Computer Support Forum

malware halps/malware removal not running

Question: malware halps/malware removal not running

Hiya

Im running XP, avg detected trojans, the first one it got rid of, the second one Generic13.ATHP it could only remove it partially, apparently located in in c:\windows\system32\svchost.exe

Started the Malware Removal Process as recommended, SuperAntiSpyware wouldnt install, so I changed the filename, and it has installed but when I attempt to run it I get an error message -

SUPERAntiSpyware Free Edition has encountered a problem and needs to close. We are sorry for the inconvenience

The same happens with any other malware/spyware removal program, Spybot S&D, Malwarebytes etc...

Is there anything I can do to fix this?

Thankyou!

Relevance 100%
Preferred Solution: malware halps/malware removal not running

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: malware halps/malware removal not running

Hi again,

also tried doing this (as seen in another thread)

Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

* Scroll down to ?Non-plug and Play Drivers? and click the plus icon to open those drivers.
* Then search for TDSSserv.sys
* Let me know if you find this or not.
* If you do find it, right click on it, and select Disable. Do not try to uninstall it.
* Also if this is found and you disable it, then reboot and see if you can run the cleaning procedure and attach the requested logs.


but the device mentioned is not present (although there are a few that have error "!" things next to them, but 30 or so others.

:confused have no idea if any of this will help you lovely helper person, but i guess im just trying...

2 more replies
Relevance 88.97%

Hi. I am trying to diagnose a problematic laptop for a friend. I don't know the details of what happened to cause the problems. The main problem I can detect is that the laptop is EXTREMELY slow. It seems like anything I try has a delayed response (even a simple mouse click). I followed the Malware Removal Guide, but was only able to run two of the five suggested tools as follows:

1) SUPERAntiSpyware - I ran this after manually updating the definition files on the version already installed and the scan found nothing.

2) Malwarebytes Anti-Malware - I was not able to update the definition files for the current version installed. After several attempts to uninstall this (via the Control Panel), I was able to do it via CCleaner. However, I was not able to re-install a more recent version due to problems with the Windows Installer service. After uninstalling an outdated version of Java (Update 14) via the Control Panel, I have not been able to install/uninstall any more programs.

2) combofix.exe - not compatible with 64-bit OS

3) RootRepeal - did not run on 64-bit OS

4) MGtools - did run; kept getting errors, but continued to completion

Attached are the SUPERAntiSpyware and MGTools logs:
 

Answer:Possible Malware preventing me from running malware removal tools

I am not seeing any malware in those logs. I do not know why MalwareBytes would not run, are you able to run it in safe mode? How does the PC behave when you use safe mode?

More than likely I think I will be sending you off to the software forum.

We can do this:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:



O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsM... Read more

5 more replies
Relevance 87.33%

About a week ago, I noticed that when running Internet Explorer www.google.com that clicking on a website would take me to an add instead of the website. If I clicked back and clicked on the website again, it would correctly go to the website.

A day or two before noticing this issue I had upgraded to AVG 8.0 Free and had installed the latest Firefox version.

I am running a Windows XP Professional SP2, Intel Pentium 2.8 GHz.

I ran the instructions at forums.majorgeeks.com/showthread.php?t=35407 and am still experiencing the same issue as described above.

Any help would be greatly appreciated! This is the first forum I've ever posted to so be patient!

Thanks,
Deb
 

Answer:Malware - Exists after running MalWare Removal

This is the last of the Malware log files.

Thanks again!
Deb
 

2 more replies
Relevance 77.08%

I started trying to do the 10 step Malware Removal Guide last night. I ran into many problems: unable to run Counter Spy (able to download though) and unable to install latest version of SUN Java (able to download as well). I got this error on both: "The system administrator has set policies to prevent this installation."

I am currently unable to use my PC in the general boot mode and can ONLY use it in safe mode. I'm in a real pickle because I can't move forward in the Malware Removal process and I cannot get back to a restore point where my PC worked before because the Norton Go-back (to restore my system) won't work in safe mode.

I was unable to locate the file for Search & Destroy although one was made.

My PC is a Dell Dimension, 2.66 GB free disk space.

PLEASE help me!! Thanks!
 

More replies
Relevance 77.08%

I'm trying to follow all of the guidelines for malware removal but I can't "Turn Off UAC." I'm running Vista. When I try to do so I click on the "Turn User Account On or Off" and then I'm requested to input my password, which i do, and then nothing happens after that. I simply see the screen that has the link to "Turn User Account On or Off" again. I tried to do this in Safe mode as well and the same thing occurred. Should I proceed to run all of the malware removal software anyway? Thanks!
 

Answer:Can't turn off UAC before running malware removal sw

Try this:
Go to start > type in "cmd"
Click on cmd.exe > and paste in the following:





C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 1 /fClick to expand...


After you enable or disable UAC, you will have to reboot your computer for the changes to take effect.

The to re-enable (once we have totally finished) Same procedure except paste this in:





C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 1 /fClick to expand...

You should receive a success message saying: "The operation completed successfully"

or...failing that, there are other methods here

http://www.petri.co.il/disable_uac_in_windows_vista.htm
 

7 more replies
Relevance 77.08%

as per your sticky.....I have a program called Asus Probe that I have tried to remove but slows down computer, now have program Asus Probe 2 also at start up process and also when I go on line white box opens quite frequently in task bar with no lettering in it looks like an envelope, not mail...anyway to problem at hand to continue running all things on sticky I have found file in add/remove in control panel Wex Tech Answerworks, is this something I should have or delete? Thinks for input, then will go on with sticky before submitting hijack log ect.


Asus P4S533-X mobo, Intel P4HT 3066 MHz, Sis 645DX chipset, 1024 MB Corsair (DDR SDRAM), Award BIOS 02/24/03, NVIDA GeForce 5200 (128MB), Sis 7012 Audio Device, WDC wd800JB-00ETAC HD, Lite-On Combo LTC 4816H DVD/CD, Win XP Pro Service pack 2, Internet Explorer 6.0, U.S. Robotics V.92
Faxmodem
 

Answer:In the process of running malware removal

catsrdawg said:



I have found file in add/remove in control panel Wex Tech Answerworks, is this something I should have or delete?Click to expand...

Don't you recognize it as something you have installed.

See the below links. Maybe they will jog your memory.
http://www.wextech.com/answerworks.html
http://www.vantage-software-tech.com/

If you don't need it, uninstall it.
 

1 more replies
Relevance 76.26%

I did a search first but got nothing useful back. My computer is running fine, but I was wondering if there is any preventative maintenance that should be done to prevent spyware/malware even if I don't know that my notebook is infected? I'm already running MacAfee Security Center.Thanks!

Answer:Is there any benefit to running malware removal when there are no problems?

It's always a good idea to regularly run anti-malware AND anti-virus programs. Just because your computer SEEMS non-infected, doesn't mean it isn't. BUT, unless you pick up a virus, you don't need to post your logs here.

4 more replies
Relevance 76.26%

Following steps outlined in Topic: IMPORTANT: Read this before requesting malware removal help# AdwCleaner v2.114 - Logfile created 03/06/2013 at 21:21:54# Updated 05/03/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : Sandra - FAMILY-PC# Boot Mode : Normal# Running from : C:\Users\Sandra\Downloads\adwcleaner.exe# Option [Search]***** [Services] ********** [Files / Folders] *****File Found : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\k71p9ug9.default\searchplugins\safesearch.xmlFolder Found : C:\Program Files (x86)\ConduitFolder Found : C:\ProgramData\boost_interprocessFolder Found : C:\Users\Sandra\AppData\Local\ConduitFolder Found : C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmddaFolder Found : C:\Users\Sandra\AppData\LocalLow\ConduitFolder Found : C:\Users\Sandra\AppData\LocalLow\PriceGongFolder Found : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\k71p9ug9.default\Smartbar***** [Registry] *****Key Found : HKCU\Software\AppDataLow\Software\ConduitKey Found : HKCU\Software\AppDataLow\Software\iWonKey Found : HKCU\Software\AppDataLow\Software\PriceGongKey Found : HKCU\Software\AppDataLow\Software\SmartBarKey Found : HKCU\Software\AppDataLow\Software\xfin_portalKey Found : HKCU\Software\ConduitKey Found : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmddaKey Found : HKCU\Software\HeadlightKey Found : HKCU\Software\Microsoft\Windows\C... Read more

Answer:Computer Running Slow - Malware Removal Help

Malwarebytes Anti-Malware (Trial) 1.70.0.1100www.malwarebytes.orgDatabase version: v2013.03.07.04Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16521Sandra :: FAMILY-PC [administrator]Protection: Enabled3/6/2013 9:47:22 PMmbam-log-2013-03-06 (21-47-22).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 217611Time elapsed: 18 minute(s), 8 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)

14 more replies
Relevance 76.26%

Following steps outlined in Topic: IMPORTANT: Read this before requesting malware removal help# AdwCleaner v2.114 - Logfile created 03/06/2013 at 21:21:54# Updated 05/03/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : Sandra - FAMILY-PC# Boot Mode : Normal# Running from : C:\Users\Sandra\Downloads\adwcleaner.exe# Option [Search]***** [Services] ********** [Files / Folders] *****File Found : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\k71p9ug9.default\searchplugins\safesearch.xmlFolder Found : C:\Program Files (x86)\ConduitFolder Found : C:\ProgramData\boost_interprocessFolder Found : C:\Users\Sandra\AppData\Local\ConduitFolder Found : C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmddaFolder Found : C:\Users\Sandra\AppData\LocalLow\ConduitFolder Found : C:\Users\Sandra\AppData\LocalLow\PriceGongFolder Found : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\k71p9ug9.default\Smartbar***** [Registry] *****Key Found : HKCU\Software\AppDataLow\Software\ConduitKey Found : HKCU\Software\AppDataLow\Software\iWonKey Found : HKCU\Software\AppDataLow\Software\PriceGongKey Found : HKCU\Software\AppDataLow\Software\SmartBarKey Found : HKCU\Software\AppDataLow\Software\xfin_portalKey Found : HKCU\Software\ConduitKey Found : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmddaKey Found : HKCU\Software\HeadlightKey Found : HKCU\Software\Microsoft\Windows\C... Read more

Answer:Computer Running Slow - Malware Removal Help

Malwarebytes Anti-Malware (Trial) 1.70.0.1100www.malwarebytes.orgDatabase version: v2013.03.07.04Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16521Sandra :: FAMILY-PC [administrator]Protection: Enabled3/6/2013 9:47:22 PMmbam-log-2013-03-06 (21-47-22).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 217611Time elapsed: 18 minute(s), 8 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)

14 more replies
Relevance 76.26%

Hello,

I have been referred to this forum after speaking to mr TimW, I manually removed MSRemoval malware, but may have messed something up in the process and now my computer is running super slow

see thread: http://forums.majorgeeks.com/showthread.php?t=237105

* boot up is generally fine, although loading tray stuff up on start up takes a while
* shutdown takes about 2-3 mins
* IE8 loads up slowly and firefox even slower, however actually brosing the internet is fine once they have started
* downloading is fine
* applications run and load very slowly
* Edit: Seems to run a bit faster in Safe Mode
* IE appears to use the most cpu, about 80MB
 

Answer:Computer running really slow after malware removal

For starters, I would be sure all your data (pictures, music, financial/tax stuff, etc) has been backed up (copied) to a USB or external drive.

