVZ
Blue Atom Antivirus
Element
Iolo
KV Antivirus
Micropoint
Mint
Preventon
Protector Plus
RemoveIT
Roboscan
SpyCatcher
SpyCop
Solo Antivirus
Turk
VirusKeeper
Xyvos

Thank you.
 

Answer:Information Requested About Vendors To Improve Malware Reporting Article

One note: ALYac engine is actually Roboscan.
Roboscan is actually former ALYac but in English. Tobi will be able to tell you more.

So to be honest a user can either use ALYac or Roboscan as your link provides.

ESET has a way to report FP/malware/suspicious file, but that requires having ESET AV or SS installed, and its rather a pain since you have to submit one sample at a time and fill in a small questionnaire.

[attachment=1576]
 

2 more replies
Relevance 65.6%

I ran the steps in the Malware removal guide, i haven't seen any new pop-ups, but i noticed that there were a few problems that bitdefender could not fix, and my laptop is still running slow.

I am running windows XP, and will attach all logs.

Thank you in advance for all you assistance.
 

Answer:ran all the steps in "Read & Run Me First malware removal guide," still have malware

Re: ran all the steps in "Read & Run Me First malware removal guide," still have malw

Here are the last three logs.
 

10 more replies
Relevance 63.55%

Staff Advisory: This post needs to remain here until one of the malware team advise that it can be moved. This member cannot access our malware forums due to their infection. ~ Animal----------------------------------------------------------------------------------------------------------------------Hello, I got some help from some nice people in the live chat. I have made a log with your hijackprogram and am posting it at the bottom. It created two .txt files so there are two reports. I am unable to open ANY link that has the words anti-spyware anywhere on the page or in the address bar so unfortunately I cannot post this in the malware removal forum because the internet window closes every time. I am in dire need of some help! I have a subscription to spy sweeper and it is keeping things out but I was infected with Antivirus xp 2008 and possibly some viruses because the computer was un-protected for about a month while I was in the hospital..I run with Windows XP and a wireless connection. If someone could take the time to look at this for me I would be so incredibly thankful! I offer my services as a photographer/graphic artist/professional gift shopper/myspace designer/beginner web designer. You can see what I do at www.perfectionpictures.com and contact me if you need anything at all!Current Symptoms (in the order of appearance)Random Total system crash then restart then blue screen then back to windows. msvcp71.exe is missing so a program is being prevented ... Read more

Answer:Antivirus Xp 2008 Removal Help/am I Infected? Can't Open Malware Removal Forum

Hi & welcome,I would like to try a couple things before we go much further so I have a bit better picture of what is happening and can take the needed cautions.1.) click start> run> type msconfig and hit enter.click "boot.ini" tabCheckmark /bootlogClick "apply" and "close"Reboot when askedLocate and delete this file:C:\windows\ntbtlog.txt (in case your extensions don't show it looks like a notepad)RebootLocate & post:C:\windows\ntbtlog.txt2.) Click start> run> type: cmd.exe and hit enter.type the following commands exactly as you see em & hit enter after each one:cd c:\windows\system32dir userinit.exeNote the file size please & report that back to me. Leave cmd open a sec.Back at the cmd window...Type:cd dllcachedir userinit.exedir spoolsv.exeNote file sizes & report that back to me.Type exit in the CMD window & hit enter. (this closes it)3.) Can you see also if you can get this program installed please:http://download.bleepingcomputer.com/hijac.../HJTInstall.exeSave file> run it> follow prompts to install excepting defaults.Allow it to "launch" hijackthis.Click the "Do a System Scan and Save a Log File" optionSave the log file and then it should open with NotepadGo to Edit, Select All and then Edit, Paste to paste the contents of the log hereLet me know if you had any problems with the above please.I advise keeping the system offline as much as possib... Read more

3 more replies
Relevance 63.55%

Apologies, but i'm a bit of a novice. my computer did a scan when i started it and came up with some trojans. when i tried to delete them, a malware removal programme tried to install itself so i closed the download dialog box. unfortunately, i cannot remember the name of the software that was trying to install itself. please would you review my log below and help me clean my computer?

many thanks
---------------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by 0 at 19:57:35.67 on 02/01/2010
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.3000.1826 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows&... Read more

