Computer Support Forum

Malware Removal - Help!

Question: Malware Removal - Help!

I have had my computer for four years and never ever had problem - I perform regular maintenance and I am careful when surfing.

However, yesterday I was surfing several sites using tab browsing and I believe it was a guitar tab site that I clicked on by accident that downloaded a virus to my system before I could close it.

Suddenly some sort of rogue program popped up on my screen and began scanning all my files and my system went crazy so I shut it down manually. Next thing I knew I had the blue screen of death on restart.

I rebooted the computer in safe mode and looked around and found at least one system file called "ndisio.exe" that looked to be causing problems.

I performed the "Read & run Me First" malware removal guide and then proceeded to the Windows Cleaning for XP.

I had a few issues with my internet after running SUPERAntispyware but I reset winsock and repeated this after each program and it is fine.

My system seems to be running almost normal but I am concerned that I may have missed something since I am an complete amateur in this area

I am posting the logs from each of the four programs. I hope I did everything right.

Also, I could not locate my "folder Options" in my control settings to change my viewing of hidden files which is odd because I have changed them before. Not sure why this is.

I also ran Malwarebytes twice because the first time it said not all files could be removed and then the computer restarted.

When it did a prgoram I did not recognize kicked in and began scanning my system again (looked like the virus?) so I shut it down and did a reboot then re-ran Malwarebytes. I attached both logs below so I will have five total rather than 4.

Any help appreciated!!!! Thanks!

Relevance 100%
Preferred Solution: Malware Removal - Help!

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Malware Removal - Help!

ncaione1 said:





I have had my computer for four years and never ever had problem - I perform regular maintenance and I am careful when surfing.

However, yesterday I was surfing several sites using tab browsing and I believe it was a guitar tab site that I clicked on by accident that downloaded a virus to my system before I could close it.

Suddenly some sort of rogue program popped up on my screen and began scanning all my files and my system went crazy so I shut it down manually. Next thing I knew I had the blue screen of death on restart.

I rebooted the computer in safe mode and looked around and found at least one system file called "ndisio.exe" that looked to be causing problems.

I performed the "Read & run Me First" malware removal guide and then proceeded to the Windows Cleaning for XP.

I had a few issues with my internet after running SUPERAntispyware but I reset winsock and repeated this after each program and it is fine.

My system seems to be running almost normal but I am concerned that I may have missed something since I am an complete amateur in this area

I am posting the logs from each of the four programs. I hope I did everything right.

Also, I could not locate my "folder Options" in my control settings to change my viewing of hidden files which is odd because I have changed them before. Not sure why this is.

I also ran Malwarebytes twice because the first time it said not all files could be removed and then the computer restarted.

When it did a prgoram I did not recognize kicked in and began scanning my system again (looked like the virus?) so I shut it down and did a reboot then re-ran Malwarebytes. I attached both logs below so I will have five total rather than 4.

Any help appreciated!!!! Thanks!Click to expand...

Here are the last two logs from Combofix and MGtools...

13 more replies
Relevance 47.56%

Staff Advisory: This post needs to remain here until one of the malware team advise that it can be moved. This member cannot access our malware forums due to their infection. ~ Animal----------------------------------------------------------------------------------------------------------------------Hello, I got some help from some nice people in the live chat. I have made a log with your hijackprogram and am posting it at the bottom. It created two .txt files so there are two reports. I am unable to open ANY link that has the words anti-spyware anywhere on the page or in the address bar so unfortunately I cannot post this in the malware removal forum because the internet window closes every time. I am in dire need of some help! I have a subscription to spy sweeper and it is keeping things out but I was infected with Antivirus xp 2008 and possibly some viruses because the computer was un-protected for about a month while I was in the hospital..I run with Windows XP and a wireless connection. If someone could take the time to look at this for me I would be so incredibly thankful! I offer my services as a photographer/graphic artist/professional gift shopper/myspace designer/beginner web designer. You can see what I do at www.perfectionpictures.com and contact me if you need anything at all!Current Symptoms (in the order of appearance)Random Total system crash then restart then blue screen then back to windows. msvcp71.exe is missing so a program is being prevented ... Read more

Answer:Antivirus Xp 2008 Removal Help/am I Infected? Can't Open Malware Removal Forum

Hi & welcome,I would like to try a couple things before we go much further so I have a bit better picture of what is happening and can take the needed cautions.1.) click start> run> type msconfig and hit enter.click "boot.ini" tabCheckmark /bootlogClick "apply" and "close"Reboot when askedLocate and delete this file:C:\windows\ntbtlog.txt (in case your extensions don't show it looks like a notepad)RebootLocate & post:C:\windows\ntbtlog.txt2.) Click start> run> type: cmd.exe and hit enter.type the following commands exactly as you see em & hit enter after each one:cd c:\windows\system32dir userinit.exeNote the file size please & report that back to me. Leave cmd open a sec.Back at the cmd window...Type:cd dllcachedir userinit.exedir spoolsv.exeNote file sizes & report that back to me.Type exit in the CMD window & hit enter. (this closes it)3.) Can you see also if you can get this program installed please:http://download.bleepingcomputer.com/hijac.../HJTInstall.exeSave file> run it> follow prompts to install excepting defaults.Allow it to "launch" hijackthis.Click the "Do a System Scan and Save a Log File" optionSave the log file and then it should open with NotepadGo to Edit, Select All and then Edit, Paste to paste the contents of the log hereLet me know if you had any problems with the above please.I advise keeping the system offline as much as possib... Read more

3 more replies
Relevance 47.56%

Apologies, but i'm a bit of a novice. my computer did a scan when i started it and came up with some trojans. when i tried to delete them, a malware removal programme tried to install itself so i closed the download dialog box. unfortunately, i cannot remember the name of the software that was trying to install itself. please would you review my log below and help me clean my computer?

many thanks
---------------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by 0 at 19:57:35.67 on 02/01/2010
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.3000.1826 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows&... Read more

Answer:attempted removal of trojans try to install "malware removal software

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 47.15%

Hi,I have tried many ways to get rid of some Malware that has only recently infected my PV. I hope someone can help me as this is my work PC and I need to plug back into my office network in a few days, but think this would be a bad idea at the moment.The problem first showed itself by insisting I had many viruses etc, and I should install Internet Security 2010. I have installed Malware Bytes removal tool, and installed as instructed. It found the above, said it was removed, but still it appears to exist, although the name of the infection has changed a few times, and is currently redirecting my brower to a similar page to the above malware. A popup now shows that I should install Cyber Security to remove the infections. This is obviously another malicious antivirus/malware program.I have McAfee Enterprise installed (which I can't seem to disable)I have also run SuperAntiSpywarePlus, which did the trick removing a similar problem about a year ago on a different PC. However, although this program also finds problems, and supposedly removes t5hem, the problem is still there.Please help. I have shown Hijackthis log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:58:42 PM, on 29/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\... Read more

Answer:Cyber Security removal; Malware removal not working

Hi,I have tried everything I know of to remove this pesky piece of malware. It seems to keep changing names, starting out as Internet Security 2010, and redirecting me on a google search to a webpage trying to convince I was riddled with viruii and malware, and then trying to sell me thier software, which is really just a scam. I ended up here after a few days of tearing my hair out, almost beaten. I went through the tutorials, but unfortunately that was before I fired off a post in desperation. Please delete my previous post, as I have now followed the suggested path, and run the utilities to help diagnose my problems. The resulting files are attached.Please help. I hope the files uploaded can provide an insight into whats happening.Apologies for jumping right in and posting a Hijackthis log before I had read the tutorials.ntents belowDDS.txt contents pasted belowDDS (Ver_09-12-01.01) - NTFSx86 Run by Greg.Middleton at 15:30:23.26 on Tue 29/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.3063.2330 [GMT 9.5:30]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\windows\Syst... Read more

3 more replies
Relevance 46.33%

I have run the malware removal intructions and when through each programs as they did remove some of the malware and virus. The issue that I am having is that when I open the computer under seperate user and try to run the malware removal programs via internet or through USB drive, I keep seeing a window which pops up asking me which program I want to use to open the program. I have run the computer under the adminstrator and do not seem to have problems running the

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log



View attachment hijackthis.log

malware removal steps and have attached the reports from the intructions.

Even when I try to open add or remove programs under control panel- I get the following message: "C\windoesn\system32\rundll32.exe- application not found. I am thinking that It is something to do with AVG and have removed the program with the step.

Please help....

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log
 

Answer:Help with malware removal- have run malware removal instructions

ssmehta007 said:



....try to run the malware removal programs via internet or through USB driveClick to expand...

Specific download and installation instructions are in our R&R ME FIRST guide :
ComboFix
Running from: l:\combifix\ComboFix.exe <--- belongs on your desktop

RootRepeal
Save it to your Desktop

SAS & MBAM
Installed to the Default Location - "C:/Program Files", as we suggest that you keep them after malware removal.

MGTools.zip
Download this file to the root folder of the drive where you have installed Windows (Typically this would be C:\ and thus you would have a C:\MGtools.exe file after downloading). ​
Please make those corrections and attach the missing RRlog.txt (from RootRepeal) and MGlogs.zip - normally it is C:\MGlogs.zip . Please tell me any problems you still have.
 

18 more replies
Relevance 46.33%

Hi,

I have a dell xps 8300. It started acting up about 1 week ago (freezing while working online, freezing while trying to boot). Today i got the Blue screen asking me to restart if this was the first time I had received a blue screen.
I restarted it was fine for 30 minutes and everything froze.
I restarted it and I received error beeps ( 4 beeps)
I looked that up on dell support and they said it was RAM problems.
I opened up the computer vacuumed a bit, took out ram cards and reinstalled them.
It had been working o.k.for about 1 hour and only froze once more.
I decided to try the malware removal guide and here are the logs
Malware bytes did not find anything
TDSSKiller did not find anything
MGtools ran but as soon as it was done the window closed. i don't know how to find the log
Your help will be greatly appreciated
 

Answer:malware removal - have followed malware removal guide

I still want to see the log from Malware Bytes please.