Second, clear all the history in your browsers (IE, Mozilla, etc.) and re-run a full scan with Malware Bytes. I have seen cases where cookies or other stored browser history have let the malware back in.

Next, download/install/run Advanced System Care 4. I've found it does the best job of all the free "tune-up" programs without damaging the registry.

http://majorgeeks.com/download.php?det=5927

In the ASC results, pay attention to the hard drive test results. If it tells you to restart the PC, do so and dskchk should automatically run once the system reboots. Once rebooted, re-run the ASC hard drive test. If it fails the test again it's a sign your hard drive is running on borrowed time and should be replaced ASAP. If the data isn't too corrupted, you can clone the entire drive (versus a Windows reinstall). The easiest way to do this is to be sure either the old and/or new drive is a Seagate - you can download and use their free DiscWizard software (available at Seagate's web site) to do this.

Not sure if it's coincidence or a direct result of malware; however I've seen an increase in the number of hard drive issues (failing the ASC hard drive test and/or Windows automatically running dskchk at startup) popping up after performing a major virus/malware exorcism.

Hope the... Read more

2 more replies
Relevance 76.26%

Hi all,

So my I was recently infected with some your privacy guard adware infection, and I think I've got it all removed but I don't know why my comp is running so much slower than it was before. I used ATF remover, AVG spyware remover, and smitfraudfix. I am posting my combofix, hijackthis, and rapport files. If you need anything else I will be more than happy to give you it.

Thanx in advance,

R. Cuellar

Answer:Computer Running Slowly After Malware Removal

Hi R. Cuellar, Welcome to the forum,

We are sorry for the delay in responding. The volunteers here are swamped and unfortunately not all logs get answered as quickly as we'd like. If you still require assistance please post a new HijackThis log into this topic and I'd be happy to check it over for remaining problems.

Thanks

Andy

1 more replies
Relevance 75.44%

was sent here by a nice guy at forum malwarebytes who helped me over 10 days/nights to free my Windows 7 desktop of malware and other nasties. Began with a black screen with cursor and no other display. Well now I am free of all that, the computer is slow slow slow. Browsers take ages to load, everything does. Have reset all browsers and removed add ons, no change. Am running ESET Smart Security, Malwarebytes Pro and Anti-Logger Free Protection is on so don't believe there is any problem there. PC is a Dell I got in 2008 - maybe I need a new PC? what suggestion do you have? I do have Windows 7 upgrade disk and the Vista one that came with the PC.

any help would be appreciated, thanks in advance and expectations..................
Judy

Answer:major malware removal job, now computer is running slow

Try following this guide to repair windows. I know that it is for Vista but the procedure should be similar to 7. If all else fails you might need to reinstall Windows. Repair Vista Options - Preferred Sequence

4 more replies
Relevance 75.44%

I've followed the Prep Guide but have been unable to get DDS to run despite repeated attempts. I've also tried to run Root Repeal several times without success. I then downloaded RSIT. Here's the log file:
"Logfile of random's system information tool 1.06 (written by random/random)
Run by GREG GOODFELLOW at 2010-01-04 15:32:45
Microsoft Windows XP Professional Service Pack 3
System drive C: has 52 GB (34%) free of 153 GB
Total RAM: 1015 MB (28% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\OGADaily.job
C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\... Read more

Answer:Infection Preventing Malware Removal Tools from Running

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

15 more replies
Relevance 75.44%

I have read READ ME FIRST and I was running through the malware removal procedure and had got to the combofix stage (malware problems: numerous it seems, SAS and MB found numerous infections; 'njc.exe' running, and various windows keep popping up including 'winlogin', 'hello4', and others). Previously I had uninstalled AVG using the removal tool advised in the READ ME FIRST. When I double clicked the combofix it warned me that AVG was running: I double checked that no AVG was running/installed, and since there wasn't I went ahead with the combofix (even though it warned me that it was at my own risk...). At that point the Dreamweaver and Internet Explorer programs both started running. The combofix program then asked to download the recovery console. It started the download, but the computer crashed, saying that there was a 'fatal error' and 'system shutdown'. I forced a shutdown (turning off power) and on rebooting, the computer would not boot. On second attempt when pressing F12 it booted and is currently on (I'm currently using a different computer). Please let me know what I should do next. Thanks,
 

Answer:Error when running combofix stage of malware removal

killian said:





On second attempt when pressing F12 it booted and is currently on (I'm currently using a different computer). Please let me know what I should do next. Thanks,Click to expand...

Skip ComboFix and continue thru to MGtools. Then attach logs from the below:

SUPERAntiSpyware
Malwarebytes
RootRepeal
MGtools

 

22 more replies
Relevance 75.44%

So i've had a couple of problems with my pc as of late. I'd say it's been going on for alelast a month. I haven't been doing anything different to what i normally do, just browsing the web, most likely had iTunes open and Windows Media Player. I do also download some stuff though...

One problem i have is that the windows i am currently using keep de-selecting (e.g. i have Firefox open and the window will de-select (it doesn't minimize) and i'll have to click on it again to be able to keep scrolling or typing. And the other being random spikes in my cpu which causes my music/video to freeze for a second.

I did a google search before coming here. One site said a good clean/dust out of the hardware should help it, i did that, no change (Although ALOT of dust came out). Another site said it was a background service that might be responsible for the cpu spikes, i disabled that and still no change.

So today i did the READ & RUN ME FIRST Malware Removal Guide.

Note: I downloaded MalwareBytes a few days ago, not from reading this guide but from seeing it recommended elsewhere. It did find a couple of problems and i had the program fix/delete them.

I have uploaded all the logs that are requested.
Please help. If any other information is needed about my sytem please just ask.
 

Answer:My logs after running the Malware Removal Guide sticky.

I am not seeing any malware.

Before we continue I would like for you to use MSConfig to put this machine back into normal start up mode

Most of these folders, if not all of them are likely to be empty, if so we can delete them , but we must be sure before doing so. Let's check.

SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:

Code:
:dir
{02E2800F-1E83-4EDC-96AF-84AE0ABD641B}
{037237AB-F7B1-4B04-B09D-B96FDE5F29D3}
{047D713D-AF79-4F80-8CA4-FF6F54B0AD9F}
{04FEE1B7-A76D-4684-9295-C8E71259F855}
{05013DAB-A90F-4753-91DD-9F981FB5D6F3}
{05AAB084-E44A-401E-8403-1326B14339EF}
{064EEAD6-DF7D-49A9-A674-10F40A3ACE1B}
{06CAB39E-E2B7-4953-8540-4EEEBBC98502}
{089B465F-CD66-4C16-9BB6-76E102703CAE}
{0A81489D-4791-4E7C-85EF-C8A05F56F9D4}
{0ABD1F61-B7AF-44E9-A98B-E4B82F92A4D4}
{0E19E0D3-4907-44C2-B456-2C511910E009}
{0EEA9E9E-D6DE-42D1-9025-83C1BF71ABF8}
{0EF29805-BE6C-4018-8B1C-8877166B3F5A}
{10691878-078B-481C-AC09-F60E478BB822}
{120C4C61-C3AD-4D65-8CAB-33D95BD15CAF}
{120EC8E0-7CB7-4BB3-8FE6-7643922F39DD}
{13F0CB02-AE4A-463E-AD15-0D0789CE4859}
{14681853-C4A9-4539-9E69-5E5972C23E00}
{14AA37C5-78B7-41E7-82B5-CEDA4597E428}
{17C536D7-9F24-484A-996B-437EAFE64591}
{1A15466F-20A8-4A9B-B0AA-D102B28C4993}
{1BF0977D-49C9-4E4A-BA4B-D9507991B8BD}
{1C3D7B64-C27F-418A-99... Read more

9 more replies
Relevance 75.44%

Issues remain after malware removal:

Tuvaro Search tab in Chrome and Firefox - cannot change or remove
otbot popup stating "unable to load skin"

 

Answer:Issues remain after running Malware removal - Tuvaro, etc

Hello, dhillenb

Your MGlogs.zip file is very incomplete. Did you have a problem running MGtools? Did you follow all instructions ( like disable UAC, disable protection software, use Right-Click and "Run As Administrator" )? Did you wait for it to tell you it was finished before attaching the log?

Re-run RogueKiller and have it delete:



Registry Entries :
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | SMessaging : C:\Users\Hillenbrand\AppData\Local\Strongvault Online Backup\SMessaging.exe -> FOUND
[] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IBUpdaterService -> FOUND
[] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IBUpdaterService -> FOUND
[] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IBUpdaterService -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2879597419-395703640-3558126926-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2879597419-395703640-3558126926-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2879597419-395703640-3558126926-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49225;https=127.0.0.1:49225 -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2879597419-395703640-3558126926-1000\Software\Microsoft\Wind... Read more

1 more replies
Relevance 74.62%

I recently helped my parents remove some virus by downloading and installing avast, the computer is still running slow and locking up but is no longer showing any virus' and will not let windows update.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:57:46 PM, on 3/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\America Online 9.0\waol.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\America Online 9.0\shellmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [a... Read more

Answer:Parents computer running slow locking up after removal of malware

16 more replies
Relevance 74.62%

Hi

REGISTRY/DRIVER ISSUE

I have an Acer Aspire 5740g laptop running windows 7 (log attached below).

I'm already indebted to you guys for your "READ & RUN ME FIRST. Malware Removal Guide" by chaslang, because it helped me to remove some nasty malware that was popping up on startup.

I ran through that guide till completion, including re-enabling UAC and doing the system toggles etc, including running all the anti-spyware programs even after the problem seemed to have been solved (although only the first two seemed to actually finish). The problem is gone thankfully but I've noticed an unusual side-effect:
audio no longer runs in browsers.

I'm wondering if some driver/registry change has caused this change. I've only tried testing the problem by opening clips that use sounds in youtube and megavideo (i'm using latest IE).

So far I have tried:
-restarting my computer
-updating adobe flash player to the latest version
-changing a flash player setting which is supposed to help in some situations (according to their support site)
-uninstalling and reinstalling flash player
-updating my sound drivers (found on the acer website- which involved removing the old drivers and installing the driver i downloaded).
-going into IE internet options> advanced> checking the "play sounds in webpages" box is checked
-closing all IE windows and restarting IE
-trying out (the limited) solutions google has thrown up

... Read more

Answer:Audio stopped working in browsers after running malware removal

Hi

It would be best as you have had malware on your PC to as you mention you have run the read me guide to actually attach the logs that that guide has you produce to your thread in malware forum HERE so that the experts in that area can give you an all clear on any remianing malware components, as while you may not see any issues outwardly, there maybe malware components left that are causing the audio issues, so need to remove them first before trying any driver fixes.


Once given the al clear on malware then post again here and we can try a few fixes.
 

9 more replies
Relevance 74.62%

Hello and Thanks in advance. I ran all tools to get a chance to ask someone how to repair the registry in my windows 7 64 bit system. It's new but has crashed multiple times. I was tired of restoring to factory settings.

It seems that someone with physical access during the 3 months I've owned it has changed settings so they can receive reports from this computer. Help!
 