Answer:attempted removal of trojans try to install "malware removal software

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 62.73%

Hi,I have tried many ways to get rid of some Malware that has only recently infected my PV. I hope someone can help me as this is my work PC and I need to plug back into my office network in a few days, but think this would be a bad idea at the moment.The problem first showed itself by insisting I had many viruses etc, and I should install Internet Security 2010. I have installed Malware Bytes removal tool, and installed as instructed. It found the above, said it was removed, but still it appears to exist, although the name of the infection has changed a few times, and is currently redirecting my brower to a similar page to the above malware. A popup now shows that I should install Cyber Security to remove the infections. This is obviously another malicious antivirus/malware program.I have McAfee Enterprise installed (which I can't seem to disable)I have also run SuperAntiSpywarePlus, which did the trick removing a similar problem about a year ago on a different PC. However, although this program also finds problems, and supposedly removes t5hem, the problem is still there.Please help. I have shown Hijackthis log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:58:42 PM, on 29/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\... Read more

Answer:Cyber Security removal; Malware removal not working

Hi,I have tried everything I know of to remove this pesky piece of malware. It seems to keep changing names, starting out as Internet Security 2010, and redirecting me on a google search to a webpage trying to convince I was riddled with viruii and malware, and then trying to sell me thier software, which is really just a scam. I ended up here after a few days of tearing my hair out, almost beaten. I went through the tutorials, but unfortunately that was before I fired off a post in desperation. Please delete my previous post, as I have now followed the suggested path, and run the utilities to help diagnose my problems. The resulting files are attached.Please help. I hope the files uploaded can provide an insight into whats happening.Apologies for jumping right in and posting a Hijackthis log before I had read the tutorials.ntents belowDDS.txt contents pasted belowDDS (Ver_09-12-01.01) - NTFSx86 Run by Greg.Middleton at 15:30:23.26 on Tue 29/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.3063.2330 [GMT 9.5:30]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\windows\Syst... Read more

3 more replies
Relevance 61.5%

I posted the software forum yesterday and was instructed to complete the malware removal steps and repost here. I have a new computer running Windows 8.1. When I say new, I mean I started having problems within a couple of hours after turning it on!

I have McAfee antivirus protection and downloaded and installed my MSOffice 2013 Home and Student. All seemed to be fine. The MSOffice was up and running and McAfee said I was protected. Suddenly and I don't remember what I was doing...it said Microsoft something (sounded like an antivirus or firewall something) had detected several problems and I needed to "clean my computer". Oh so ignorant of all that was going on with learning Windows 8.1 after using XP for years I told it to clean. Somewhere in there it suggested I do a system restore. All seemed OK until I realized MSOffice was no longer there. I tried to download it again and reload, but with no luck. It occurred to me it had something to do with the system restore so I tried to undo the restore. That of course didn't help. I'm also now getting messages from McAfee that I am covered and safe but that my firewall is turned off and needs to be turned on. However I can get McAfee to do nothing. I can open a screen, but nothing I do makes it do anything. I tried downloading their "Virtual Technician" before I started the process you recommended and it acted like it was downloading, but 20 minutes later it was still "spin... Read more

Answer:malware removal help - removal instructions attempted

Can you try running the tools that were not working before including Hitman, in safe mode please. Let me know how you get on.
 

16 more replies
Relevance 61.5%

Hello!
In reading more of these threads I can see Im not the only one with the iexplore issue.
Glad to know it can be corrected!!!!

I have multiple pop-ups and my computer is as slow as dirt.
When I get home at 3:30 Calif time I will do the HJTInstall.exe thing and post the results.
Would the results of one that was done two days ago help? Yes I was having the issue then and another company did one and told me to email it to someone, which I did but I havent heard anything back and my computer is close to useless at this point.
Can MFDnNC or anyone else help?
Thanks!!!!
Ginny
 

Answer:malware removal/popup/iexplore removal

16 more replies
Relevance 61.5%

I read and followed precisely "Vista and Win 7 Malware Removal/Cleaning Procedure"

My issue: I was informed my my isp the following: "Mail Log Parsed from Feb 15, 2013 19:47:04 to Feb 16, 2013 19:47:04 User sent approximately 141,801 messages to 136,591 unique recipients. There were 2598 bounces received in this period, 1 percent of the emails sent. "

I have AVG, running constantly. ISP changed my password to stop the mail. I ran AVG in safe mode. Still not sure trojan erradicated. ISP referred me to your site.