MGtools ran but as soon as it was done the window closed. i don't know how to find the logClick to expand...

Should be directly on C:\ if that's where you boot Windows from. If you really cannot find the log, you'll have to run MGTools.exe again in order to produce a MGlogs.zip. Thanks.
 

20 more replies
Relevance 45.92%

I posted the software forum yesterday and was instructed to complete the malware removal steps and repost here. I have a new computer running Windows 8.1. When I say new, I mean I started having problems within a couple of hours after turning it on!

I have McAfee antivirus protection and downloaded and installed my MSOffice 2013 Home and Student. All seemed to be fine. The MSOffice was up and running and McAfee said I was protected. Suddenly and I don't remember what I was doing...it said Microsoft something (sounded like an antivirus or firewall something) had detected several problems and I needed to "clean my computer". Oh so ignorant of all that was going on with learning Windows 8.1 after using XP for years I told it to clean. Somewhere in there it suggested I do a system restore. All seemed OK until I realized MSOffice was no longer there. I tried to download it again and reload, but with no luck. It occurred to me it had something to do with the system restore so I tried to undo the restore. That of course didn't help. I'm also now getting messages from McAfee that I am covered and safe but that my firewall is turned off and needs to be turned on. However I can get McAfee to do nothing. I can open a screen, but nothing I do makes it do anything. I tried downloading their "Virtual Technician" before I started the process you recommended and it acted like it was downloading, but 20 minutes later it was still "spin... Read more

Answer:malware removal help - removal instructions attempted

Can you try running the tools that were not working before including Hitman, in safe mode please. Let me know how you get on.
 

16 more replies
Relevance 45.92%

Since the ComboFix will not run on Vista or Windows 7 64-bit, I have to look for new malware/virus removal apps... It was good while it lasted. So what tools do people use for Vista these days when the computer says: "WARNING! YOURS COMPUTER IS AN INFECTED BY HARMFUL VIRUS!!!!"

Answer:64-Bit Virus Removal & Malware Removal Tools?

64-bit Anti-Virus:List of 64-bit Anti-Virus For VistaAnti-virus protection in 64-bit environmentsFree Anti-virus:avast! Free Antivirus Avira AntiVir Personal - Free AntivirusAVG Anti-Virus Free Edition 8.5Microsoft Security EssentialsPanda Cloud AntivirusKingsoft Free Antivirus (Cloud Scan)Paid for Anti-virus:NOD32 Anti-Virus PersonalMcAfee AntiVirus PlusTrend Micro AntiVirus plus AntiSpywareNorman Antivirus & AntispywareCA Anti-Virus Plus Anti-Spyware64-bit Anti-Malware tools:Malwarebytes Anti-MalwareSUPERAntiSpywareKaspersky Virus Removal Tool - How to install and use documentationSpyware TerminatorWindows Defender (64-bit)PrevxSpybot S&DAd-AwareNorman Malware CleanerSunbelt Counterspy (free Trial)Comodo BOClean Anti-MalwareSophos Anti-rootkitSanityCheck Advanced Rootkit and Malware DetectorESET Online Antiivirus ScannerESET SysInspectorAnVir Task Manager FreeWinPatrolStart with these:How to use Malwarebytes' Anti-Malware to scan and remove malware from your computerHow to use SUPERAntiSpyware to scan and remove malware from your computer

3 more replies
Relevance 45.92%

Hello!
In reading more of these threads I can see Im not the only one with the iexplore issue.
Glad to know it can be corrected!!!!

I have multiple pop-ups and my computer is as slow as dirt.
When I get home at 3:30 Calif time I will do the HJTInstall.exe thing and post the results.
Would the results of one that was done two days ago help? Yes I was having the issue then and another company did one and told me to email it to someone, which I did but I havent heard anything back and my computer is close to useless at this point.
Can MFDnNC or anyone else help?
Thanks!!!!
Ginny
 

Answer:malware removal/popup/iexplore removal

16 more replies
Relevance 45.92%

I read and followed precisely "Vista and Win 7 Malware Removal/Cleaning Procedure"

My issue: I was informed my my isp the following: "Mail Log Parsed from Feb 15, 2013 19:47:04 to Feb 16, 2013 19:47:04 User sent approximately 141,801 messages to 136,591 unique recipients. There were 2598 bounces received in this period, 1 percent of the emails sent. "

I have AVG, running constantly. ISP changed my password to stop the mail. I ran AVG in safe mode. Still not sure trojan erradicated. ISP referred me to your site.

I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.

Please advise if you believe my system is clean, or what further I should do. Since I haven't seemed to find anything, it's hard for me to be comfortable that it's clean.

Thank you emmensely!!

Mike Sieber
 

Answer:Help with malware removal--have performed removal instructions

Welcome to Major Geeks!




mike sieber said:





I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.Click to expand...

Not problems. It is just junk from AVG. All of your logs are clean. Many times when something like this happens, it is not an infection. It is due to a spammer/spammers getting your email login and password and they use it from other PCs to send out their spam. There are cases of infections that can cause spamming ( like some master boot record or partition infections ) but you show no signs of these.


If you are not having any other malware problems, it is time to do our final steps:
We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to ... Read more

3 more replies
Relevance 45.92%

I have scanned with AVG with the latest updates. On top of that insidious google redirect I get random pop ups even when I don't already have IE or Firefox running. Also getting sounds in the background like I'm clicking on a link, surfing the net when I'm not. And SYSTEM in task manager is hogging a ton of memory.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:52:42 PM, on 8/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeC:\... Read more

Answer:persistent malware undetected by virus scans and malware removal tools

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

2 more replies
Relevance 45.92%

Hi,

I am the IT manager in my company.

I have a co-worker, his computer has search redirect issue. That means most likely it has malware.
Then i installed some major malware removal: Spybot Search & Destroy, SUPERAntiSpyware, Malwarebytes

After i installed them, i cannot launch them(That definitely means it has some kind of malwares)
I needed to rename their .exe files, after i can run them and scan my computer.

SUPERAntiSpyware, Malwarebytes found something, but didn't solve the problem, search redirect and
blocking malware removal software are still there. Now i am running Spybot Search & Destroy will see what happened.

By the way, i run them in safe mode because when i logon window to normal mode, it is slow (like it takes a long time to explore hard drive, etc). I suspect the malware slow down my pc. hopefully not registry corrupted or something, but works smoothly in safe mode.

So you guys have any suggestions? or you need a log file from combofix?

Please advise,
Tommy

Answer:malware: google yahoo redirect and can't launch malware removal software

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

5 more replies
Relevance 45.51%

I did a hijackthis scan and here's what I got:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:18:17 PM, on 4/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\WINDOWS\System32\00THotkey.exeC:\WINDOWS\system32\TFNF5.exeC:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynT... Read more

Answer:Malware Blocking Acess to Spybot, Microsoft Malicious Removal Tool and other anti-malware programs

Hey guys I solved my own problem. I completely reinstalled windows. (It was about that time anyway)

2 more replies
Relevance 45.51%

Please help me,
I cannot access any internet (wifi & ethernet) after malware removal using GridinSoft Anti Malware. I already updated network drivers, but it's still not working.
 

More replies
Relevance 45.51%

I was surfing the web today and I believe I clicked on a pop up by mistake when I shouldn't have. Avira then blew up with Malware alerts and I knew I had a problem...

I did a virus scan and it removed the detections found but when I did a restart they were back again. Also, the virus seems to move itself around to other .exe files. I found it had infected moviemaker.exe so I manually deleted the file as I don't need it but as soon as I emptied my recycle bin the moviemaker.exe file returned back to its original folder.

I'm afraid something really nasty has infected me. Avira is detecting it as a W32/Infector.Gen2 and Maleware Bytes is detecting 2 Malware.Packer.Gen files.

I went through the Read Me First steps on this site and preformed everything it asked. However, I was unable to uninstall my previous JAVA (ver 19) and was not able to install the newest version of JAVA. Both gave me errors that the installation program wasn't working.

I'm attaching the logs here. Can anyone help me get rid of whatever is infecting my machine? I would really appreciate the help!
 

Answer:HELP-Requested Malware Removal (Infector.Gen2 / Malware Pacger Gen)

Here is the 5th log.
 

6 more replies
Relevance 45.51%

Hi, I'm suddenly having a lot of trouble with malware. My computer seemed to be running okay but I ran Malwarebytes as I occasionally do, and it picked up a fair amount of malware on my system. I deleted it and rebooted, but that's when my problems really began. Upon restarting, my internet connection has become almost unusable. It's extremely slow and generally I can't even open a page that I want after trying to refresh several times. Oddly though, google is working perfectly and a few other sites seem to work too, including this one. I've tried running MBAM again and again, each time it picks up more malware and I remove it, then reboot and the cycle renews. I can't seem to get rid of all of it, every time I scan my system there's just more of it. I've tried ComboFix but it doesn't seem to have done anything. One persistent thing seems to be photo_id.exe, I've got a few messages from MBAM saying it can't be removed and I need to reboot. Also, I've noticed that if I'm trying to reach a webpage, although it won't load there seems to be some redirecting, for example I just tried to reach a wikipedia page and it says &quot;The server at topsearchfeed.com is taking too long to respond&quot; For some reason I can't bloody format this properly no matter how hard I try, so here's an attached HJT log:
 

Answer:Malware removal attempt led to unusable internet, still can't remove all malware

problem has become more serious, now my mother has told me that the internet on her laptop is also extremely slow and essentially unusable, I'm worried that something from my computer has got on to hers via the wireless network we're both connected to. Somebody please help me
 

2 more replies
Relevance 45.51%

Gud day to everyone,

My computer having some malware activity, i have used adware 2008, spyware removal tool, norton anti-virus and other removal tool, but still those malware cannot be deleted.. My Computer icon could not display its properties, instead it appears like a file when you see its properties. It also disabled TCP/IP that why until now i cannot connect to the internet.. I don't have WindowsXP SP2 cd for repair..

Please help me as soon as possible, because it is a server..

Answer:Urgent! My XP SP2 have malware activity!.. cannot remove using malware removal tool

Hello frozenfire03, Welcome to TSF!