Answer:Registry repair after running all suggested malware removal tools.

eMachines EL1352G-41w, AMD Anthon IIx2 220 Processor 2.8 GHz, 2.00 GB (1.75 usable), 64-bit operating system, Windows 7 Home Premium Service Pack 1, ZyXEL EQ-660R-F1 ADSL Router on single phone line 1.5 max (out in the sticks), No wireless connections, HP OfficeJet 5610v All-in-One (won't print), NVIDIA nForce 10/100/1000 Ethernet, worked fine till I left town. Have restored to factory 5 times. Some registry files are missing, and I don't have permission to change them. Files from Malware scans attached.

Hope this is all correct. Poke me in the eye if not! ~G
 

4 more replies
Relevance 74.62%

Hi I went through the malware cleaning steps just a bit ago to remove a redirecting page that kept coming up while browsing on chrome. It's been mainly causing problems with a single website right now that did not have any prior issues, but it could potentially be popping up with multiple websites on chrome. Usually if it does pop up again, it is after clicking on chrome or another tab after leaving it for a couple minutes. I've run through all the steps so far on the malware removal on the site but still have been having no luck with removing the file thats causing the problems. Any help you have would be greatly appreciated.

Thanks,

Bod
 

More replies
Relevance 73.8%

I want to run Combofix with expert help, but do not know how to Disable ESET Smart Security, malwarebytes,ccleaner,spybot S&D and Windows Installer Clean-up before running Combofix. I would rather not uninstall them all if possible, just disable. I didn't know Windows Install clean-up was on there until saw it listed in programs.

Thanks so much for any help.

Answer:How disable(not uninstall) antivirus/malware removal tools before running ComboFix?

I found out how to disable ESET, but not the others....Thanks in advance for help....

2 more replies
Relevance 73.8%

i was having the same issue JB123 was having:
Malware issue, now mshelper.dll cannot load cleaned comp but now cannot connect, did all of the netsh s, winsockfix,lspfix etc but issue still exists. 2 hrs with HP support and thats like torture and they just said to reformat... is there any fixing without the latter ??
still no default gateway listed or valid IP either

HP g7
W7 Home

Last edited by jb123; 25-Jul-2011 at 08:18 PM..

Would like to know what the resolution was to his fix if there was one

 

More replies
Relevance 72.98%

I have scanned with AVG with the latest updates. On top of that insidious google redirect I get random pop ups even when I don't already have IE or Firefox running. Also getting sounds in the background like I'm clicking on a link, surfing the net when I'm not. And SYSTEM in task manager is hogging a ton of memory.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:52:42 PM, on 8/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeC:\... Read more

Answer:persistent malware undetected by virus scans and malware removal tools

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

2 more replies
Relevance 72.98%

Hi,

I am the IT manager in my company.

I have a co-worker, his computer has search redirect issue. That means most likely it has malware.
Then i installed some major malware removal: Spybot Search & Destroy, SUPERAntiSpyware, Malwarebytes

After i installed them, i cannot launch them(That definitely means it has some kind of malwares)
I needed to rename their .exe files, after i can run them and scan my computer.

SUPERAntiSpyware, Malwarebytes found something, but didn't solve the problem, search redirect and
blocking malware removal software are still there. Now i am running Spybot Search & Destroy will see what happened.

By the way, i run them in safe mode because when i logon window to normal mode, it is slow (like it takes a long time to explore hard drive, etc). I suspect the malware slow down my pc. hopefully not registry corrupted or something, but works smoothly in safe mode.

So you guys have any suggestions? or you need a log file from combofix?

Please advise,
Tommy

Answer:malware: google yahoo redirect and can't launch malware removal software

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

5 more replies
Relevance 72.57%

I did a hijackthis scan and here's what I got:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:18:17 PM, on 4/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\WINDOWS\System32\00THotkey.exeC:\WINDOWS\system32\TFNF5.exeC:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynT... Read more

Answer:Malware Blocking Acess to Spybot, Microsoft Malicious Removal Tool and other anti-malware programs

Hey guys I solved my own problem. I completely reinstalled windows. (It was about that time anyway)

2 more replies
Relevance 72.57%

I was surfing the web today and I believe I clicked on a pop up by mistake when I shouldn't have. Avira then blew up with Malware alerts and I knew I had a problem...

I did a virus scan and it removed the detections found but when I did a restart they were back again. Also, the virus seems to move itself around to other .exe files. I found it had infected moviemaker.exe so I manually deleted the file as I don't need it but as soon as I emptied my recycle bin the moviemaker.exe file returned back to its original folder.

I'm afraid something really nasty has infected me. Avira is detecting it as a W32/Infector.Gen2 and Maleware Bytes is detecting 2 Malware.Packer.Gen files.

I went through the Read Me First steps on this site and preformed everything it asked. However, I was unable to uninstall my previous JAVA (ver 19) and was not able to install the newest version of JAVA. Both gave me errors that the installation program wasn't working.

I'm attaching the logs here. Can anyone help me get rid of whatever is infecting my machine? I would really appreciate the help!
 

Answer:HELP-Requested Malware Removal (Infector.Gen2 / Malware Pacger Gen)

Here is the 5th log.
 

6 more replies
Relevance 72.57%

Please help me,
I cannot access any internet (wifi & ethernet) after malware removal using GridinSoft Anti Malware. I already updated network drivers, but it's still not working.
 

More replies
Relevance 72.57%

Gud day to everyone,

My computer having some malware activity, i have used adware 2008, spyware removal tool, norton anti-virus and other removal tool, but still those malware cannot be deleted.. My Computer icon could not display its properties, instead it appears like a file when you see its properties. It also disabled TCP/IP that why until now i cannot connect to the internet.. I don't have WindowsXP SP2 cd for repair..

Please help me as soon as possible, because it is a server..

Answer:Urgent! My XP SP2 have malware activity!.. cannot remove using malware removal tool

Hello frozenfire03, Welcome to TSF!

I recommend that you read this article… "Having problems with spyware and pop-ups? - First Steps"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.

When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Good Luck with it.

Kind Regards,

7 more replies
Relevance 72.57%

Hi, I'm suddenly having a lot of trouble with malware. My computer seemed to be running okay but I ran Malwarebytes as I occasionally do, and it picked up a fair amount of malware on my system. I deleted it and rebooted, but that's when my problems really began. Upon restarting, my internet connection has become almost unusable. It's extremely slow and generally I can't even open a page that I want after trying to refresh several times. Oddly though, google is working perfectly and a few other sites seem to work too, including this one. I've tried running MBAM again and again, each time it picks up more malware and I remove it, then reboot and the cycle renews. I can't seem to get rid of all of it, every time I scan my system there's just more of it. I've tried ComboFix but it doesn't seem to have done anything. One persistent thing seems to be photo_id.exe, I've got a few messages from MBAM saying it can't be removed and I need to reboot. Also, I've noticed that if I'm trying to reach a webpage, although it won't load there seems to be some redirecting, for example I just tried to reach a wikipedia page and it says &quot;The server at topsearchfeed.com is taking too long to respond&quot; For some reason I can't bloody format this properly no matter how hard I try, so here's an attached HJT log:
 

Answer:Malware removal attempt led to unusable internet, still can't remove all malware

problem has become more serious, now my mother has told me that the internet on her laptop is also extremely slow and essentially unusable, I'm worried that something from my computer has got on to hers via the wireless network we're both connected to. Somebody please help me
 

2 more replies
Relevance 71.75%

Please find attached the logs from the scans in the Windows XP Cleaning Procedures. I followed the Cleaning Procedures but still have a problem. The problems can be pinpointed to yesterday when I surfed to a web site without having an up-to-date Anti-Virus definition files. Before I knew it, I had an infected machine.
There seems to be 2 problems.

(1) After restarting the computer, Windows File Protection gives following message.

Windows File Protection
Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. Insert your Windows XP Profession CD2 now.

I have Dell OEM Windows XP Media Center 2005 installed on my Dell Dimension 5150/E510. Problem is, Dell has a Windows XP re-installation CD but Dell states there is no 'CD2'.

(2) I keep getting pop ups every time Internet Explorer is open. The pop ups occur on their own.

Hopeful you can help me to fix the problem. :confused
Thanks,
Ankur

p.s. Please note, the AVG Anti-spyware log is not attached because it was not generated by the tool. I scanned my computer using Trend Micro (after updating virus definition files) and I can provide the logs if you need.
 

Answer:Malware problem not fixed with Malware Removal instructions

Welcome to Major Geeks!

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
Java 2 Runtime Environment, SE v1.4.2_03

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F3 - REG:win.ini: load=C:\WINDOWS\system32\mlljg.exe
O2 - BHO: (no name) - {3F7BDD0B-0462-4F19-8B87-54D83601B87C} - C:\WINDOWS\system32\mlljg.dll
O2 - BHO: (no name) - {B8AFD866-6B8B-490E-DA2E-39E671810F96} - C:\WINDOWS\system32\mknamps.dll (file missing)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime

After clicking Fix, exit HJT.


Now download The Avenger by Swandog46, and save it to your Desktop.

Extract avenger.exe from the Zip file and save it to your desktop
Run avenger.exe by double-clicking on it.
Check the 'Input script manually' box.
Click on the magnifying glass icon.
Copy everything in the Quote box below, and paste it in the box that opens:




Files to delete:
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\mlljg.exe
C:\WINDOWS\system3... Read more

9 more replies
Relevance 71.75%

Four steps that will keep your PC happy, healthy, and crap-free

Malware sucks. In the best-case scenario, it craps up your system with unwanted files and occasionally makes itself known in the form of a persistent pop-up window or annoying browser-based toolbar. In the worst-case scenario, malware completely takes over your desktop or laptop and ruins your life.

Your system slows to a crawl. You can’t even boot into Windows in the time it takes you to walk to the kitchen and back. Your data gets sent off to a faraway Internet land or, worse, your actual keystrokes are recorded for some unsavory individual to see. Malware locks down your browser, making you unable to actually do any browsing without being carted off to some bogus domain. You can barely run a program in Windows without getting bombarded by fake advertisements, programs, and dancing people on your desktop.

We can’t make this stuff up.

So what’s a computer enthusiast to do? Step zero: Read this guide, because we’re going to walk you through all the key details you need to know to both rid your computer of this junk and keep it free of downloaded nasties forevermore.



Read more at:
Maximum PC | Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Answer:Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Most excellent reading, thanks for posting for all to see, I , myself, use most all of these myself, the only paid program i have is malwarebytes, the rest are free add ons or are free programs . Thanks.

5 more replies
Relevance 71.75%

Dell m1330 Vista home premium. I have malware isses, frequent memory dumps, google redirection and something is preventing me from running or installing anti-malware programs. I had to install malwarebytes using the rename method, but the program will not run in safe mode or normal. I had spybot previously installed but I was also prevented from opening, so I tried reinstalling, but before it can complete the installation I get the blue screen of death memory dump! Before reading the procedure I ran coolweb, kill2me, windows defender and windows malicious software tool. None of the programs found anything. I also perfomed a couple system restores, but both failed.

Should I continue with the cleaning procedure (combofix), or does anyone know how I can get malwarebytes and spybot to run?
 

Answer:Trying to follow malware removal procedure, but malware is preventing me?