I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.

Please advise if you believe my system is clean, or what further I should do. Since I haven't seemed to find anything, it's hard for me to be comfortable that it's clean.

Thank you emmensely!!

Mike Sieber
 

Answer:Help with malware removal--have performed removal instructions

Welcome to Major Geeks!




mike sieber said:





I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.Click to expand...

Not problems. It is just junk from AVG. All of your logs are clean. Many times when something like this happens, it is not an infection. It is due to a spammer/spammers getting your email login and password and they use it from other PCs to send out their spam. There are cases of infections that can cause spamming ( like some master boot record or partition infections ) but you show no signs of these.


If you are not having any other malware problems, it is time to do our final steps:
We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to ... Read more

3 more replies
Relevance 61.5%

Since the ComboFix will not run on Vista or Windows 7 64-bit, I have to look for new malware/virus removal apps... It was good while it lasted. So what tools do people use for Vista these days when the computer says: "WARNING! YOURS COMPUTER IS AN INFECTED BY HARMFUL VIRUS!!!!"

Answer:64-Bit Virus Removal & Malware Removal Tools?

64-bit Anti-Virus:List of 64-bit Anti-Virus For VistaAnti-virus protection in 64-bit environmentsFree Anti-virus:avast! Free Antivirus Avira AntiVir Personal - Free AntivirusAVG Anti-Virus Free Edition 8.5Microsoft Security EssentialsPanda Cloud AntivirusKingsoft Free Antivirus (Cloud Scan)Paid for Anti-virus:NOD32 Anti-Virus PersonalMcAfee AntiVirus PlusTrend Micro AntiVirus plus AntiSpywareNorman Antivirus & AntispywareCA Anti-Virus Plus Anti-Spyware64-bit Anti-Malware tools:Malwarebytes Anti-MalwareSUPERAntiSpywareKaspersky Virus Removal Tool - How to install and use documentationSpyware TerminatorWindows Defender (64-bit)PrevxSpybot S&DAd-AwareNorman Malware CleanerSunbelt Counterspy (free Trial)Comodo BOClean Anti-MalwareSophos Anti-rootkitSanityCheck Advanced Rootkit and Malware DetectorESET Online Antiivirus ScannerESET SysInspectorAnVir Task Manager FreeWinPatrolStart with these:How to use Malwarebytes' Anti-Malware to scan and remove malware from your computerHow to use SUPERAntiSpyware to scan and remove malware from your computer

3 more replies
Relevance 60.68%

HI again rolleyes

Malware Fighter picked this up during smart scan, then I ran a full scan and it picked it up again.
We have gone through the Remove Malware process twice.
Is Malware Fighter picking up stuff that is not malware, could my Malware fighter be corrupted?

Thanks K, I am not sure what to do at this point.
Scans attached.
Thanks again.....
I am not concerned when it picks things up and cleans them, I get concerned when it says it cleaned them and then I run a full scan and they are still showing up.
 

Answer:New thread as requested, Malware picked up smart scan,cleaned,then picked up fulls sc

Re: New thread as requested, Malware picked up smart scan,cleaned,then picked up full

Where on the site is there an explanation re uploading and taking screen shots. I follow the directions, put them in paint, ( which is what windows directions told me to do) however, when I try to upload the screen shot it fails to upload.
I ran the malware through VT and am trying to get a screen shot to upload.
Thanks

OK< I tried cut and pasting and putting it in an Open Office file but that came up as no valid.
 

13 more replies
Relevance 60.27%

Hi all! Thanks for this forum. I'm followed the steps to remove the Trojan.Gen2 virus from my computer,and still have it. Please find below the related logs, the bottom one being the first, and the top, the last GMER log. I would greatly appreciate your advice on the next steps for removal.

N.B. I saved the ark.txt as GMERlog, attached.

...and...
DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11
Run by Jocelyn Morin at 19:00:07 on 2012-04-01
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.776 [GMT 2:00]
.
AV: Norton Internet Security 2006 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *Disabled*
FW: Norton Internet Security 2006 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C: ... Read more

Answer:Trojan.Gen2 removal

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/448518 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 60.27%

Hi all,

I recently recovered from a virus that messed with my Master Boot Record causing my laptop to not be able to boot up normally.