I recommend that you read this article… "Having problems with spyware and pop-ups? - First Steps"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.

When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Good Luck with it.

Kind Regards,

7 more replies
Relevance 45.1%

Dell m1330 Vista home premium. I have malware isses, frequent memory dumps, google redirection and something is preventing me from running or installing anti-malware programs. I had to install malwarebytes using the rename method, but the program will not run in safe mode or normal. I had spybot previously installed but I was also prevented from opening, so I tried reinstalling, but before it can complete the installation I get the blue screen of death memory dump! Before reading the procedure I ran coolweb, kill2me, windows defender and windows malicious software tool. None of the programs found anything. I also perfomed a couple system restores, but both failed.

Should I continue with the cleaning procedure (combofix), or does anyone know how I can get malwarebytes and spybot to run?
 

Answer:Trying to follow malware removal procedure, but malware is preventing me?

Here's my MGtools log, it was the only program that worked.
 

4 more replies
Relevance 45.1%

Hi, i got infected because i was triying to run malwarebytes and it skip the part of analising the files, it ended in arount 1 minute in a full scan, and i tried to download dr web cure it, and it dont allow me, the computer seems fine, but those things are very strange, and when i was running the scan i was in safe mode...
 
thanks for the help

Answer:Malware infected, malware removal tools useless

Greetings samidelcueva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

0 more replies
Relevance 45.1%

Had a machine in riddle with viruses which we duly cleaned up and removed without incident. Uninstalled the applications one at a time, restarting each time it was required and all was good.

After removing the last app (dont ask me which one it was I cant rememebr) the machine no longer starts.

It's boot cycling but once we disable automatic restart on system failure it brings up a STOP 24 error.

Have booted to puppy linux and examined the hard drive (which is SATA btw) and the data seems intact so we can assume, physically at least, that the drive is good.

Booting to an XP CD and attempting to access the recovery console to run chkdsk /r and it appears the drive is either not detected or is empty (the latter we know not to be the case)

Boot to an X CD to attempt a repair install and it tells me there is no hard drive present.

Check the BIOS and the drive is detected properly. swap the hard drive for a SATA CD and it detects the CD without issue which makes me thing the SATA controller must be functioning too.

Now it seems that the this single disk system has some kind of RAID configured on it according to the boot screens. My next step would be to remove the RAID but I'm concerned it might format the drive. Is this likely? It has an ASUS A8R-MX/S motherboard but the info I get from their site is a little vague.

Am I on the right track with the RAID thing or way off base, help me folks its driving me nuts.
 

More replies
Relevance 45.1%

Four steps that will keep your PC happy, healthy, and crap-free

Malware sucks. In the best-case scenario, it craps up your system with unwanted files and occasionally makes itself known in the form of a persistent pop-up window or annoying browser-based toolbar. In the worst-case scenario, malware completely takes over your desktop or laptop and ruins your life.

Your system slows to a crawl. You can’t even boot into Windows in the time it takes you to walk to the kitchen and back. Your data gets sent off to a faraway Internet land or, worse, your actual keystrokes are recorded for some unsavory individual to see. Malware locks down your browser, making you unable to actually do any browsing without being carted off to some bogus domain. You can barely run a program in Windows without getting bombarded by fake advertisements, programs, and dancing people on your desktop.

We can’t make this stuff up.

So what’s a computer enthusiast to do? Step zero: Read this guide, because we’re going to walk you through all the key details you need to know to both rid your computer of this junk and keep it free of downloaded nasties forevermore.



Read more at:
Maximum PC | Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Answer:Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Most excellent reading, thanks for posting for all to see, I , myself, use most all of these myself, the only paid program i have is malwarebytes, the rest are free add ons or are free programs . Thanks.

5 more replies
Relevance 45.1%

Please find attached the logs from the scans in the Windows XP Cleaning Procedures. I followed the Cleaning Procedures but still have a problem. The problems can be pinpointed to yesterday when I surfed to a web site without having an up-to-date Anti-Virus definition files. Before I knew it, I had an infected machine.
There seems to be 2 problems.

(1) After restarting the computer, Windows File Protection gives following message.

Windows File Protection
Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. Insert your Windows XP Profession CD2 now.

I have Dell OEM Windows XP Media Center 2005 installed on my Dell Dimension 5150/E510. Problem is, Dell has a Windows XP re-installation CD but Dell states there is no 'CD2'.

(2) I keep getting pop ups every time Internet Explorer is open. The pop ups occur on their own.

Hopeful you can help me to fix the problem. :confused
Thanks,
Ankur

p.s. Please note, the AVG Anti-spyware log is not attached because it was not generated by the tool. I scanned my computer using Trend Micro (after updating virus definition files) and I can provide the logs if you need.
 

Answer:Malware problem not fixed with Malware Removal instructions

Welcome to Major Geeks!

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
Java 2 Runtime Environment, SE v1.4.2_03

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F3 - REG:win.ini: load=C:\WINDOWS\system32\mlljg.exe
O2 - BHO: (no name) - {3F7BDD0B-0462-4F19-8B87-54D83601B87C} - C:\WINDOWS\system32\mlljg.dll
O2 - BHO: (no name) - {B8AFD866-6B8B-490E-DA2E-39E671810F96} - C:\WINDOWS\system32\mknamps.dll (file missing)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime

After clicking Fix, exit HJT.


Now download The Avenger by Swandog46, and save it to your Desktop.

Extract avenger.exe from the Zip file and save it to your desktop
Run avenger.exe by double-clicking on it.
Check the 'Input script manually' box.
Click on the magnifying glass icon.
Copy everything in the Quote box below, and paste it in the box that opens:




Files to delete:
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\mlljg.exe
C:\WINDOWS\system3... Read more

9 more replies
Relevance 45.1%

Hi. I am trying to diagnose a problematic laptop for a friend. I don't know the details of what happened to cause the problems. The main problem I can detect is that the laptop is EXTREMELY slow. It seems like anything I try has a delayed response (even a simple mouse click). I followed the Malware Removal Guide, but was only able to run two of the five suggested tools as follows:

1) SUPERAntiSpyware - I ran this after manually updating the definition files on the version already installed and the scan found nothing.

2) Malwarebytes Anti-Malware - I was not able to update the definition files for the current version installed. After several attempts to uninstall this (via the Control Panel), I was able to do it via CCleaner. However, I was not able to re-install a more recent version due to problems with the Windows Installer service. After uninstalling an outdated version of Java (Update 14) via the Control Panel, I have not been able to install/uninstall any more programs.

2) combofix.exe - not compatible with 64-bit OS

3) RootRepeal - did not run on 64-bit OS

4) MGtools - did run; kept getting errors, but continued to completion

Attached are the SUPERAntiSpyware and MGTools logs:
 

Answer:Possible Malware preventing me from running malware removal tools

I am not seeing any malware in those logs. I do not know why MalwareBytes would not run, are you able to run it in safe mode? How does the PC behave when you use safe mode?

More than likely I think I will be sending you off to the software forum.

We can do this:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:



O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsM... Read more

5 more replies
Relevance 44.28%

HEY GEEKS NEED A LITTLE HELP. I HAVE A WINANTIVIRUS POP U THAT COMES UP EVERYTIME I AM ON THE NET, AFTER U X IT OUT 5 TO 6 OTHER POP-UP COME UP ABOUT A VIRUS. I AM RUNNING AVG EVERY MORNING, SYBOT SEARCH AND DESTROY, AD-WARE 6.0. HERE IS A HIJACK THIS LOG FILE TELL ME WHAT TO GET RID OF PLZ.

EDIT: Removed inline HJT log


THANKS

DOOKIE
 

Answer:winantivirus removal, malware removal

Hi and Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.


Run this first

Virtumonde aka Trojan Vundo Removal - some people also refer to this as WinFixer

Then run the below and atach the requested logs for the malware experts to look over.


Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.



When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

[*]runkeys.txt - the log from GetRunKey.bat
[*]newfiles.txt - the log from ShowNew.bat
CounterSpy - ONLY IF you were not a... Read more

1 more replies
Relevance 44.28%

Hi all, 
 
Recently on Chrome browsing on a site a received a web site popup saying "Your browser contains MALWARE. You have to install Chrome Malware Removal Tool". Confirming with OK opens an extension page:
 
https://chrome.google.com/webstore/detail/chrome-malware-removal-to/mbdoonnjlifcmakklcaembokjhjikank
 
I have a strong suspect this is a malware!!!
 
What I'm trying to understand if what kind of malware infected the web site I visited. Some technical specs could be useful . The web site is of a my friend and I'd like to help them to identify the malware infected their web site...
 
 

More replies
Relevance 44.28%

Hiya

Im running XP, avg detected trojans, the first one it got rid of, the second one Generic13.ATHP it could only remove it partially, apparently located in in c:\windows\system32\svchost.exe

Started the Malware Removal Process as recommended, SuperAntiSpyware wouldnt install, so I changed the filename, and it has installed but when I attempt to run it I get an error message -

SUPERAntiSpyware Free Edition has encountered a problem and needs to close. We are sorry for the inconvenience

The same happens with any other malware/spyware removal program, Spybot S&D, Malwarebytes etc...

Is there anything I can do to fix this?

Thankyou!
 

Answer:malware halps/malware removal not running

Hi again,

also tried doing this (as seen in another thread)

Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

* Scroll down to ?Non-plug and Play Drivers? and click the plus icon to open those drivers.
* Then search for TDSSserv.sys
* Let me know if you find this or not.
* If you do find it, right click on it, and select Disable. Do not try to uninstall it.
* Also if this is found and you disable it, then reboot and see if you can run the cleaning procedure and attach the requested logs.


but the device mentioned is not present (although there are a few that have error "!" things next to them, but 30 or so others.

:confused have no idea if any of this will help you lovely helper person, but i guess im just trying...
 

2 more replies
Relevance 44.28%

About a week ago, I noticed that when running Internet Explorer www.google.com that clicking on a website would take me to an add instead of the website. If I clicked back and clicked on the website again, it would correctly go to the website.

A day or two before noticing this issue I had upgraded to AVG 8.0 Free and had installed the latest Firefox version.