Here's my MGtools log, it was the only program that worked.
 

4 more replies
Relevance 71.75%

Hi, i got infected because i was triying to run malwarebytes and it skip the part of analising the files, it ended in arount 1 minute in a full scan, and i tried to download dr web cure it, and it dont allow me, the computer seems fine, but those things are very strange, and when i was running the scan i was in safe mode...
 
thanks for the help

Answer:Malware infected, malware removal tools useless

Greetings samidelcueva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

0 more replies
Relevance 71.75%

Had a machine in riddle with viruses which we duly cleaned up and removed without incident. Uninstalled the applications one at a time, restarting each time it was required and all was good.

After removing the last app (dont ask me which one it was I cant rememebr) the machine no longer starts.

It's boot cycling but once we disable automatic restart on system failure it brings up a STOP 24 error.

Have booted to puppy linux and examined the hard drive (which is SATA btw) and the data seems intact so we can assume, physically at least, that the drive is good.

Booting to an XP CD and attempting to access the recovery console to run chkdsk /r and it appears the drive is either not detected or is empty (the latter we know not to be the case)

Boot to an X CD to attempt a repair install and it tells me there is no hard drive present.

Check the BIOS and the drive is detected properly. swap the hard drive for a SATA CD and it detects the CD without issue which makes me thing the SATA controller must be functioning too.

Now it seems that the this single disk system has some kind of RAID configured on it according to the boot screens. My next step would be to remove the RAID but I'm concerned it might format the drive. Is this likely? It has an ASUS A8R-MX/S motherboard but the info I get from their site is a little vague.

Am I on the right track with the RAID thing or way off base, help me folks its driving me nuts.
 

More replies
Relevance 70.93%

I have run into a terrible problem and can no longer use my computer. It started a few days ago when I believe I was infected by malware...I noticed a program running in my task manager...one of those short 3 letter exe programs, so I decided to run malware bytes. Malware bytes succesfully found that program and I think called it a rootkit or something else. I chose to remove the found problems and then it asked me to restart. Following restart, I get a blue screen of death shortly after the windows XP title comes on. When I choose any of the options (Safe Mode, Safe mode with networking, Safe mode with command prompt, or normal windows) I always get the blue screen and cannot log into windows.

The error message reads:
A problem has been detected and windows has been shut down to prevent damage to your computer. If this is the first time you've seen this stop error screen restart your computer. If this screen appears again follow these steps: Check for viruses on your computer. Remove any newly installed hard drives or hard drive controllers. Check your hard drive to make sure it is properly configured and terminated. Run CHKDSK /F to check for hard drive corruption, and then restart your computer.

Technical Information:
STOP: 0x0000007B (0xBA4C7524, 0XC0000034, 0x00000000, 0x00000000)

So at this point I ordered startup/recovery CDs from dell. I am using a dell computer with OEM installed windows XP home edition. I got the recovery CD today, and can now boot from CD.... Read more

Answer:Blue screen after running malware bytes - infected with malware

Hello, lets see if we can find the cause of this problem. I will move this topic to the malware removal forum.Try this please. You will need a USB drive.Download GETxPUD.exe to the desktop of your clean computerRun GETxPUD.exeA new folder will appear on the desktop.Open the GETxPUD folder and click on the get&burn.batThe program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.Click on Start and follow the prompts to burn the image to a CD.Remove the USB & CD and insert it in the sick computerBoot the Sick computer with the CD you just burnedThe computer must be set to boot from the CDGently tap F12 and choose to boot from the CDFollow the promptsA Welcome to xPUD screen will appearPress FileExpand mntsda1,2...usually corresponds to your HDDsdb1 is likely your USBClick on the folder that represents your USB drive (sdb1 ?)Press Tool at the topChoose Open TerminalType the following and press enter:

dd if=/dev/sda of=mbr.bin bs=512 count=1

Press EnterAfter it has finished a file will be located on your USB drive named mbr.binRemove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

4 more replies
Relevance 70.52%

Hi all, 
 
Recently on Chrome browsing on a site a received a web site popup saying "Your browser contains MALWARE. You have to install Chrome Malware Removal Tool". Confirming with OK opens an extension page:
 
https://chrome.google.com/webstore/detail/chrome-malware-removal-to/mbdoonnjlifcmakklcaembokjhjikank
 
I have a strong suspect this is a malware!!!
 
What I'm trying to understand if what kind of malware infected the web site I visited. Some technical specs could be useful . The web site is of a my friend and I'd like to help them to identify the malware infected their web site...
 
 

More replies
Relevance 70.52%

Have got a strange one, where have attempted to remove XP antispyware 2009 using malware antimalwarebytes. Looks to have been partly successful - but have got something else interfering. Frequently have pages on IE as "not found".

Have posted HJThis log and Malware Antimalwarebytes log below. Thanks for any assistance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:58, on 08/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdjserv.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologi... Read more

Answer:Malware - blocking removal by malware antimalwarebytes

16 more replies
Relevance 70.52%

Hi. Thanks for this. I need to first tell you that I don't even know how to generate the logs everyone posts here for troubleshooting. I'm sorry. Maybe someone could tell me how, then I will.

Because my laptop wouldn't even boot to the O/S last week, DELL's tech support helped me move files, reformat and reinstall the OS. I reinstalled McAfee. A security tool warning popped up. I knew it was rogue; I came here and got rid of using mbam and process explorer - very easy. Or I thought I did. On my daughter's desktop this morning, there were 3 porn shortcut links ON HER DESKTOP!!!! There was also a link to "Active Security" - trying to figure out wtf this was it turns out it was another rogue. Awesome. It at least had an uninstall on Add/Remove programs... but obviously it is not gone, if that is even the cause of all this... Thinking MBAM would be a logical quick fix, I figured I would try that. My Mbam won't load - I have reinstalled and it - it reinstalls and then when I try to quicksccan it says I don't have permissions and then I can't even open it again. I can reinstall, then it is hijacked when I try to scan. My McAfee won't scan either so both are being hijacked and I also am having the same browser redirects as others when clicking on sites from search results. McAfee can't even fix itself. In safemode, McAfee tells me the truth at least that it is not working (in regular mode it poses like everything is... Read more

Answer:Ugh - Malware Removal Tools Disbled by Malware

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Relevance 69.29%

Hello
 
I recently did a fresh install of Windows 7 on my PC. I guess I forgot to install any AV until I was prompted to by Windows Update, which if I remember correctly, did install OK originally. Normally I would have installed AVG and MB, but I've had quite a few PC problems recently and so was a little haphazard, I can't remember whether I actually got MB installed prior to these problems or after. Anyhow, recently I started up my PC and upon starting got a message that MSE couldn't start because of error occurring during initialization, Error 0x80073b01.
 
I found a similar topic here and have run a few of the programs, most optimistically Hitman Pro, which found a couple trojans and malware items and deleted them. But I still have this issue with MSE that it can't load, can't be reinstalled and can't be uninstalled.
 
Other symptoms: Malware Bytes icon on my desktop went from being their logo to a generic .lnk/shortcut image and wouldn't load. I managed to reinstall it after using safe mode and using mbam clean to get rid of the mbamext.dll that wouldn't delete normally. I now have MBAM on my desktop and I can run it, but it won't get the latest updates (it appears to download them, but then says the db is missing or corrupt) and it won't let me do a scan.
 
I have been trying to copy some files to an external HD, but the ones with Security in their name can't be moved.
 
It seems like something is definitely running in the background ... Read more

Answer:Malware preventing MSE and Malware Bytes running?

Try running in Safe Mode and doing a full system scan with your antivirus.  You could also try a System Restore.  

2 more replies
Relevance 69.29%

I have followed the instructions to remove Malware defender 2009 and done all the rebooting etc. I have dowloaded and installed HijackThis (log below) and also followed the guide and done a DDS log (below) and also attached the "attach.txt" file as directed.DDS (Ver_09-03-16.01) - NTFSx86 Run by Administrator at 10:23:22.82 on 03/05/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2047.1438 [GMT 1:00]============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\userinit.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\Explorer.EXEc:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:&... Read more

Answer:Malware defender after running anti-malware

Hello Johncarter28.You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!These steps are for member Johncarter28 only. If you are a lurker, do NOT try this on your system! If you are not Johncarter28 and have a similar problem, do NOT post here; start your own topicDo not run or start any other programs while these utilities and tools are in use! Do NOT run any other tools on your own or do any fixes other than what is listed here.If you have questions, please ask before you do something on your own.But it is important that you get going on these following steps.=Close any of your open programs while you run these tools.Let's have you start with the following:Set Windows to show all files and all folders. On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed. "CHECK" (turn on) Display the contents of system folders. Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders. Next, un-check Hide extensions for known file types. Next un-check Hide protected operating system files. Take out the trash (temporary files & temporary internet files) Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.Start ATF-Cleaner.exe to run the program. Under Main choose: Select All Click th... Read more

2 more replies
Relevance 68.06%

When I try to run a scan from usind AVG anti-virus, Avira, Windows Defender, or SuperAntiSpyware; when the scan gets to a certain point, Windows shuts computer down with a blue window. It says Kernel_Stack_ Inpage_ Error plus some standard verbage about if you recently installed sortware/hardware,see administrator, etc. At bottom it says: STOP: 0x00000077 (0x00000001, 0x00000000, 0x00000000, 0xF79B1D24). I could sometimes run AVG scan in "select drives/folders" mode but recently it quit allowing that after I upgrade to AVG 9 (free). I uninstalled AVG and went to Avira but with same results. Scanning with Windows defender did the same. I recently installed and ran SuperAntiSpyware and was able to pinpoint problem to " System Volume Information" directory. I am unable to open to see contents as Windows shows no files in it. When I ask Ariva to scan it, Ariva says no files also but if I use AntiSpyware to scan, it shows many files during it's scan but will get to a certain point and computer will shut down. I can almost see file that shuts it down but it happens too fast to catch it. I was able to run "RootRepeal" and log is below. I was not able to run "DDS.scr".

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/30 13:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepe... Read more

Answer:Unknown malware/virus won't let any anti-virus/windows defender/malware removal progran to complete scans

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

23 more replies
Relevance 68.06%

After following the above steps, I still have the problem. What else can I do to get rid of the Yahoo search malware?
 

Answer:search redirects to us.yhs4.search.yahoo.com even after running malware removal

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

9 more replies
Relevance 67.24%

I have run the malware removal intructions and when through each programs as they did remove some of the malware and virus. The issue that I am having is that when I open the computer under seperate user and try to run the malware removal programs via internet or through USB drive, I keep seeing a window which pops up asking me which program I want to use to open the program. I have run the computer under the adminstrator and do not seem to have problems running the

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log



View attachment hijackthis.log

malware removal steps and have attached the reports from the intructions.

Even when I try to open add or remove programs under control panel- I get the following message: "C\windoesn\system32\rundll32.exe- application not found. I am thinking that It is something to do with AVG and have removed the program with the step.

Please help....

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log
 

Answer:Help with malware removal- have run malware removal instructions

ssmehta007 said:



....try to run the malware removal programs via internet or through USB driveClick to expand...