After fixing that, I ran a scan with AVIRA AntiVir and find a virus that I cannot delete nor quarantine.

It is a TR/Vundo.Gen2 Trojan. Spybot has been unable to remove it too.

Please aid me in its removal, and advise on what I should do next.

Thanks for your time in advance.
 

Answer:Removal of TR/Vundo.Gen2

Hi,

Please do the following:
Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.

Disable any script blocking protection
Double click dds to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.
NEXT
Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.

Double click the exe file.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.
Click the image to enlarge it

In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
 

1 more replies
Relevance 60.27%

Nasty virus. even on Safe mode I can't install any anti virus. It has blocked Avast in my PC.Im not a computer expert and dont know how to resolve this. Nothing will work from the computer so I am using my laptop to create Rescue disks and try to scan with them but nothing worked so far.Trend Micro, EsEt. didnt detected anything. Bit Defender detected the following but couldn't clean it.[email protected]Please Help

Answer:"The requested resourse is in use" - Malware is preventing ALL exe files to run.

First of all, don't do anything. Apparently you have another computer so you are able to come in the form.What you need to do is to prepare a rescue CD using your working computer. You're going to download the ISO of a program that can check for viruses without having the operating system up and running These programs  are made by different companies. One of these is made by a company called AVIRA. You can download the ISO file off of their website and burn it onto using one of the common method used for duplicating an ISO file.Next step is to set up your trouble machine so that it will boot from the CD instead of the hard drive. This varies from one computer to the next, so I'm not able to give you the detailed step-by-step instructions on how it works on your computer. On the computers I have, which are made by Dell, I have to hit the F 12 key and then a program comes up then ask me what to and I select my CD-ROM player.Was the program boots up and what kind of test would like to do and then it will begin scan of your computer and will quarantine whenever it finds. In some cases it may be necessary to do some other kind of work on the computerAfter the VirusScan has been completed.Check this out:https://www.avira.com/en/download/product/avira-rescue-systemRead over over the instructions there.Let me know if you can  do that. 

14 more replies
Relevance 60.27%

Nasty virus. even on Safe mode I can't install any anti virus. It has blocked Avast in my PC.Im not a computer expert and dont know how to resolve this. Nothing will work from the computer so I am using my laptop to create Rescue disks and try to scan with them but nothing worked so far.Trend Micro, EsEt. didnt detected anything. Bit Defender detected the following but couldn't clean [email protected] Help

More replies
Relevance 59.86%

Hi,
I am using Windows 8 and Avira Free Antivirus.
Today I started getting security alerts that the computer is infected with TR/ATRAPS.gen2. The message appears every couple of minutes.
Tried to find a solution online, but they all say that the solution is complicated and none of the solutions have worked so far.
 
Tried RKill and TDSSKiller to close all the virus processes at least till a permanent solution can be found (as the computer is not usually turned off) - but it did not help, and constantly get the alerts.
 
Regards,
 
Marekssk
 

Answer:TR/ATRAPS.gen2 removal / Windows 8

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
 
Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your re... Read more

22 more replies
Relevance 59.86%

Hi!

I'm a complete novice when it comes to virus/malware removal so please bare with me as I explain my situation.
I recently decided to help my friend out with his computer problems as I've worked on simple virus problems before, however, I have no idea how to remove this TR/ATRAPS.Gen2 virus. Having had no previous anti-virus installed on his computer, I decided to install Avira (after said computer had already been infected). I then ran multiple scans of Malwarebytes, SUPERAntispyware, Spybot Search and Destroy, and Avira's complete system scanner. After detecting several lesser viruses, I was able to delete the bulk of the problem. However, the TR/ATRAPS.Gen2 still pops up in Avira's security alert whenever I restart the computer. I have no clue how to get rid of this virus. Any help would be appreciated. Thanks!!!!

On a side note, could it be that the difficulty of eradicating this virus stems from the fact that his computer was also affected by the BOO/Alureon.D virus? Again I have very little knowledge when it comes to these viruses, but I was able to get rid of the boot sector virus, for the most part. I used a program called TDSSKiller. Again, any help would be very much appreciated!