I am running a Windows XP Professional SP2, Intel Pentium 2.8 GHz.

I ran the instructions at forums.majorgeeks.com/showthread.php?t=35407 and am still experiencing the same issue as described above.

Any help would be greatly appreciated! This is the first forum I've ever posted to so be patient!

Thanks,
Deb
 

Answer:Malware - Exists after running MalWare Removal

This is the last of the Malware log files.

Thanks again!
Deb
 

2 more replies
Relevance 44.28%

Hi. Thanks for this. I need to first tell you that I don't even know how to generate the logs everyone posts here for troubleshooting. I'm sorry. Maybe someone could tell me how, then I will.

Because my laptop wouldn't even boot to the O/S last week, DELL's tech support helped me move files, reformat and reinstall the OS. I reinstalled McAfee. A security tool warning popped up. I knew it was rogue; I came here and got rid of using mbam and process explorer - very easy. Or I thought I did. On my daughter's desktop this morning, there were 3 porn shortcut links ON HER DESKTOP!!!! There was also a link to "Active Security" - trying to figure out wtf this was it turns out it was another rogue. Awesome. It at least had an uninstall on Add/Remove programs... but obviously it is not gone, if that is even the cause of all this... Thinking MBAM would be a logical quick fix, I figured I would try that. My Mbam won't load - I have reinstalled and it - it reinstalls and then when I try to quicksccan it says I don't have permissions and then I can't even open it again. I can reinstall, then it is hijacked when I try to scan. My McAfee won't scan either so both are being hijacked and I also am having the same browser redirects as others when clicking on sites from search results. McAfee can't even fix itself. In safemode, McAfee tells me the truth at least that it is not working (in regular mode it poses like everything is... Read more

Answer:Ugh - Malware Removal Tools Disbled by Malware

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Relevance 44.28%

Have got a strange one, where have attempted to remove XP antispyware 2009 using malware antimalwarebytes. Looks to have been partly successful - but have got something else interfering. Frequently have pages on IE as "not found".

Have posted HJThis log and Malware Antimalwarebytes log below. Thanks for any assistance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:58, on 08/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdjserv.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologi... Read more

Answer:Malware - blocking removal by malware antimalwarebytes

16 more replies
Relevance 42.64%

When I try to run a scan from usind AVG anti-virus, Avira, Windows Defender, or SuperAntiSpyware; when the scan gets to a certain point, Windows shuts computer down with a blue window. It says Kernel_Stack_ Inpage_ Error plus some standard verbage about if you recently installed sortware/hardware,see administrator, etc. At bottom it says: STOP: 0x00000077 (0x00000001, 0x00000000, 0x00000000, 0xF79B1D24). I could sometimes run AVG scan in "select drives/folders" mode but recently it quit allowing that after I upgrade to AVG 9 (free). I uninstalled AVG and went to Avira but with same results. Scanning with Windows defender did the same. I recently installed and ran SuperAntiSpyware and was able to pinpoint problem to " System Volume Information" directory. I am unable to open to see contents as Windows shows no files in it. When I ask Ariva to scan it, Ariva says no files also but if I use AntiSpyware to scan, it shows many files during it's scan but will get to a certain point and computer will shut down. I can almost see file that shuts it down but it happens too fast to catch it. I was able to run "RootRepeal" and log is below. I was not able to run "DDS.scr".

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/30 13:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepe... Read more

Answer:Unknown malware/virus won't let any anti-virus/windows defender/malware removal progran to complete scans

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

23 more replies
Relevance 41.82%

I have followed recommended protocols to suceessfully remove the "Trovi" malware from my computer.
But have one minor problem.
The virus removal programs successfully removed the malware programs, as the program no longer runs on my computer.
But the malware appears to have left code in the windows startup directing the computer to run files which are now no longer present on my computer.
Problem is that this causes the following Windows Popup box "Run DLL" to come up , before any other windows startup programs run.

The Pop up box contains the following wording"

" There was a problem starting
C:\Users\LESTER\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
The specified module could not be found."

Does anyone have any suggestions on how to get rid of the code lines in start up that lead to the popup box, so that it will no longer occur at computer start up.

Thanks.
Lester
 

Answer:Trovi Malware - "Run DLL" pop up box remains on windows startup after malware removal

Follow this thread and attach requested reports

http://malwaretips.com/threads/malware-removal-assistance-how-to-get-help.20334/
 

1 more replies
Relevance 41.82%

My computer recently became infected. At first, my taskmanager and regedit were locked. Next, my desktop background was locked. I fixed these problems, but continue to be bombarded with malware in my running processes which regenerate upon rebooting. Eventually, I could not startup Windows. Once the Windows loading page was finished, my computer would restart. I upgraded to XP Pro, can now log on, but still have malware. Please help! Thanks for your time!
 

Answer:completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have malware

Re: completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have mal

Here is my MGTools.zip log. Thanks in advance for your help. Any addition info needed please let me know. Take care.
 

4 more replies
Relevance 41.41%

I ran the steps in the Malware removal guide, i haven't seen any new pop-ups, but i noticed that there were a few problems that bitdefender could not fix, and my laptop is still running slow.

I am running windows XP, and will attach all logs.

Thank you in advance for all you assistance.
 

Answer:ran all the steps in "Read & Run Me First malware removal guide," still have malware

Re: ran all the steps in "Read & Run Me First malware removal guide," still have malw

Here are the last three logs.
 

10 more replies
Relevance 41%

Hey,

So I got infected with this virus/malware MS Removal Tool. Things that I noticed: it created a file nvpcpl.dll, hid all my d drive files and removed 90% of the items from the Start > All Programs menu. I ran through all the scans but still cant seem to get the programs in the All Programs menu back. Attached are my clean scans in the order recommended. Just as an fyi, C: is my primary drive, D: stores all documents/pictures/music, F: is the external hard drive. Thanks for the help.
 

Answer:Malware removal help - MS Removal

Things that I noticed: it created a file nvpcpl.dllClick to expand...

See this link About nvpcpl.dll You do not have macafee installed and I am not seeing the file in your logs. Do you still see it? If so give me the full file path. But you also have NvCpl.dll running which relates to Nvidia which IS installed.

Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.


Right-click OTM.exe And select " Run as administrator " to run it.
Paste the following code under the area. Do not include the word Code.

Code:


:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}]

:files
C:\Documents and Settings\All Users\Application Data\oJh06504hBkGg06504

:Commands
[emptytemp]
[Reboot]

Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
Push the large button.
OTM may ask to reboot the machine. Please do so if asked.
Copy everything in the Results window (under the green bar), and paste it into notepad, save it as something appropriate and attach it into your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file prese... Read more

3 more replies
Relevance 40.18%
Question: Malware removal

Hello,

In the past few few weeks Norton Internet Security 2010 has been reporting repeated attacks from remote IP addresses nearly every 10 seconds while my computer was connected to the internet. In the past couple of days my computer has slowed down enormously and norton no longer detects anything wrong with my computer during scans. CPU usage is between 90-100 at all times. Way too many svshst executables are running (between 5-10). When I try to end these processes a dialog box comes up and says acess is denied. Windows Unlocker can't do anything about it. Yesterday while trying to end the processes the famous dialog box with 60 seconds on the timer before the computer will be forced to shut down showed up, so I assume I have a rootkit. When I tried to attach my hijack this file i was unable to- the window refreshed and reported that the connection had been reset. This occurred 5 times in a row so I am assuming that is abnormal as well. I decided to paste the log into the thread, I hope that its not against the rules! Thank you in advance for your help!!!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:01 PM, on 7/31/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.

exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\syste... Read more

Answer:Malware removal

Here is an updated version HJT log
 

2 more replies
Relevance 40.18%

Hi there,

I have read and run your "read me and run me first" page and now I'm asking for support.

I have run all the programs you suggested and will attach the log files.

I can't seem to get rid of Trojan.Downloader.Swizzor. The programs say it's been deleted, quarantined and disinfected, but it keeps popping up.

I'm also having some trouble with having my browser time out. I happens constantly and I have to reboot to get it to behave. Everything esle is also super super slow.

I really appreciate any and all help that you can provide.

Thanks so much.

It looks like I'll have to post the log files in stages.
 

Answer:Help with Malware Removal

Log files part 2.
 

8 more replies
Relevance 40.18%
Question: malware removal

I am getting this error when startingerror loading rundllC:/windows/system32/rnmjisog.dll module missinghow do i fix this problemany help would be apprceciated.Thanks[recovering disk space -- attachment deleted by admin]

Answer:malware removal

Please turn OFF TeaTimer as described in the removal instructions. It will block the fixes we need to make.Open HijackThis and select Do a system scan only.Place a check mark next to the following entries: (if there)- R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - (no file)- O2 - BHO: (no name) - {1F2179E1-6DD4-40F0-B0E6-1FF7342E63DE} - C:\WINDOWS\system32\qoMdBSmm.dll (file missing)- O3 - Toolbar: (no name) - {E1BACF55-35E1-4E47-9247-2D48660E5545} - (no file)- O20 - Winlogon Notify: geBuVPji - geBuVPji.dll (file missing)Important: Close all open windows except for HijackThis and then click Fix checked.Once completed, exit HijackThis then run CCleaner. Restart the computer to register the changes. Are you still getting the error?

3 more replies
Relevance 40.18%
Question: Malware removal

After running all of the preliminary items everything seemed ok. i wanted to enable superantispyware so i would have the anti spyware running. superantispyware had a notification of an update(should have all been updated earlier) so i updated and was prompted to restarted the computer which i did. there was an internet explorer popup trying to go to res://ieframe.dll/navcancl.htm at startup. i stopped it and also google chrome was changed to not being my default browser. So most of the problems are gone just want to make sure its all clean and stop this popup. thanks for all your help.
 

Answer:Malware removal

MGlog post
 

7 more replies
Relevance 40.18%

Hi Geeks!

I have been trying to resolve several issues which began with slow downloading and Google redirect issues in Firefox; Office 10.(XP Pro) Excel which returns "Microsoft Visual C++ Runtime Library runtime Error" C:\Program Files\Microsoft Office\Office 10\Excel.exe Among others.