Specific download and installation instructions are in our R&R ME FIRST guide :
ComboFix
Running from: l:\combifix\ComboFix.exe <--- belongs on your desktop

RootRepeal
Save it to your Desktop

SAS & MBAM
Installed to the Default Location - "C:/Program Files", as we suggest that you keep them after malware removal.

MGTools.zip
Download this file to the root folder of the drive where you have installed Windows (Typically this would be C:\ and thus you would have a C:\MGtools.exe file after downloading). ​
Please make those corrections and attach the missing RRlog.txt (from RootRepeal) and MGlogs.zip - normally it is C:\MGlogs.zip . Please tell me any problems you still have.
 

18 more replies
Relevance 67.24%

Hi,

I have a dell xps 8300. It started acting up about 1 week ago (freezing while working online, freezing while trying to boot). Today i got the Blue screen asking me to restart if this was the first time I had received a blue screen.
I restarted it was fine for 30 minutes and everything froze.
I restarted it and I received error beeps ( 4 beeps)
I looked that up on dell support and they said it was RAM problems.
I opened up the computer vacuumed a bit, took out ram cards and reinstalled them.
It had been working o.k.for about 1 hour and only froze once more.
I decided to try the malware removal guide and here are the logs
Malware bytes did not find anything
TDSSKiller did not find anything
MGtools ran but as soon as it was done the window closed. i don't know how to find the log
Your help will be greatly appreciated
 

Answer:malware removal - have followed malware removal guide

I still want to see the log from Malware Bytes please.





MGtools ran but as soon as it was done the window closed. i don't know how to find the logClick to expand...

Should be directly on C:\ if that's where you boot Windows from. If you really cannot find the log, you'll have to run MGTools.exe again in order to produce a MGlogs.zip. Thanks.
 

20 more replies
Relevance 66.83%

This is my first post ever, so I am new to this. I will make this as plain as I know how.

My pc obviously took on a virus. All desktop icons disappeared, wallpaper gone, lots of popups, and when you search for something on the net, it sends you to nothing but virus removal pages wanting you to buy it, etc etc etc.

Here's what I have done so far:

I removed the hard drive, took it to another PC, and loaded as a secondary drive. I ran a McAfee virus scan, superantispyware scan, and spybot scan to try to weaken it.

I put the hard drive back in the original PC and now I have icons back, wallpaper, and things run somewhat smooth. However, it will NOT allow me to run my Microsoft essentials virus scan, superantispyware, or even combofix. It starts running, then disappears off the screen like it never existed. Wont even let me update my virus protection. It updates for a long way, then freezes, and have to restart.

I installed Hijackthis and Malwarebytes. They begin to run then they disappear too. Lots of times, but not every time I try to run one of these, I get the blue screen of death. The technical information it gives me on that screen is:
STOP: 0x000000D1 (0xF7AF7000, 0x00000002, 0x00000000, 0xab0dc747)
ldqgakb.sys - address AB0DC747 base at AB0D8000, datestamp 4cf44c8f

I have also typed MSCONFIG in my run command, went to startup, and didnt find anything suspicious. I did disable anything I know I did not need.

Something is running somewhere that... Read more

Answer:Virus blocking me from running any virus or malware removal EXE

Oh, and also, I will say, I did see signs of "antivirus 2010". I removed in in add/remove programs, not knowing that's apparently a virus. I know that its not really removed, so could this be my issue?

26 more replies
Relevance 66.83%

I have followed recommended protocols to suceessfully remove the "Trovi" malware from my computer.
But have one minor problem.
The virus removal programs successfully removed the malware programs, as the program no longer runs on my computer.
But the malware appears to have left code in the windows startup directing the computer to run files which are now no longer present on my computer.
Problem is that this causes the following Windows Popup box "Run DLL" to come up , before any other windows startup programs run.

The Pop up box contains the following wording"

" There was a problem starting
C:\Users\LESTER\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
The specified module could not be found."

Does anyone have any suggestions on how to get rid of the code lines in start up that lead to the popup box, so that it will no longer occur at computer start up.

Thanks.
Lester
 

Answer:Trovi Malware - "Run DLL" pop up box remains on windows startup after malware removal

Follow this thread and attach requested reports

http://malwaretips.com/threads/malware-removal-assistance-how-to-get-help.20334/
 

1 more replies
Relevance 66.83%

My computer recently became infected. At first, my taskmanager and regedit were locked. Next, my desktop background was locked. I fixed these problems, but continue to be bombarded with malware in my running processes which regenerate upon rebooting. Eventually, I could not startup Windows. Once the Windows loading page was finished, my computer would restart. I upgraded to XP Pro, can now log on, but still have malware. Please help! Thanks for your time!
 

Answer:completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have malware

Re: completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have mal

Here is my MGTools.zip log. Thanks in advance for your help. Any addition info needed please let me know. Take care.
 

4 more replies
Relevance 65.6%

I ran the steps in the Malware removal guide, i haven't seen any new pop-ups, but i noticed that there were a few problems that bitdefender could not fix, and my laptop is still running slow.

I am running windows XP, and will attach all logs.

Thank you in advance for all you assistance.
 

Answer:ran all the steps in "Read & Run Me First malware removal guide," still have malware

Re: ran all the steps in "Read & Run Me First malware removal guide," still have malw

Here are the last three logs.
 

10 more replies
Relevance 63.55%

Staff Advisory: This post needs to remain here until one of the malware team advise that it can be moved. This member cannot access our malware forums due to their infection. ~ Animal----------------------------------------------------------------------------------------------------------------------Hello, I got some help from some nice people in the live chat. I have made a log with your hijackprogram and am posting it at the bottom. It created two .txt files so there are two reports. I am unable to open ANY link that has the words anti-spyware anywhere on the page or in the address bar so unfortunately I cannot post this in the malware removal forum because the internet window closes every time. I am in dire need of some help! I have a subscription to spy sweeper and it is keeping things out but I was infected with Antivirus xp 2008 and possibly some viruses because the computer was un-protected for about a month while I was in the hospital..I run with Windows XP and a wireless connection. If someone could take the time to look at this for me I would be so incredibly thankful! I offer my services as a photographer/graphic artist/professional gift shopper/myspace designer/beginner web designer. You can see what I do at www.perfectionpictures.com and contact me if you need anything at all!Current Symptoms (in the order of appearance)Random Total system crash then restart then blue screen then back to windows. msvcp71.exe is missing so a program is being prevented ... Read more

Answer:Antivirus Xp 2008 Removal Help/am I Infected? Can't Open Malware Removal Forum

Hi & welcome,I would like to try a couple things before we go much further so I have a bit better picture of what is happening and can take the needed cautions.1.) click start> run> type msconfig and hit enter.click "boot.ini" tabCheckmark /bootlogClick "apply" and "close"Reboot when askedLocate and delete this file:C:\windows\ntbtlog.txt (in case your extensions don't show it looks like a notepad)RebootLocate & post:C:\windows\ntbtlog.txt2.) Click start> run> type: cmd.exe and hit enter.type the following commands exactly as you see em & hit enter after each one:cd c:\windows\system32dir userinit.exeNote the file size please & report that back to me. Leave cmd open a sec.Back at the cmd window...Type:cd dllcachedir userinit.exedir spoolsv.exeNote file sizes & report that back to me.Type exit in the CMD window & hit enter. (this closes it)3.) Can you see also if you can get this program installed please:http://download.bleepingcomputer.com/hijac.../HJTInstall.exeSave file> run it> follow prompts to install excepting defaults.Allow it to "launch" hijackthis.Click the "Do a System Scan and Save a Log File" optionSave the log file and then it should open with NotepadGo to Edit, Select All and then Edit, Paste to paste the contents of the log hereLet me know if you had any problems with the above please.I advise keeping the system offline as much as possib... Read more

3 more replies
Relevance 63.55%

Apologies, but i'm a bit of a novice. my computer did a scan when i started it and came up with some trojans. when i tried to delete them, a malware removal programme tried to install itself so i closed the download dialog box. unfortunately, i cannot remember the name of the software that was trying to install itself. please would you review my log below and help me clean my computer?

many thanks
---------------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by 0 at 19:57:35.67 on 02/01/2010
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.3000.1826 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows&... Read more

Answer:attempted removal of trojans try to install "malware removal software

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 63.14%

I try to run Housecall 6.5 & Kacpersky scans and my computer is slowed to a crawl about 5 seconds after the scan starts. I have downloaded Threatfire and scanned my computer, and downloaded Malwarebytes - Anti-Malware and scanned, the problem is not fixed. I have a svc.host in my Task-Manager that is alway using between 2 & 5% of my CPU, but in reallity seems to be freezing my computer.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:27:55 PM, on 2/8/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\svchost.exeD:\Programme\HijackThis.exeK:\Programs\Safari\Safari.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://at7.hpwis.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://at7.hpwis.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = ... Read more

Answer:Internet hijacked when running spyware/malware removal programs, internet also hijacked intermittently when CPU not in use

Hello texasrocker,Can you run in Normal Mode at all? If so, please post further HijackThis logs made in Normal Mode. HijackThis can't see everything when run in Safe Mode.Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blankR3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: (no name) - {072CA835-0624-47B2-83D6-A7A5CD5C22DA} - (no file)O2 - BHO: (no name) - {353B8BD5-5CF2-4036-83AF-48F67CBE369C} - (no file)O2 - BHO: (no name) - {3AB032E2-DD70-4071-91E2-303A1798B817} - (no file)O2 - BHO: (no name) - {4c4c1a5a-e630-47af-b1c4-186a9586d1c3} - (no file)O2 - BHO: (no name) - {5B1CB136-01BF-4EDC-99AB-0F10A8AC847C} - (no file)O2 - BHO: (no name) - {6A1DDB8F-98EB-464D-BA0B-BA9584A1DF28} - (no file)O2 - BHO: (no name) - {9C35323A-05D9-42BF-8BE4-6DDB4AAE02B2} - C:\WINDOWS\system32\mlJdDVOf.dll (file missing)O2 - BHO: (no name) - {C31DEA2A-708E-40D8-8F59-9996C03D8CFB} - (no file)O2 - BHO: (no name) - {D181EE8E-AF1F-4237-AFDC-BA1092CB449D} - (no file)O2 - BHO: (no name) - {DF1BF564-5FB0-4B60-A3BA-493F1D0D5EA7} - (no file)O2 - BHO: (no name) - {DFE33175-4231-4E50-8595-945F248E5142} - C:\Dokumente und Einstellungen\Craig Milam\Lokale Einstellungen\Temporary Internet Files\Content.IE5&... Read more

4 more replies
Relevance 62.73%

Hi,I have tried many ways to get rid of some Malware that has only recently infected my PV. I hope someone can help me as this is my work PC and I need to plug back into my office network in a few days, but think this would be a bad idea at the moment.The problem first showed itself by insisting I had many viruses etc, and I should install Internet Security 2010. I have installed Malware Bytes removal tool, and installed as instructed. It found the above, said it was removed, but still it appears to exist, although the name of the infection has changed a few times, and is currently redirecting my brower to a similar page to the above malware. A popup now shows that I should install Cyber Security to remove the infections. This is obviously another malicious antivirus/malware program.I have McAfee Enterprise installed (which I can't seem to disable)I have also run SuperAntiSpywarePlus, which did the trick removing a similar problem about a year ago on a different PC. However, although this program also finds problems, and supposedly removes t5hem, the problem is still there.Please help. I have shown Hijackthis log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:58:42 PM, on 29/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\... Read more

Answer:Cyber Security removal; Malware removal not working

Hi,I have tried everything I know of to remove this pesky piece of malware. It seems to keep changing names, starting out as Internet Security 2010, and redirecting me on a google search to a webpage trying to convince I was riddled with viruii and malware, and then trying to sell me thier software, which is really just a scam. I ended up here after a few days of tearing my hair out, almost beaten. I went through the tutorials, but unfortunately that was before I fired off a post in desperation. Please delete my previous post, as I have now followed the suggested path, and run the utilities to help diagnose my problems. The resulting files are attached.Please help. I hope the files uploaded can provide an insight into whats happening.Apologies for jumping right in and posting a Hijackthis log before I had read the tutorials.ntents belowDDS.txt contents pasted belowDDS (Ver_09-12-01.01) - NTFSx86 Run by Greg.Middleton at 15:30:23.26 on Tue 29/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.3063.2330 [GMT 9.5:30]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\windows\Syst... Read more

3 more replies
Relevance 61.5%

Since the ComboFix will not run on Vista or Windows 7 64-bit, I have to look for new malware/virus removal apps... It was good while it lasted. So what tools do people use for Vista these days when the computer says: "WARNING! YOURS COMPUTER IS AN INFECTED BY HARMFUL VIRUS!!!!"