His computer is running Windows 7 64bit

Answer:TR/ATRAPS.Gen2 Virus Removal?

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

28 more replies
Relevance 59.86%

Not for sure when it was originally infected. Noticed a couple days ago Avira was not updating, last update was 3/13/14. When attempting to update there was an error and could not update. No other noticeable symptoms.

Uninstalled Avira and reinstalled newest version, still unable to update. Performed system scan and showed ATRAPS.Gen2 infection. Followed instructions on MalwareTips blog for removing this infection (Can post link if needed). During these scans also found Zero Access and other malware. Followed instructions as described but I am still unable to update Avira and am concerned that malware may still be present. I greatly appreciate your help.
 

Answer:ATRAPS.Gen2 / ZeroAccess removal

Hi,

Before we begin, I want you to have this in mind:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like ever... Read more

10 more replies
Relevance 59.45%

HEY GEEKS NEED A LITTLE HELP. I HAVE A WINANTIVIRUS POP U THAT COMES UP EVERYTIME I AM ON THE NET, AFTER U X IT OUT 5 TO 6 OTHER POP-UP COME UP ABOUT A VIRUS. I AM RUNNING AVG EVERY MORNING, SYBOT SEARCH AND DESTROY, AD-WARE 6.0. HERE IS A HIJACK THIS LOG FILE TELL ME WHAT TO GET RID OF PLZ.

EDIT: Removed inline HJT log


THANKS

DOOKIE
 

Answer:winantivirus removal, malware removal

Hi and Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.


Run this first

Virtumonde aka Trojan Vundo Removal - some people also refer to this as WinFixer

Then run the below and atach the requested logs for the malware experts to look over.


Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.



When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

[*]runkeys.txt - the log from GetRunKey.bat
[*]newfiles.txt - the log from ShowNew.bat
CounterSpy - ONLY IF you were not a... Read more

1 more replies
Relevance 59.04%

These viruses keep popping up on my Avira but it just doesnt go away. Any help would be appreciated. OTL logOTL logfile created on: 6/21/2012 5:12:09 AM - Run 1OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Steve\Desktop64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 3.10 Gb Available Physical Memory | 77.50% Memory free8.00 Gb Paging File | 7.24 Gb Available in Paging File | 90.52% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 232.79 Gb Total Space | 10.97 Gb Free Space | 4.71% Space Free | Partition Type: NTFSDrive D: | 7.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: STEVE-PC | User Name: Steve | Logged in as Administrator.Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/21 05:10:16 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exePRC - [2010/09/14 18:59:44 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\... Read more

Answer:TR/Small.FI JS/Yechy.A TR/ATRAPS.Gen2 Need some help with the removal of these!

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

25 more replies
Relevance 59.04%

My dad is constantly reinfecting his computer every month or so and this latest infection is the worst ive ever seen.  The antivirus software has been disabled (Eset NOD32) and reinstallation fails with an error.  His user account does not have admin privileges either.
 
I have a ton of realtime security applications installed that i hoped would protect it but they didn't (Eset NOD32, Microsoft EMET, Webroot SecureAnywhere, Trend Micro Browser Guard, Trend Micro RU Botted, Spybot Search & Destroy Resident, Peerblock with subscription lists, K9 Web Protection, MVPS hosts file and dns set to use OpenDNS).  The proxy server is legit as K9 Web Protection is installed too.
 
I ran hijack this and while i can't understand the log, i did notice some host file redirections for Google.
 
P.S. I was going to reinstall the computer from a backup image, but i would like to know what the infection is before i do so because the malware might hang around.
 
P.S.S. Thanks in advance
 
Find below the DDS log:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.51.2
Run by Adm1n at 0:36:34 on 2014-06-15
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2047.917 [GMT -4:00]
.
AV: Webroot SecureAnywhere *Enabled/Updated* {66A6FE14-08CB-F415-3742-517201416109}
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Di... Read more

Answer:Malware Removal Help

Good evening,.
If I was you I would just use Darik's Boot and Nuke to wipe the hard drive and then reimage and you should be good to go - it's bad enough trying to remove malware without trying to identify what it might be and the time spent doing that is wasted if you can just start afresh.

19 more replies