I followed your extensive pages on Malware running all on the "Read and Run" page and logging as directed. I did follow the pages on Google Redirection removal, and i surmise that has solved that problem.

I am not sure that I have removed all the malware, as in some places you recommend that I NOT clean the malware, just send the logs....but figure I cannot repair the Excel or other problems without first being sure that I have removed the threats.

Will you please review the log files and / or direct me to the next steps?

I have used the Belarc advisor should you need that detail too.

Kind Regards


XP Pro w/MS updates
 

Answer:Still not sure of Malware removal with XP Pro

Please rerun MBAM and have it fix what it found.

Then rerun Hitman and have it remove all the:
Potential Unwanted Programs

Finally, rerun RogueKiller and have it remove:

Code:
[RUN][SUSP PATH] HKLM\[...]\Run : shicoxp (C:\WINDOWS\shicoxp.exe [-]) -> FOUND
Reboot and rerun both RogueKiller and Hitman and attach both those logs.

Let me know how things are runnning.
 

11 more replies
Relevance 40.18%
Question: Malware removal

I have recently had a virus attack on my computer. The only things that I have noticed was my computer being a lot slower and randomly putting malicious files into external drives that are inserted into the computer.
 

Answer:Malware removal

Welcome to Major Geeks!

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&CUI=UN34755072933179217&ctid=CT3274043
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
R3 - URLSearchHook: BTControl12DM2 Toolbar - {09110334-1bf2-481d-9ce3-7ac88f9ef9fe} - C:\Program Files\BTControl12DM2\prxtbBTC0.dll
O2 - BHO: Freecause Shopping BHO - {0095C290-A428-4BDD-B98C-E0A116F1C702} - C:\Program Files\Shop to Win 9\ShoppingBHO.dll
O2 - BHO: BTControl12DM2 - {09110334-1bf2-481d-9ce3-7ac88f9ef9fe} - C:\Program Files\BTControl12DM2\prxtbBTC0.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Freecause Shopping BHO - {930D9979-EA79-437D-807F-0FD32573CA75} - C:\Program Files\Shop to Win 7\Shopp... Read more

1 more replies
Relevance 40.18%

A supposed "Norton Security Scan" has been installed into my family's computer. Thing is, we never intentionally installed this program. (It also did not come with the computer; our family computer has always been norton-free since we really dislike norton products.) When it runs, this window pops up:The Windows Task Manager associates this process with a file named Nss.exe[edit] : I located the folder that contains this executable. It had these files in it:cc70U.dllccScanw.dllccVrTrst.dlldec_abi.dllDefUtDCD.dllecmldr32.dllhelp.htmMicrosoft.VC80.CRT.manifestmsl.dllmsvp80.dllmsvcr80.dllNss.exepatch25d.dllSAUpdt.dllScanCore.dllScanRes.dllSKURes.dllThis is the only trace of this supposed 'Norton' I have on my computer.Is this a fake Norton scanner? Can you help me figure out what this is and remove it? Thank you. ---------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:17:38 PM, on 3/30/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSExplorer.EXEC:WINDOWSsystem32spoolsv.exeC:WINDOWSSystem32hkcmd.exeC:Program FilesAnalog DevicesSoundMAXDrvLsnr.exeC:Program FilesRealRealPlayerRealPlay.exeC:Program FilesQuickTimeqttask.exeC:WINDOWSSystem32spooldriversw32x863hpztsb04.exeC:Program FilesCommon FilesAOL1134931059... Read more

Answer:Malware Removal : Please Help!

Apologies for the delay in replying, but the forums have been overwhelmed with HIjackThis logs lately. If you still need help, please post back with a new HijackThis log, along with an update of the problems you are currently experiencing.

2 more replies
Relevance 40.18%

I am having trouble with my computer due to malicious spyware.

Here is my hijackthis log.

Edit by chaslang: Inline log removed! Cleaning steps not followed!
 

Answer:Malware Removal....

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments. You must complete ALL steps, you must attach all three requested logs, and you must install HijackThis properly!

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis


When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
Bitdefender
Panda Scan
HijackThis

.
 

4 more replies
Relevance 40.18%

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. I apologize for the delay getting to your log, the helpers here are very busy.If you still need help, please post a fresh Hijackthis log, in this thread, so I can help you with your malware problems.If you have resolved this issue please let us know.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:12:48 AM, on 2/1/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16575)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\DAP\DAP.exeC:\Program Files\NaturalPoint\SmartNAV\SmartNAV.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\Clavier+\Clavier.exeC:\Program Files\Picasa2\PicasaMediaDetector.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exeC:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exeC:\Program Files\AceBIT\WISE-FTP\WF_Scheduler.exeC:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeC:\Program Files\Snocap\Download Manager�... Read more

Answer:Need Help Malware Removal

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.When posting your logs please post them directly into the reply. Do not attach them.Also make sure you have already followed the steps outlined below:Preparation Guide For Use Before Posting A Hijackthis LogThank you for your patience.

1 more replies
Relevance 40.18%
Question: malware removal

Hi my name is mike and i am trying to get this malware off my pc. that said i am new to computers and have no idea what type of malware i have. i did go through the steps requested but have trouble with moving files and the results of the scans. i tried zipping it and it is coming up too large to upload. this critter i have in my pc is watching every move i make and keeps me from trying to run programs. my e-mail address is [email protected] when you have time to maybe help me with this. thank you. mike ron

Answer:malware removal

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/459077 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 40.18%
Question: Malware Removal

Hi all! Its unbelivable the things that are out on the internet that can be annoying to say the least. The only thing that worked for me was to just do a system restore. Take your computer back in time a few days before the spyware imbedded itself into your registry. It works, believe me.
 

Answer:Malware Removal

Jag5050 said:



Hi all! Its unbelivable the things that are out on the internet that can be annoying to say the least. The only thing that worked for me was to just do a system restore. Take your computer back in time a few days before the spyware imbedded itself into your registry. It works, believe me.Click to expand...

This doesn't work in every case because sometimes your restore points holds the infection. The best way to remove it is to never get it. The best way to never get it is to surf safely, keep windows up-to-date, have an updated antivirus and firewall installed.

How to Protect yourself from malware!
 

1 more replies
Relevance 40.18%

Windows Server 2003 R2 SP2 OS; machine used as a workstation and development server, not as a production serverMalware protection in place - SuperAntiSpyware Pro with real time protection enabledAntivirus - none; use Office 365 and Google for all mail accountsFirewall - Netopia DSL Modem/Router/Firewall provided by ATT with Internet serviceOS issues that alerted me to presence of malware:1. continual popup of the right click menu without any user input requesting it, to the point of virtually disabling use of computer2. ALT TAB invocation of Windows App Switcher provided only a brief glimmer/flicker of the App Switch window, which then disappeared - unusable.Actions taken:Have run TDDSKiller, Malwaybytes, SAS, Kapersky and other anti-malware tools to no avail. Only Comodo Cleaning Essential has identified a rootkit, although it identified other false negatives, so I take it with a grain of salt. Have that log if you want it. It did, however, quarantine the two rootkit files and the disruptions to my computer have ceased. Nevertheless, I want to obtain complete assurance that all malware has been permanently removed, hence this post. Please advise.Thanks,JimPrep work completed:1. backup data - always done2. slow computer - n/a3. create bleeping computer acct - done4. enable topic reply - done5. enable firewall - always done6. download/run defogger - done7. download/run dds.scr - done, dds.txt and attach.txt logs attached8. download/run gmer.exe - done, gmer.log attached9. cre... Read more

Answer:malware removal help, please!

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/461303 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

55 more replies
Relevance 40.18%
Question: Malware removal

I have what I believe is a trojan that prevents me from accessing Windows update and selected sites. I have followed your prep guide to the letter. I have also tried Combofix but it gives me a blue screen each time I run it. I have tried safety.live.com and while watching it scan the kernel, 2 issues were detected. After an exhaustive scan which took overnight, it said it fixed 6 of my problems but didn't. I am not yet ready to rebuild but I want to eliminate this compromise which could be using my machine as a bot.

Answer:Malware removal

Hello and welcome to Bleeping Computer. *Please Subscribe to this Thread to get immediate notification of replies. See HERE*It is important not to make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine.*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.*You must reply within 5 days otherwise this topic will be closed.====================================One or more of the identified infections is a Rootkit/backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet F... Read more

11 more replies
Relevance 40.18%

Like a good boy I thought I would follow the procedure as spelled out and I looked at Read and Run me before posting details of my problem, but came up against another major obstacle. I don't know what sort of malware is afflicting my PC, never mind its name!!

Since I believe I have malware of some sort, I should be grateful if someone would tell me whether it is essential to Read and Run me before taking the next step. If yes, how the hell can I find out the name of the malware on my PC?

mgb
 

Answer:malware removal - I don't its name!

We don't need to know the name of the malware ...just run the steps in the Read and Run First and then attach the requested logs....it is the only way for us to see what is happening on your computer.
 

49 more replies
Relevance 40.18%

Yesterday out of nowhere my computer started to just freeze up and give the error message that such and such program is not responding, including any online activity. The first thing I tried to do was to run a scan of my computer with my virus protection software (McAfee), but the program would not run the scan at all, so I ran the Mcafee virtual technician program they offer. Upon running it, it found a few issues that it fixed, but could not fix one issues that it defined as (1 dat / engine update). I have no idea if this is related to the issues I am having. I have followed your instructions as best as possible and think that I have completed all steps as requested. I have had to do all this in safe mode with networking because the programs will not run if windows is started normally. I am still having the same issues, so here are the logs you requested. Thanks in advance.
 

Answer:Malware Removal Help Please

Please download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Attach JRT.txt to your next message.
Otherwise I am not finding any malware in your logs.

You need to move ComboFix from Downloads, where you ran it, directly to your desktop.

What issues are you still having? I may need to send you to the software forum for additional assistance.
 