Answer:64-Bit Virus Removal & Malware Removal Tools?

64-bit Anti-Virus:List of 64-bit Anti-Virus For VistaAnti-virus protection in 64-bit environmentsFree Anti-virus:avast! Free Antivirus Avira AntiVir Personal - Free AntivirusAVG Anti-Virus Free Edition 8.5Microsoft Security EssentialsPanda Cloud AntivirusKingsoft Free Antivirus (Cloud Scan)Paid for Anti-virus:NOD32 Anti-Virus PersonalMcAfee AntiVirus PlusTrend Micro AntiVirus plus AntiSpywareNorman Antivirus & AntispywareCA Anti-Virus Plus Anti-Spyware64-bit Anti-Malware tools:Malwarebytes Anti-MalwareSUPERAntiSpywareKaspersky Virus Removal Tool - How to install and use documentationSpyware TerminatorWindows Defender (64-bit)PrevxSpybot S&DAd-AwareNorman Malware CleanerSunbelt Counterspy (free Trial)Comodo BOClean Anti-MalwareSophos Anti-rootkitSanityCheck Advanced Rootkit and Malware DetectorESET Online Antiivirus ScannerESET SysInspectorAnVir Task Manager FreeWinPatrolStart with these:How to use Malwarebytes' Anti-Malware to scan and remove malware from your computerHow to use SUPERAntiSpyware to scan and remove malware from your computer

3 more replies
Relevance 61.5%

I read and followed precisely "Vista and Win 7 Malware Removal/Cleaning Procedure"

My issue: I was informed my my isp the following: "Mail Log Parsed from Feb 15, 2013 19:47:04 to Feb 16, 2013 19:47:04 User sent approximately 141,801 messages to 136,591 unique recipients. There were 2598 bounces received in this period, 1 percent of the emails sent. "

I have AVG, running constantly. ISP changed my password to stop the mail. I ran AVG in safe mode. Still not sure trojan erradicated. ISP referred me to your site.

I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.

Please advise if you believe my system is clean, or what further I should do. Since I haven't seemed to find anything, it's hard for me to be comfortable that it's clean.

Thank you emmensely!!

Mike Sieber
 

Answer:Help with malware removal--have performed removal instructions

Welcome to Major Geeks!




mike sieber said:





I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.Click to expand...

Not problems. It is just junk from AVG. All of your logs are clean. Many times when something like this happens, it is not an infection. It is due to a spammer/spammers getting your email login and password and they use it from other PCs to send out their spam. There are cases of infections that can cause spamming ( like some master boot record or partition infections ) but you show no signs of these.


If you are not having any other malware problems, it is time to do our final steps:
We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to ... Read more

3 more replies
Relevance 61.5%

Hello!
In reading more of these threads I can see Im not the only one with the iexplore issue.
Glad to know it can be corrected!!!!

I have multiple pop-ups and my computer is as slow as dirt.
When I get home at 3:30 Calif time I will do the HJTInstall.exe thing and post the results.
Would the results of one that was done two days ago help? Yes I was having the issue then and another company did one and told me to email it to someone, which I did but I havent heard anything back and my computer is close to useless at this point.
Can MFDnNC or anyone else help?
Thanks!!!!
Ginny
 

Answer:malware removal/popup/iexplore removal

16 more replies
Relevance 61.5%

I posted the software forum yesterday and was instructed to complete the malware removal steps and repost here. I have a new computer running Windows 8.1. When I say new, I mean I started having problems within a couple of hours after turning it on!

I have McAfee antivirus protection and downloaded and installed my MSOffice 2013 Home and Student. All seemed to be fine. The MSOffice was up and running and McAfee said I was protected. Suddenly and I don't remember what I was doing...it said Microsoft something (sounded like an antivirus or firewall something) had detected several problems and I needed to "clean my computer". Oh so ignorant of all that was going on with learning Windows 8.1 after using XP for years I told it to clean. Somewhere in there it suggested I do a system restore. All seemed OK until I realized MSOffice was no longer there. I tried to download it again and reload, but with no luck. It occurred to me it had something to do with the system restore so I tried to undo the restore. That of course didn't help. I'm also now getting messages from McAfee that I am covered and safe but that my firewall is turned off and needs to be turned on. However I can get McAfee to do nothing. I can open a screen, but nothing I do makes it do anything. I tried downloading their "Virtual Technician" before I started the process you recommended and it acted like it was downloading, but 20 minutes later it was still "spin... Read more

Answer:malware removal help - removal instructions attempted

Can you try running the tools that were not working before including Hitman, in safe mode please. Let me know how you get on.
 

16 more replies
Relevance 61.09%

Hi, and thanks in advance for helping. It really is a great service of you guys.Anyway, I do my best to keep my computer very clean. But low and behold, random websites open every few minutes, I'll turn on the computer and hear ads for condoms, etc., without seeing any browser open (the firefox process will be running though), and I keep getting error messages telling me firefox or I.E. or some other program has to quit. In fact, I just received one saying that the media center store has stopped working:Problem signature: Problem Event Name: APPCRASH Application Name: mcupdate.EXE Application Version: 6.0.6002.18005 Application Timestamp: 49e02324 Fault Module Name: StackHash_27f2 Fault Module Version: 0.0.0.0 Fault Module Timestamp: 00000000 Exception Code: c0000005 Exception Offset: 0001197d OS Version: 6.0.6002.2.2.0.768.3 Locale ID: 1033 Additional Information 1: 27f2All other information, including root repeal, is below or attached. I am just exhausted and it's taking forever to complete). I have run a norton scan, a bit Defender scan, a windows live scan (that seemed to fail at the last step), a Malwarebytes scan, an ad-aware scan, and a spybot scan. Nothing has helped except that the bit defender scan pointed out a possibly infected file labeled 86.tmp and mentioned Trojan.TDss. However, I followed all directions and the problem remains, though the file is gone as bit defender deleted it. Thanks much for helping me. I really do appreciate it.DDS (Ve... Read more

Answer:Malware -- Site Redirects/Random Ads invisibly running/Firefox stops running (I.E. Too)

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may ta... Read more

31 more replies
Relevance 59.45%

HEY GEEKS NEED A LITTLE HELP. I HAVE A WINANTIVIRUS POP U THAT COMES UP EVERYTIME I AM ON THE NET, AFTER U X IT OUT 5 TO 6 OTHER POP-UP COME UP ABOUT A VIRUS. I AM RUNNING AVG EVERY MORNING, SYBOT SEARCH AND DESTROY, AD-WARE 6.0. HERE IS A HIJACK THIS LOG FILE TELL ME WHAT TO GET RID OF PLZ.

EDIT: Removed inline HJT log


THANKS

DOOKIE
 

Answer:winantivirus removal, malware removal

Hi and Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.


Run this first

Virtumonde aka Trojan Vundo Removal - some people also refer to this as WinFixer

Then run the below and atach the requested logs for the malware experts to look over.


Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.



When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

[*]runkeys.txt - the log from GetRunKey.bat
[*]newfiles.txt - the log from ShowNew.bat
CounterSpy - ONLY IF you were not a... Read more

1 more replies
Relevance 59.04%

I was able to rename mbam.exe and remove infections for a second time. I also deleted the folder listed in gmer log. Maybe that is how it returned.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-19 20:20:17
Windows 6.1.7600
Running: gmer.exe
---- Files - GMER 1.0.15 ----

File C:\Users\brittainps\Downloads\The Little Rascals (Our Gang) - 4 Pack Collectors Series DVD - In Black & White\TLR4 1-Hook & Ladder 2-Call to Action 3-Hi Neighbor 4-Engine Trouble 5-Sundown Ltd 6-The 8th Wonder of the World\HOOK_NEIGHBOR_SUNDOWN_81099\VIDEO_TS\VTS_01_1.VOB 1073709056 bytes
File C:\Users\brittainps\Downloads\The Little Rascals (Our Gang) - 4 Pack Collectors Series DVD - In Black & White\TLR4 1-Hook & Ladder 2-Call to Action 3-Hi Neighbor 4-Engine Trouble 5-Sundown Ltd 6-The 8th Wonder of the World\HOOK_NEIGHBOR_SUNDOWN_81099\VIDEO_TS\VTS_01_3.VOB 1073709056 bytes
File C:\Users\brittainps\Downloads\The Little Rascals (Our Gang) - 4 Pack Collectors Series DVD - In Black & White\TLR4 1-Hook & Ladder 2-Call to Action 3-Hi Neighbor 4-Engine Trouble 5-Sundown Ltd 6-The 8th Wonder of the World\HOOK_NEIGHBOR_SUNDOWN_81099\VIDEO_TS\VTS_01_4.VOB 1029593088 bytes

---- EOF - GMER 1.0.15 ----
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by brittainps at 19:21:53 on 2012-02-... Read more

Answer:malware removal log

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

3 more replies
Relevance 59.04%
Question: malware removal

While checking msg on facebood and had several pop up that my computer had been infected with an virus. i ran the scan u recommended and copied it as reads below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:17:23 PM, on 8/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Documents and Settings\All Users\Application Data\ZwangiSearch\zwangi121.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ZwangiSearch\zwangi.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Progr... Read more

More replies
Relevance 59.04%

Computer Background:
I work at a small business and my boss purchased a new computer about 8 months ago. This is the only computer in the building and myself and my boss are the only two people who use it.

The only anti-virus program I have installed is AVG Free and there are no problems according to it. However, I did download AVG PC Tuneup 2011 and did the free one time analysis and tune up. This program was not able to solve all of the issues it found.

Malware hypothesis:
A co-worker, who is no longer working here, downloaded Daemon Lite and Bit Torrent to download a copy of Photoshop CS 5. I use Photoshop on a fairly regular basis and whenever I open the program Firefox (the default browser) starts up immediately with an ad in the browser.