5 more replies
Relevance 40.18%

Problem started yesterday around noon-ish. I was suddenly hit with alot of popups, not sure what i was doing at the time that could have caused it. At first i could use spybot and it detected smitfraud and vundo. i removed them with spybot but it did not fix the problem. I am posting this from my other computer.

I ran smitfraud fix and vundofix that i downloaded online and both came up clean, didnt detect anything.

I cant start the computer in anything but safe mode, as it goes to blue screen of death if i try to start normally.

attempts to use spybot give me "invalid floating point operation", even when in safe mode.

thanks a million!
DDS (Version 1.1.0) - NTFSx86 MINIMAL
Run by Richard at 7:42:58.31 on Tue 01/06/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2038.1776 [GMT -8:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Richard\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchU... Read more

Answer:Malware Removal Help!

Hello Rhyyke and welcome to Bleeping Computer,1. Please download GooredFix and save it to your Desktop.Select "2. Fix Goored" by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.2. Please download ComboFix from one of the locations below, and save it to your Desktop.LinkLinkLinkDouble click the ComboFix icon to run it.If ComboFix askes you to install the Recovery Console, please do so..The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.Once the Recovery Console is installed, continue with the malware scan.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Greetings,Thunder

12 more replies
Relevance 40.18%
Question: Malware removal

Hi,

Each time I try to get onto Google, I get redirected to a page that says "Welcome to nginx!". I've read all of the information on your site and gone through the preparation steps. Here is the DDS log. Thanks so much for your help getting rid of this. I appreciate any help you can give me.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Tre at 15:37:08 on 2012-04-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5611.3893 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM�... Read more

Answer:Malware removal

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

36 more replies
Relevance 40.18%

I started the "read & run" guide and I have followed all steps. I am now at the point where I should run ComboFix.
Since I don't know what I'm doing (I'm only following directions) I am hesitant to start ComboFix, due to the fact that it might screw something up.
First of all I downloaded the Windows Recovery Console package as instructed because I don't have the XP disc. When I drag it onto the ComboFix icon it doesn't install the Windows Recovery Console, it just asks me if i want to run ComboFix. I have not run it because I don't know if I should do it, since this is not what the instructions describe will happen.
Second, I have read that ComboFix might screw things up, is this true if you follow the directions exactly? What exactly can it screw up? Can I loose stuff, or?
Also, I did these steps a few days ago, and have not continued yet. The computer is still in "Normal start up mode" and the hidden files, system files and file extensions are still showing. Do I need to start the guide from the beginning or can I just continue with the rest?

I have attached what I have gotten so far from Super anti spyware and Malwarebytes. Spybot did not find anything.

Thanks for any help!
 

Answer:Q abt. malware removal

We need the MGLogs.zip from running the MGTools.exe.
 

7 more replies
Relevance 40.18%

So it would appear that I am infected with WinantivirusPro 2006, I get the pop ups constantly but I have not installed the program. I also get blank windows popping up to a certain ip address that contains information on what I was currently doing. Such as this "http://85.12.25.85/trafc-2/rfe.php?cmp=vm_mg_ff_nonusa_fail&nid=ec&uid=AB11DEAC21A011DB973F00167647FA98&guid=e0f30edd+1D10514769CC421B8E80F83036AF28EA&lid=forums%3E&url=http%3A%2F%2Fforums.majorgeeks.com%2Fshowthread.php%3Ft%3D38752&affid=862"

So I went through the steps you guys have posted and I have lots of logs for you read, I really need your help and I hope that I can make it as painless as possible. I already ran VundoFix as well and it deleted a lot of .dll files that I noticed were spyware.

Oh and for future notice, I am unable to load safe mode. My computer simply loads it and I cannot do anything but move my mouse. I do not know if this is related to spyware or not.

Attached are the various logs that were requested in the steps.

Thanks in advance,
Ryan
 

Answer:Various Malware, need help in removal Please

Here are some additional files that were requested.
 

8 more replies
Relevance 40.18%

Hello,I need help with removal of Malware. I've run several programs to no avail. Spybot S&D found several "OUTERINFO" infections and "Command Service" infections, I've removed these multiple times in Safe Mode. I keep getting pop-ups from avsystemcare.com and wallst.net and others. Could you please take a look at my HiJack log?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:47:13 PM, on 2/6/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\igfxtray.exeC:\WINDOWS\System32\hkcmd.exeC:\Program Files\Analog... Read more

Answer:Help With Malware Removal.

Hi,I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!This is somewhat suicidal in today's digital world.That's why I want you to install one first!!* Please install Avira Antivirus: http://www.free-av.com/This is a free Antivirus.Perform a full scan with Avira and let it delete everything it is finding.Then reboot.After reboot, open your Avira and select "reports".There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.

2 more replies
Relevance 40.18%
Question: Malware removal

I have gone through the SpyQuake & SpyFalcon Removal Procedures
and did not have a lot of the .dll files you were talking about. I did find and got rid of

%System32%\reglogs.DDD
%System32%\atmclk.exe
%System32%\stdole3.tlb
%System32%\ts.ico

These were the only files that were found. I have attached smitfiles.txt
 

Answer:Malware removal

Welcome to Majorgeeks!

Okay that sounds and looks good! Is everything working okay now?
 

7 more replies
Relevance 40.18%
Question: Malware Removal

MGlogs.zip attached

Working on a notepad owned by a child I babysit. He had umpteen virus's and trojans ... I have finished with the Dr Web, Malawarebytes and CCleaner ... and now shows cleaned ... he has the Fake Windows Security Center pop up continue and his McAfee real time keeps getting turned off. So now I am here doing this.

I am not able to do anything from his window's account .. I am only able to do it from the Admin and in safe mode with net. And because his OS does not have the SR for Firefox or Chrome .. I have to use IE
 

Answer:Malware Removal

We still need the logs from running:
SAS
MBAM
ComboFix
RootRepeal
 

6 more replies
Relevance 40.18%

Ok, I've downloaded and ran all programs as instructed. Here are all the logs. Please let me know what steps I need to do next.

Hitman Pro did not detect anything, so no logs to attach.
 

Answer:Malware removal help

Looks like the cleaning procedure took care of most of your problems. Just a little bit more to do.

Uninstall the below very old versions of software:
Java(TM) 6 Update 20

Now install the current version of Sun Java from: Sun Java Runtime Environment Make sure that when you see the form asking about installing Ask Toolbar that you uncheck this.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R3 - URLSearchHook: (no name) - {3bbd3c14-4c16-4989-8366-95bc9179779d} - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

After clicking Fix, exit HJT.

Please download OTM by Old Timer and save it to your Desktop.

Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
(or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
the code box

Code:

:Processes
explorer.exe

:Files
C:\windows\TEMP\*.*
C:\Users\Diane\AppData\Local\Temp\*.*

:Reg
[-HKEY_LOCAL_MACHINE\Software\Microsoft\... Read more

7 more replies
Relevance 40.18%
Question: malware removal

hello
having some troubles recently with my computer freezing......it's been running very slow the last week or so. I tried doing a hijack this log and that froze as well....any suggestions
 

More replies
Relevance 40.18%
Question: malware removal

Computer is running really slow. Please find attached logs and advise on next steps. Appears that there are issues. Thanks, sm
 

Answer:malware removal

Welcome to Major Geeks!

There is a little bit of junkware to remove and we will do that below, but this is not liklely to help too much with your PCs performance. This is more likely due to PC specs which show the below
Code:
Processor x86 Family 15 Model 43 Stepping 1 AuthenticAMD ~2004 Mhz
Total Physical Memory 1,024.00 MB
Available Physical Memory 243.25 MB
This is a rather old and slow processor. And you have about 1/3 of the memory that I recommend now for more efficient running of Windows XP SP3.

Also problems can be do to items you are running at startup ( not really a malware forum topic ) and always allow to run even when not being used. The below items are what am referring too.



O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Amazon Cloud Player] C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Amazon Cloud Player\Amazon Music Helper.exe
O4 - HKUS\S-1-5-21-2056519892-781164044-2259076700-1010\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'MCX1')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.... Read more

14 more replies
Relevance 40.18%

hello

I try for a couple of weeks to get rid of a malware which send mail from my yahoo mail account.
I ran spyboot, eset online, panda online
I have avast installed

none of them identified any virus/malware
I know I have a virus/malware because I recorded an invalid address email in my contacts list. whenever the virus sends a email to this address I get an error return.
I also receive spam messages via YM to this account.

I use other Yahoo, Gmail and hotmail accounts, but it seems it happens only with this one, because I do not get error sending messages from invalid addresses in other accounts.

please help!

Answer:Please help with malware removal

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

20 more replies
Relevance 40.18%
Question: Malware Removal

Ran all the steps listed and I'm still having probs. They started about a week ago after I had been checking the internet for mortgage refinance rates and info. My home page has been hijacked to zhaodao123.com (site is in Chinese). Prior to performing removal instructions, about 5 Chinese sites auto-added to my favorites list every time I got online, Chinese pop-ups, and icons added to desktop upon start-up. Post removal, still have hijacker, but haven't experienced the other probs (yet).

Had a hard time downloading and scanning initially, computer would go to blue screen indicating a prob was detected & Windows needed to shut down to prevent damage, disable BIOS memory options caching/shadowing, stop: 0x0000008E (0XC0000005, 0X805BFAA0, 0XBAA0FA90, 0X00000000). I didn't know what to do with that, so I just kept restarting computer and following your directions. Eventually, scans started working and computer stopped shutting down. On Spybot scan, computer stopped at 118104/133091 win32Qhost.ake and would not finish the scan (tried several times). I did delete the 8 Sogou detected up to that point. I'm assuming the attached logs indicate all of the other probs which were deleted. If not, I wrote most of them down.
 

Answer:Malware Removal

Re: Malware Removal Logs

MGlogs.zip attached
 

8 more replies
Relevance 40.18%

Hello,

I have done the instructions for Read & Run Me First. So the next thing is to attach my logs I assume.