Symptoms:
The browser has always started up with Photoshop and I didn't think much of it since my co-worker seemed fine with it. Over the last month, I've noticed that the computer's performance has been increasingly slow. I usually use Google Chrome and open tabs liberally. I assumed that was the reason for the AVG pop up notifications I received once a day or so telling me that performance might be slow due to too much going on (I can't remember the technical terms).

About 3 weeks ago Pandora started skipping and sometimes would cease to work at all. Gmail opens up after an exceedingly long time and then it may not fully function. Sometimes a notification pops up stating that due to a connectivity issue some Gmail fu... Read more

Answer:I need help with malware removal

BUMP, please!

1 more replies
Relevance 59.04%

I have scanned my computer with Norton Anti-virus and Ad-aware 2008. I found some infections and thought I removed them all but I'm still having problems. The Norton Anti-virus icon that shows in the taskbar on the bottom right hand side of my computer is gone so I'm not sure if that has been working correctly. When I first start windows it's very slow. I also had some problems with some websites saying the page cannot be displayed but I still had internet access. When I open up the windows security center the page isn't displayed correctly and says this "The Securty Center is currently unavailable because the "Security Center" service has not started or was stopped. Please close this window, restart your computer (or start the "Security Center" service), and then open the Security Center again. "I couldn't get my computer to scan using Kaspersky but I do have the logs for both DSS and HijackthisThanks for the help!Deckard's System Scanner v20071014.68Run by Compaq_Owner on 2008-08-04 19:16:09Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --53: 2008-08-05 02:16:15 UTC - RP490 - Deckard's System Scanner Restore Point52: 2008-08-04 19:23:07 UTC - RP489 - System Checkpoint51: 2008-08-03 18:55:28 UTC - RP488 - Syst... Read more

Answer:Need Help With Malware Removal

Hello,

I know you all are very busy and I will wait until you guys get time to help me I just had some additional information I forgot to add earlier and I can't seem to find a way to edit my post. The reason I can't get Kaspersky to scan is it said I can't run it with my anti virus and that I would need to disable it. The way I would disable my anti virus would be to turn off the icon on the bottom right hand side of the taskbar but as I mentioned before that has disappeared. I then went online and searched all my processes and turned off any that was associated with my Norton antivirus and it still didn't work. I'm not sure that helps any but I figured it wouldn't hurt Thanks again!

15 more replies
Relevance 59.04%

I have some type of malware that I cannot get rid of. I am using Symantec Endpoint, which finds the problem, reports it, asks for a restart for removal, but cannot remove the threat. I have also used Spybot and Malwarebytes with the same results. All programs tell me they fixed the problem, but they pop back up. The threats are identified as trojan horses.

I downloaded the dds.scr file, but my computer will not run the file. It asks for a program to use to run the file, but I can't run it. I also downloaded Hijackthis, and performed a scan and generated a log file.

Can anyone help me out?

Answer:Malware removal and dds.scr help

Go ahead and post the HJT log in that forum, just tell them about the problem with DDS

2 more replies
Relevance 59.04%
Question: malware removal

I incorrectly put browser hijacker in the subject. I have run malwarebytes and removed 9 trojansbut now I get "can not obtain ip address" if I use a static address I can ping but dns does not work.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 2:20:14 PM, on 6/1/2011Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exeC:\Program Files\Google\Update\GoogleUpdate.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McA... Read more

Answer:malware removal

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

19 more replies
Relevance 59.04%
Question: malware removal

1. my hp pc is 6 months old, and OS is Vista
2. i have an annoying abebot virus notification that keeps popping up telling me it's a security warning and redirects itself to web page of pc-cleaner of some kind.
3. i have updated all programs and i scanned pc with norton & ad-aware , both purchased, in normal AND safe modes; with avg , spyware doctor and spybot - both modes also - and ALL OF THEM tell me full scans were ran and there are no infections
4. stopzilla and other software that only scan for free, show many threats and infections but how many can i keep buying?
6.i cleaned and defrag'ed
5.BOTTOM LINE IS THAT POP-UP's are STILL popping up PLUS now i have other problems:
a. desktop background is all black screen now and will NOT load any vista picture, eventhou it shows picture in control panel browse window
b. ALL windows with pictures in it will NOT display picture UNLESS i go to "view" and then it will show it; initially shows only tags


WHAT ELSE CAN I DO?? please help

Lillian
 

Answer:malware removal

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide
 

1 more replies
Relevance 59.04%

Hi
Iam a Novice User.. Today i was infected by a Malware that gives a pop up"Attention!some dangerous trojan horses detected in your system..Windows Xp files Corrupted" and so on whenever i try to open Windows explorer..If i try to access internet explorer it leads to a id "http://free-viruscan.com/id/4912933/4/1/"Well this is my Hijackthis logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:07:19, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
c:\Progr... Read more

Answer:Malware removal help...

Welcome to TSF.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O2 - BHO: IE ext - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\coni.dll
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\WINDOWS\system32\coni.dll

Download Malwarebytes ' Anti-Malware at http://www.besttechie.net/tools/mbam-setup.exe or http://www.majorgeeks.com/Malwarebyt...are_d5756.html Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open i... Read more

5 more replies
Relevance 59.04%

I noticed a couple of weeks ago that my CA anti-virus had a pop up box that said 3 viruses were detected and removed from my computer. This happened a few more times, but I didn't notice any problems with the computer so I continued on my merry way. Yesterday the computer had slowed noticeably and went to Windows Task Manager and on the CPU Usage svchost.exe SYSTEM was using 50%. There were multiple instances of svchost.exe SYSTEM and svchost.exe NETWORK SERVICE. I don't know if this has anything to do with the problems I'm having, but...
 

Answer:Need Help With Malware Removal

I also attached a Kapersky on-line virus scan.
 

5 more replies
Relevance 59.04%

I have been trying to get rid of malware and viruses on a friend's computer. I already run malwarebytes, superantispyware, and also spybot (I ran them in safe mode). It found a lot of trojans and other malware. Now when I run them again they said that the computer is clear from malware but I still have several troubles:Cannot setup automatic updates and can't connect to windows update, I always see this message when trying to connect to windows update using the control panel: Windows cannot find '(null)'.Make sure you typed the name correctly.... Internet explorer 7 keeps redirecting me to other pages and also happens when using safari(5.0.4)too. Sometimes Internet explorer just crash.The computer is using Windows XP professional. I downloaded the software in the preparation guide and I'm posting the ddl, gmer and also hijackthis logs. I really need a hand here. Thanks in advance.DDS (Ver_11-03-05.01) - NTFSx86 Run by Edgar at 11:47:33.32 on Wed 03/23/2011Internet Explorer: 6.0.2900.5512Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.585 [GMT -5:00].AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}.============== Running Processes ===============.C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exec:\Program Files\Microsoft Security Clie... Read more

Answer:Help with malware removal

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not d... Read more

22 more replies
Relevance 59.04%
Question: Malware Removal

Hi I am having trouble with Malware, I have Avast for my protection. My computer seems to function fine but after every boot up and about once per hour it senses Malware. I have done the "read and run me first and attached my reports below. The one report was too big to attach so I made 2 files.

The window that pops up in My Avast says: C:\programdata\......optimizerpro.exe
object:C:\users\DAD\Appdata\...TSCAXj.tmp
Infection:win32:malware-gen
Action: moved to chest
 

Answer:Malware Removal

One more file
 

6 more replies
Relevance 59.04%

Need help! Both IE and Chrome are being redirected. Both DDS and Attach files are attached to this post.

Answer:Help with Malware Removal

DDS File Output...
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Michong at 12:41:56 on 2013-05-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4093.1747 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\Ap... Read more

12 more replies
Relevance 59.04%
Question: Malware Removal

I did the scan to create the dds.txt and attach.txt files but they do not show up on my desktop. All of sudden I got Norton security on my pc. What's up?

BC

Where do I post them?

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Brent at 4:42:34 on 2012-06-10
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.2.1033.18.2038.561 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe ... Read more

Answer:Malware Removal

Quote:




I did the scan to create the dds.txt and attach.txt files but they do not show up on my desktop.




These log files are temporary. Unless you specifically save them as layed out in our pre-posting instructions, they will be gone as soon as you close the logs.

We need to see the Attach.txt. Run dds.scr again, and as explained in our pre-posting topic...


Quote:




Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs DDS.txt
Attach.txt

Save both reports to your desktop.





Kindly post the contents of the Attach.txt in your next reply. One of our Analysts will review your logs as soon as possible.

16 more replies
Relevance 59.04%

I had a serious infestation of trojans, adware, and other issues after downloading a file from a trusted website in which I have been a member of for several years. I am running Vista 32-bit and I followed everything on the "Read and Run First" sticky post for my OS.

I am now down to a message when Windows starts up that says something like "Error loading d3dpwi.dll. Module could not be found." I don't recognize this driver and I'm assuming that there is still something dirty in the registry that is trying to call on this driver.

The only other thing is the mysterious appearance of 2 "desktop.ini" files, in hidden mode, that are now on my desktop. They showed up after I ran the malware programs listed on this site.

Also, I couldn't get RootRepeal or ComboFix to work. RootRepeal would crash after a while and ComboFix caused my computer to crash with the blue screen of death, twice. To be honest though, I made the assumption that all was right with msconfig. Then, out of curiosity, I checked it and found that the Startup Selection was set to "Selective Startup" with all options checked.

So, what do you think? How do I get rid of that message at startup? Do you still want to see the files, or should I start the process over?
 

Answer:Almost There: Malware Removal

Please attach the logs you have.
 

3 more replies
Relevance 59.04%
Question: Malware Removal?

Hello there,

In the past week or two my computer has been getting slower and slower and slower. I have noticed a process named "ctalogd.exe", within the task manager window, googled it and found it to be some sort of malware. I noticed that HiJackThis is a common tool used for you to help us, so I have downloaded it and will be patiently waiting for instruction.

I have avg and counterspy but this process is left undetected. Help would be much appreciated with this removal process. Please advise. Thanks!

Answer:Malware Removal?

Are you using Cisco Systems? ctalogd.exe is related to the Cisco certification agency agreements service process and installed in this path:C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exeAnytime you come across a suspicious file, search the name using Google or the following links:BC's File DatabaseBC's Startup Programs DatabaseFile Research CenterThreatExpert Malware SearchIf no search results are found, you are given the option to "Submit a New Sample".Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location on your computer. A file's properties may give a clue to identifying it. Right-click on the file, Properties and examine the General and Version tabs.If you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.Post back with the results of the file analysis.

5 more replies
Relevance 59.04%

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on http://www.bleepingcomputer.com/logreply/412392 and follow the instructions there. If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following inf... Read more

Answer:need help with malware removal

Hello again!I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.Thank you for using Bleeping Computer, and have a great day!

2 more replies
Relevance 59.04%

I am currently running windows XP. It seems I have a program that is changing my home page and doing a virus/security check as well. Any help removing this problem would be greatly appreciated.
Below is a copy of my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 11:32:19 AM, on 8/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ron\Desktop\Programs\HijackThis.exe

O2 - BHO: (no name) - {34E6F97C-34E0-4CE5-B92B-F83634BEDC01} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing... Read more

Answer:Malware removal help

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning pr... Read more

3 more replies
Relevance 59.04%

Attached find my logs. TDS did not find any threats, there was no log. HitmanPro log was too big, I zipped it.

I also seem to be missing the "new folder" option when right clicking on desktop. Don't know if this is the result of malware.

Thanks for your help.

Jeff R
 

Answer:Malware removal help

Fixed the new folder issue. Found a registry fix
 

14 more replies
Relevance 59.04%

When clicking on results from a google search I get redirected to a different page. Here is my log, I hope someone can help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:11:52 AM, on 3/23/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program File... Read more

Answer:malware removal lod

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. Please take note: If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic and do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the '... Read more

3 more replies
Relevance 59.04%
Question: Malware removal

The computer has been infected with a fake antivirus and I cannot even backup my files or open any programs,I am using a different computer for this posting. I am running windows XP home, My anti virus is AVAST and I ran a boot scan and found several infections and deleted them but the fake antivirus is still holding me hostage, I tried to use Malware Bites from a flash drive but the infection will not allow me to start it. What can I do??

Answer:Malware removal

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

3 more replies
Relevance 59.04%
Question: malware removal

I am following the malware read me run me first and I am at step 2 for Windows XP removal/cleaning. Ive attached RKreport1

thank you for volunteering.
 

Answer:malware removal

You still need to attach the other requested logs.
 

5 more replies
Relevance 59.04%
Question: Malware Removal

Hello,

My brother's computer has been running really slow and unresponsive. He told me that Internet Explorer keeps crashing. I ran all the steps in the removal guide and attached the logs. Any help is appreciated.
 

Answer:Malware Removal

Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:


[RUN][SUSP PATH] HKCU\[...]\Run : Megakey (C:\Users\Sopunna\AppData\Local\Megamedia\Megakey\Megakey.exe /Tray [x]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : MegakeyUpdater (C:\Users\Sopunna\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe [x]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : SearchProtect (C:\Users\Sopunna\AppData\Roaming\SearchProtect\bin\cltmng.exe [7]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : WebCake Desktop (C:\Users\Sopunna\AppData\Roaming\Betcat\WebCakeDesktop.exe [x]) -> FOUND
[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\Sopunna\AppData\Local\Google\Desktop\Install\{8ea7a818-f9a4-ae97-8561-83e94b725465}\?????????\?????????\?????\{8ea7a818-f9a4-ae97-8561-83e94b725465}\GoogleUpdate.exe" >) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3097140266-1746637597-458111823-1001\[...]\Run : Megakey (C:\Users\Sopunna\AppData\Local\Megamedia\Megakey\Megakey.exe /Tray [x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3097140266-1746637597-458111823-1001\[...]\Run : MegakeyUpdater (C:\Users\Sopunna\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe [x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3097140266-1746637597-458111823-1001\[...]\Run : SearchProtect (C:\Users\Sopunna\AppData\Roam... Read more

15 more replies
Relevance 59.04%
Question: Malware Removal

Hi, a computer tech at my school used hijackthis on my computer and had the data analyzed, and soon after my computer starting working a lot faster. Now, I have problems with internet and my computer just seems to be running very slow. Could someone analyze this reports for me? Thank you so much!!!Julia Chasler Deckard's System Scanner v20071014.68Run by User on 2008-08-08 00:32:05Computer is in Normal Mode.---------------------------------------------------------------------------------- HijackThis (run as User.exe) ------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:35:09 AM, on 8/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Cisco Systems\Cisco Secure Services Client\ConnectionClient.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program... Read more

Answer:Malware Removal

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please see here for instructionshow to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please.NextPlease do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so b... Read more

2 more replies
Relevance 59.04%

My problem is my start bar keeps disappearing upon start up. So please take a look at my highjackthis log and help me resolve this problem.Thx for any help that is given.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:36:03 PM, on 23/09/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.17184)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Windows Live\Messenger\MsnMsgr.ExeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\PnkBstrA.exeC:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exeC:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Maxthon2\Maxthon.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.live.com/R1 - HKLM\Software\Microsoft�... Read more

Answer:Need Help With Some Malware Removal

Hello Renaissance,My name is Mas_pogi(mark,mp) and I will be helping you with your Malware problem.As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts.Thanks for your patient and we'll get back to you Please do not run any other tool untill instructed to do so!Please reply to this thread, do not start another!Please tell me about any problems that have occurred during the fix.Please tell me of any other symptoms you may be having as these can help also.Please try as much as possible not to run anything while executing a fix.With Regards,mas_pogi

4 more replies
Relevance 59.04%

hey i am having a problem with a error that pops up every time i open a program.i think its malware but im not shure."The application or DLL c:\progra~1\wi9130~1\datamngr\datamngr.dll is not a valid windows image.please check this against your installation disk." please help me i am useing a valid windows copy but i do not have the disk ?? ran DDS wil post DDS.txt along with other instructions from referral (gmer etc) thanks.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Owner at 20:31:46 on 2012-01-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1031 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToo... Read more

Answer:Help with Malware Removal

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed. Note that if you do not respond within 5 days I shall no longer check this thread for replies.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
IMPORTANT - for Windows Vista and Windows 7 start all tools by using right click > Run as Administrator.


Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

A guide and tutorial on using ComboFix

Please read all the informatio... Read more

1 more replies
Relevance 59.04%
Question: Malware removal

Hello,

My son picked up a malware from Windows Messenger.
I downloaded Spybot S&D and Malwarebytes to try to get rid of it, but the malware trace continue to come up when running the programs.
As it is still there got the HijackThis, as I understand my son has no CD/DVD emulation programs, however I have not been able to download the DSS program. I tried also with another computer, it appears the link is not working.
I enclose the GMER and Hijackthis log.

Kind regards
Ulf

Answer:Malware removal

Hi again,

Managed to get the DDS file too through another browser.

Ulf

15 more replies
Relevance 59.04%
Question: Malware Removal

Hello, my computer is running improperly and it seems to be seriously infected. Please help :cry


Thank You, Eric
 

Answer:Malware Removal

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions.
**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using a differe... Read more

1 more replies
Relevance 59.04%
Question: Malware removal

Have inadvertently installed malware "registry optimiser" and google chrome loads up as - "http://www1.delta-search.com/...". Please note, I have attached the ark.txt file as I was exceeding the word limit by copying and pasting.
I use Avast anti-virus and Malwarebytes - are there better (free) options in terms of protection? Admittedly I use bit torrent but think I may uninstall as I know this is at the root of a lot of the problems. Thanks in advance for your help.

Here are the logs you require:

HIJACK THIS LOG:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:19:23, on 15/04/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal

Running processes:
C:\Users\richard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Users\richard\AppData\Roaming\Spotify\spotify.exe
C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\richard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\richard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\richard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\richard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\richard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\T... Read more

Answer:Malware removal

Bump
 

3 more replies
Relevance 59.04%

Ok, everytime I run spyboy search and destroy, it always finds programs on my pc, such as fast click, advertising ave a, etc. I was told these are malware. how can I get rid of these?
 

Answer:Help with malware removal, plz help

In the scan area, right click and select "Save Results", attach this to your next post using the Manage Attachments feature.
 

1 more replies
Relevance 59.04%

I wrote yesterday but did not provide all of the necessary information. I had a problem several weeks ago with 2010 Internet Security pop-ups. Got them removed using numerous anti-spyware software, but now when I turn on computer I get a pop-up saying that Windows is closing the following program, "Generic Host Process for Win32 Services". I mininize and go on. Then a pop-up says that NT Authority/System is shutting down the computer in 60 seconds because DCOM Server Process Services has failed. I stop this by going to run and typing in shutdown -a. The computer then works but slowly and when using search engines are re-directed to random sites. I have run numerous anti-spyware programs but nothing seems to work. Let me know if there is additional information you need to help me.DDS (Ver_09-12-01.01) - NTFSx86 Run by Scott at 9:43:50.40 on Sat 01/30/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.61 [GMT -5:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exesvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support... Read more

Answer:Malware Removal etc

Hello,My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Please download GMER from one of the following locations, and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zip MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs, as this process may crash your computer.Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.Double click on Gmer to run it.Allow the gmer.sys driver to load if asked.You may see a rootkit warning window, If you do, click No.Untick the following boxes on the right side of the Gmer sc... Read more

4 more replies
Relevance 59.04%

First noticed problem on 4-4-2008 while surfing with Firesfox, I received fake Microsoft security popup. Spybot shows the following but will not remove. 123Mania, 180Solutions,2020Search,Second Thought,Zango. I have run the run and read me first procedures. Note, combofix will not run, I just get a box pop up for about a second then nothing. I have attached logs as required.
 

Answer:Help with malware removal

Please re-run MalwareBytes and have it fix everything it finds.....then run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from MalwareBytes.
 

3 more replies
Relevance 59.04%

Hello everyone,
I recently was infected with the following malware that I cannot seem to remove from my computer. I tried removing it with AVG antivirus and malwarebytes, and some were removed, but some cannot be, and now my computer turns to a blue screen when I try to boot it up (unless in safe mode). The following viruses were detected with AVG antivirus program, and are said to be located in the recycle bin:
 
Trojan horse generic32.cemu
Trojan horse generic29.AJGE
Luhe.sirefef.A
Luhe.sirefef.A
 
Thank you for all of your help!
 

Answer:Please help with malware removal!

Hello chillinatbu! Welcome to BleepingComputer Forums! My name is Georgi and and I will be helping you with your computer problems.Before we begin, please note the following:I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.The logs can take some time to research, so please be patient with me.Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only!Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received. If you can't understand something don't hesitate to ask.Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions. STEP 1 Please download RogueKiller and save to the desktop.Close all windows and browsersRight-click the program and select 'Run as Administrator'Press the scan button.A report opens on the desktop named - RKreport.txt Please post it in your next reply.STEP 2 Please download Junction.zip and save it to your desktop.Unzip it and put junction.exe in the Windows directory (C:\Windows).Press the Windows Logo in the bottom left corner of your screen.In the box, enter notepad and press Enter.Navi... Read more

3 more replies
Relevance 59.04%

Hello,
I was googling for information and found this forum. I visited a friend's website yesterday and immediately my antivirus (Trend-Micron PC-Cillin) detected 4 infected files, and before I could do anything my computer screen went all blue with 'hard run error' message or something like that. I rebooted and got back into Windows. My antivirus quarantined the before-mentioned infected files but couldn't delete one or two of them. I opened Internet Explorer to search for information on how to deal with it and ads would suddenly start popping up. I realized I must have downloaded some kind of spam malware.

I found a post from this forum via goole search that contained some information and so I followed those instructions. It didn't occur to me at the time to ask for advice specific to my problem, thinking the information in that post should be helpful.

Based on the information, I downloaded and scanned my computer with the following tools:
Malware Bytes Anti-Malware (full scan)
SDFix
ATFCleaner
SuperAntiSpyware
and then the MBAM again (quick scan)

There were 333 infected files found and deleted during the first MBAM scan, and 10 infected files after the second. During the SuperAntiSpyware scan, it detected 117 file threats and placed them in quarantine. There was one particular group of files I'm concerned about, the OREANS32 files, including the C:\Windows\System32\Drivers\oreans32.sys, which from what I understand is a legit f... Read more

Answer:Need help with malware removal

I forgot to add that I'm using a Windows XP Professional.

9 more replies