I noticed threat alerts earlier last week after I tried to download a TV show. I normally don't download shows to my computer for this exact reason, but I see my boyfriend do it all the time and think well I could just download 1, what could go wrong?? hahaha I'm an idiot!
I had AVG installed for quite some time (I now have Avast, thinking it would help more than AVG) that just kept popping up letting me know that threats were being blocked. I tried to run a scan and thought it would rid them, but that is when I realized it wasn't working, so I download Avast and removed AVG(uninstalled). I also downloaded Malwarebytes and tried to fix it that way. After those two programs didn't work, I researched online and found your site. I thought all the info I was reading seemed more helpful than what I was finding/doing myself. So i went through your instructions and my internet seems to be working a lot better. The only downside though, is that my Avast keeps telling me that it's still blocking the Malware/Trojan horse...how do I get rid of this??? It's showing up as object c:\win32

I plan to attend school soon and don't want to have any issues with my laptop not functioning properly..if you could help that would be FAB!!

Thank you!!!
 

Answer:PLEASE HELP I am new to Malware Removal

If there is any other log you need, please let me know

Thanks again team!
 

12 more replies
Relevance 40.18%
Question: Malware Removal

I am looking for a good malware scanner and removal tool, can anyone suggest one?
 

More replies
Relevance 40.18%
Question: Malware removal

When I go to ADD/REMOVE Programs the uninstall or remove options are gone. When you open the save as option for anything, and you click on the bar next to save in, and attempt to change the destination point, my computer freezes and it says "initializing the root folders to display" and takes forever, once it is done it works as normal, If I click on my computer, a flashlight appears, and it searches forever, once opened it works fine; however when attempting to save as you can click desktop, my documents, and the others and nothing happens, it works fine with no delay.
DDS (Ver_09-07-30.01) - NTFSx86
Run by Tim at 12:43:30.47 on 08/06/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2005.1263 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
c:\program files\timberline office\shared&#... Read more

Answer:Malware removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

30 more replies
Relevance 40.18%
Question: Malware removal

I am working with my sister's laptop. She had trouble connecting to her wireless router and so called Time Warner. They told her she had a virus and so she sent the laptop to me. I ran the Malware Scans and am attaching the files.

I don't know if this will help at all with the connection issue but hopefully will help clear out her system.

Thanks in advance for all your help.

Nila
 

Answer:Malware removal

All clean and the wireless connection was working just fine per the logs you attached.
 

1 more replies
Relevance 40.18%
Question: Malware Removal

My computer is infected with MyStart Incredibar. How do I get this darn thing off? Snooping on previous threads, I downloaded OTL and ran the search fireman4it suggested to LaurFack. Please find the attached OTL file.

Answer:Malware Removal

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/461709 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 40.18%

I noticed a couple of weeks ago that my CA anti-virus had a pop up box that said 3 viruses were detected and removed from my computer. This happened a few more times, but I didn't notice any problems with the computer so I continued on my merry way. Yesterday the computer had slowed noticeably and went to Windows Task Manager and on the CPU Usage svchost.exe SYSTEM was using 50%. There were multiple instances of svchost.exe SYSTEM and svchost.exe NETWORK SERVICE. I don't know if this has anything to do with the problems I'm having, but...
 

Answer:Need Help With Malware Removal

I also attached a Kapersky on-line virus scan.
 

5 more replies
Relevance 40.18%

Hi. I (apparently in error, according to your instructions) ran ComboFix on my work computer in an effort to remove a spyware infection that attempts to coax me into installing a bogus spyware removal program. It also seems to cause hyperlinks in search results to misdirect to advertisements. My ComboFix log follows:

ComboFix 09-03-23.01 - ethan 2009-03-25 12:58:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.179 [GMT -7:00]
Running from: c:\documents and settings\ethan\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bszip.dll
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
c:\windows\system32\sdra64.exe
c:\windows\system32\sys.dat
c:\windows\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2009-02-25 to 2009-03-25 )))))))))))))))))))))))))))))))
.

2009-03-24 18:10 . 2009-03-09 12:06 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-24 15:55 . 2009-03-24 15:55 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-03-24 15:55 . 2009-03-09 12:06 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-24 15:18 . 2009-03-24 15:18 <DIR> d-------- c:\program files\Lavasoft
2009-... Read more

Answer:Help with malware removal

Howdy there and welcome to TSF Forums

I'm Steve and I will be helping you throughout this fix.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step. Please perform everything in the correct order/sequence.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

Please note that the forum is very busy and if I don't hear from you within three days from this initial post then thread will be closed.

Download GMER Rootkit Scanner from here or here. Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your... Read more

2 more replies
Relevance 40.18%
Question: Malware removal

Hey all, just wondering if you guys an help with some malware i cant remove, i ran the 'Read me first' steps and still encounter problems with my laptop including crashing and slow operating. I attached the combofix file......

cheers
 

Answer:Malware removal

Welcome to Major Geeks!

If you ran the READ & RUN ME FIRST, you need to attach the below logs that were requested:

SUPERAntiSpyware
Malwarebytes
RootRepeal
MGtools

 

5 more replies
Relevance 40.18%
Question: malware removal

hi, chaslang did a great job of removing malware and such from my wife's computer. thanks, now i would like to have mine done. i removed as much stuff as i could. here are the logs. if you could please analyze them it would be appreciated. thank you.
 

Answer:malware removal

here is MGlogs file.
 

2 more replies
Relevance 40.18%
Question: Malware removal

Problems started over a week ago. Can only boot in safe mode. Ran rkill and Malwarebytes and found mulitple infected objects and all were deleted with the exception of 3. Now, Malwarebytes is shutting down after a couple minutes of scanning. In fact, all programs are shut down..ie, "IE has experienced a problem and musy shut down" msg appears 100%of the time after >2 minutes of running.

How can I keep the system up and running to perform diagnostics?
 

More replies
Relevance 40.18%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:01:31 AM, on 26/03/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\PC Tools Firewall Plus\FWService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor\pctsSvc.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\PC Tools Firewall Plus\FirewallGUI.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\Program Files\Java\jre1.6.0_03\bin... Read more

Answer:Malware Removal Help

Hello and welcome to BleepingComputer Please print these instructions out, or write them down, as you can't read them during the fix.Download SDFix and save it to your desktop.Double-click on SDFix.exe to extract the files to C:\SDFixDO NOT use it just yet.Next, please reboot your computer in Safe Mode by doing the following:1) Restart your computer.2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.3) Instead of Windows loading as normal, a menu should appear.4) Select the first option, to run Windows in Safe Mode.5) Login to your usual account. Once in Safe Mode, open the SDFix folder & double-click RunThis.bat to start the script. Type Y to begin the script. It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. Press any key and it will restart the PC. Your system will take longer that normal to restart as the fixtool will be running and removing files. When the desktop loads the fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons. Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt in your next reply along with a fresh HijackThis log. -- If this error message is displayed when running SDFix: "The command prompt has been disabled by your administrator. Press any key to continue..."Please go to St... Read more

15 more replies
Relevance 40.18%
Question: Malware Removal

I have a machine that repetedly has a pop message indicating a virus attack.

Answer:Malware Removal

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. As you can probably see our HijackThis Team is incredibly busy at the moment, but I apologise for the delay you have experienced. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A HijackThis LogThanks,Charles

1 more replies
Relevance 40.18%

My computer has been sluggish and quits responding at times. Some keyboard keys stop working from time to time but I'm not sure if that's just a keyboard problem. I ran a full scan with Avast and it detected a generic threat. I've seen this on my machine before recently, also. I deleted it last time but thought I might need help for more thorough removal in case it's the same one popping back up. I've gone through malware and virus removal before on this machine and the last fix I made was a few years ago in which I had to reformat and wipe the restore files to get rid of a bug hiding there. Haven't had anything serious since.

I have Windows XP on an Acer laptop.

Thank you in advance.

Angi C

Answer:win 32 malware gen removal

Hello and welcome,let's look a bit more.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThe... Read more

14 more replies
Relevance 40.18%

Hi all.
I've read so many different posts from this site at one time or another but never had the need to actually post a problem of my own.
I have a laptop running Windows Vista x86 Home Premium (not mine) that has been infected with malware.
There are some important programs on the computer that are unable to be removed at this time so a fresh install (my preference) isn't an option.
Please let me know the first step which I'm guessing is the generation of some logs etc for you guys to look at.
I'm at your mercy.
Thanks in advance!

More replies
Relevance 40.18%

Ill probably have to do a reinstall but I wanted to post the logs to see how bad it actually is. I was using frostwire when it started and knew instantly what had happened. So the computer has not been used for anything but trying to fix since then. It happened last night around 12:30.
 

Answer:Malware Removal did not fix

Torch86 said:





Ill probably have to do a reinstall but I wanted to post the logs to see how bad it actually is. I was using frostwire when it started and knew instantly what had happened. So the computer has not been used for anything but trying to fix since then. It happened last night around 12:30.Click to expand...

Heres the last log
 

11 more replies
Relevance 40.18%
Question: Malware Removal

Working on malware removal
I can hear ads running in hidden web browser process.
Task Manager does not show the processes, but scans by other tools (hijackthis and GMER) show them.
GMER scan is running and shows 4 hidden iexplore.exe processes running.

Here is the DDS.txt:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by chazemery at 7:53:10 on 2012-09-08
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3071.1346 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
"C:\Windows\system32\svchost.exe"
"C:\Windows\system32\svchost.exe"
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32�... Read more

Answer:Malware Removal

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.Please do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e... Read more

3 more replies
Relevance 40.18%

Remove Security Tool and SecurityTool (Uninstall Guide). I'm stuck on Instruction #22-the instructions indicate to click on the link and download the appropiate windows operating system file. What opens is not a downloadable file, is more like a notepad file. How do I readd the Host file that I removed.

This is what appeared when I clicked on the XP link:

# Copyright ? 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

More replies
Relevance 40.18%

Hi all,I have been pointed in the direction of this thread from here - http://www.bleepingcomputer.com/forums/ind...p;#entry1408670Unfortunately, the infection I have on my computer is preventing me from running any scans as it closes the programmes before they have chance to finish, but I did manage to get the following information from a quick scan in GMER.However, I did manage to save the contents of a quick scan. Is it useful at all?GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.netRootkit quick scan 2009-09-01 19:34:33Windows 6.0.6000 ---- Devices - GMER 1.0.15 ----AttachedDevice FileSystemfastfat Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)AttachedDevice Drivertdx DeviceIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)AttachedDevice Drivertdx DeviceTcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)AttachedDevice Drivertdx DeviceUdp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)AttachedDevice Drivertdx DeviceRawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)---- Services - GMER 1.0.15 ----Service C:Windowssystem32driverskbiwkmffehlokp.sys (*** hidden *** ) [SYSTEM] kbiwkmfupqbeiu <-- ROOTKIT !!!Service C:Windowssystem32driverskbiwkmpumoogbc.sys (*** hidden *** ) [SYSTEM] kbiwkmrhbkoebb <-- ROOTKIT !!!Service system32driversytasfwpcvojfqw.sys (*** hidden *** ) [SYSTEM] ytasfwojdopkcv <-- ROOTKIT !!!---- EO... Read more

Answer:Malware removal help

Have been able to get a HJT log tonight!However, whatever is causing the problem is still capable of shutting down the programes and denying me access to the them.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 23:58:49, on 03/09/2009Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16890)Boot mode: NormalRunning processes:C:\Program Files\McAfee\MPS\mpsevh.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEc:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\Unlocker\UnlockerAssistant.exeC:\Windows\tsnpstd3.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Windows\vsnpstd3.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exeC:\Program Files\PowerISO\PWRISOVM.EXEC:\Windows\System32\igfxpers.exeC:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\McAfee\MSK\mskagent.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\FixCamera.exeC:\Pr... Read more

3 more replies
Relevance 40.18%
Question: My Malware Removal

Hi there !

Thanks for the good job you do in this forum.

I have exactly followed the instructions in the : READ & RUN ME FIRST Malware Removal Guide, and here are attached all the requested logs.

Hope someone will have a look at the whole material and advise me for the best.

Thanks once again in advance.
 

Answer:My Malware Removal

Re run Hitman and have it delete Potential Unwanted Programs

Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the file/folder tab and locate these 2 detections:

[RUN][BLACKLISTDLL] HKLM\[...]\Run : hlink32 (rundll32.exe uryk) -> TROUVÉ
[RUN][BLACKLISTDLL] HKLM\[...]\Run : iprop32 (rundll32.exe ezeb) -> TROUVÉ

Place a checkmark each of these items, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Reboot the machine.


Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.brothersoft.com/?f=afc
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.brothersoft.com?f=afc
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEn... Read more

3 more replies
Relevance 40.18%
Question: Malware removal

Hello,I have had this malware that i've not been able to remove. I've used malwarebytes and successfully removed everything but cannot seem to remove one file even after malwarebytes restarts. I've read on this forum about combofix, is that something i should try?Thanks,TowkneeREdit: Moved topic from Vista to the more appropriate forum. Please do not use ComboFix unless directed to do so by a Malware Removal team member and when your topic is in the proper forum for those sorts of logs. ~ Animal

Answer:Malware removal

Hello, not yet and not on your own.What is the malware? Post the MBAM log please.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Devices List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

3 more replies
Relevance 40.18%

I ran across something nasty today - wish I copied the name down when AVG alerted me - but can not get to the logs. I have tried to run the steps in the instructions but can't get by them. I was running AVG 2012 Free and Malwarebytes Pro. But after encountering whatever I have both become corrupt. mbam would run for 2 minutes and then vanish and attempting to run again would give me the error "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."
I would reinstall mbam and run again and after 2 mins it would vanish. Downloaded and installed SUPERAntiSpywarePro and the exact same thing happens. Tried a full computer scan with AVG and it to became corrupt. Did a full AVG removal and tried to reinstall and it fails.

Please advise. And thanks.
 

Answer:Need help w/ Malware removal

Welcome to Major Geeks!

Sounds similar to problems cause by ZeroAccess infections which is the current major cause of problems these days. One of the common signs of this infection is seeing a process running that is made up of two longs sets of numbers with a colon in between them. For example a process similar to below will be seen in Task Manager:

4187824115:216031750.exe


If you try to kill it, it will just restart in a few seconds. This is just one piece of the infection. Please see if you can do the below:

Goto the below link and follow the instructions for running TDSSKiller from Kaspersky
TDSSkiller - How to run

Be sure to attach your log from TDSSKiller
Now please also download MBRCheck to your desktop.


See the download links under this icon

Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
It will show a Black screen with some information that will contain either the below line if no problem is found:
Done! Press ENTER to exit...

Or you will see more information like below if a problem is found:
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
Attach this log to your next message. (See: HOW TO: Attach Items To You... Read more

3 more replies
Relevance 40.18%

Hi all,I'm having a little trouble with removing some sort of virus which is becoming very tricky to remove. The .dlls (jowukuyu.dll & wuganabu.dll) appear to be hidden, and the registry entries just add themselves back in every time I remove them.I can't kill the .dll process as they don't even show up in task manager.Infact, I think the following is definately part of this virus:O20 - AppInit_DLLs: c:\progra~1\kasper~1\mzvkbd.dll c:\progra~1\kasper~1\mzvkbd3.dll c:\progra~1\kasper~1\adialhk.dll c:\progra~1\kasper~1\kloehk.dll c:\windows\system32\joretido.dll c:\windows\system32\loyayono.dll,C:\WINDOWS\system32\jowukuyu.dllMy 'hijack this' log is attached & I would be very appreciative of any feedback!Thanks

Answer:Pop-up/malware removal?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable ... Read more

2 more replies
Relevance 40.18%
Question: Malware Removal

Thanks for the great directions on scanning and removing. I have followed Steps 1-7 in the Read & Run Me sticky.

I have attached the logs from Bitdefender and HijackThis. I was not able to run Panda Active Scan. I attempted from both Safe and Normal Modes. All links to Panda Software did not work. I did do a Google Search to try to find other links but all failed.

Please review my logs to see if anything else needs to be cleaned.

Thanks so much.

Mark
 

Answer:Malware Removal

I forgot to add that when I went to disable System Restore, I found that it was never enabled and that I can not enable it. The error message states that a network administrator must make the changes. The compute is not on a network and I was logged on with an administrative account in XP.

Please give me any advice on this issue. Thanks
 

14 more replies
Relevance 40.18%

Hi all - I seem to have been infected with the common google search redirect virus in firefox and IE. I ran MBAM, AD-Aware etc. but the problem still exists.

As per the instructions on this forum, I ran Hijack This (report attached) and RootRepeal (report attached). I would appreciate if someone can analyze them and help me out here.

One quick point - when I ran RootRepeal I got a message saying that "cannot read bootsector, adjust option settings" when it was scanning c:\. I adjusted all the options but it still never could scan the C:\ completely. It showed me that "MBR Rootkit Detected!" partially on the screen.

Answer:Malware Removal Help

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool.??No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 40.18%
Question: Malware removal

Hello,

My son picked up a malware from Windows Messenger.
I downloaded Spybot S&D and Malwarebytes to try to get rid of it, but the malware trace continue to come up when running the programs.
As it is still there got the HijackThis, as I understand my son has no CD/DVD emulation programs, however I have not been able to download the DSS program. I tried also with another computer, it appears the link is not working.
I enclose the GMER and Hijackthis log.

Kind regards
Ulf

Answer:Malware removal

Hi again,

Managed to get the DDS file too through another browser.

Ulf

15 more replies
Relevance 40.18%
Question: Malware Removal

Good Day

An acquaintance of mine reccommended your site to me and I would like to thank you for the step by step guide - very helpful fo a novice like myself.

I have attached the logs as requested however this will be my only post as I only have 4 attachements to send.

My Malwarebytes log was 335kb which I was told is too big to upload so I have zipped this if that's ok?

Unfortunately I could not get RootRepeal to run - my computer would frieze and after some time would tell me I needed more virtual memory - I then waited 2 hours before it crashed.

I tried again however, but unfortunately met with the same fate so I decided to move on.

I do hope this isn't a problem

Many thanks
 

Answer:Malware Removal

Fortunately the scans took care of the malware. The only thing you need to do is to:

Use windows explorer to find and delete:
c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP

Then use add/remove programs to uninstall:
LiveUpdate (Symantec Corporation)"
LiveUpdate (Symantec Corporation)"
LiveUpdate Notice (Symantec Corporation)"

If you are not having any other malware problems, it is time to do our final steps:

We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real-time protection. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
"%userprofile%\Desktop\combofix" /u

Notes: The space between the combofix" and the /u, it must be there.
This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Go to add... Read more

1 more replies
Relevance 40.18%
Question: malware removal

The OTL log is included but the computer would not allow me to run aswMBR log.
 

Answer:malware removal

Hi and welcome to the MALWARE TIPS forums!

I'm Jack and I am going to try to assist you with your problem. Please take note of the below:

I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessita... Read more

9 more replies
Relevance 40.18%
Question: Malware Removal

McAfee started to block suspicious sites. Decided to run through Malware removal. Below are the logs.
 

Answer:Malware Removal

Adding TDSSkiller Log.
 

12 more replies
Relevance 40.18%

Hi thereI am having probs with my computer, it is very slow and I keep getting pop-ups. I believe the file jkkjg.dll is the problem, this is what Trojan Remover was telling me.After reading several posts on here I downloaded HijackThis and combofix. Here are the logs generated below.I would very much appreciate any help. Thnks.~~~ComboFix 08-03-01 - Lauren 2008-03-01 14:27:50.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.475 [GMT 10:00]Running from: C:\Documents and Settings\Lauren\Desktop\ComboFix.exeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!. ADS - system32: deleted 69550 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\cookies.iniC:\WINDOWS\system32\bsmempcj.dllC:\WINDOWS\system32\cbriyvyn.dllC:\WINDOWS\system32\efcdedb.dllC:\WINDOWS\system32\eiqsgarl.dllC:\WINDOWS\system32\ejrqibrn.dllC:\WINDOWS\system32\eupxaovj.dllC:\WINDOWS\system32\gjkkj.iniC:\WINDOWS\system32\gjkkj.ini2C:\WINDOWS\system32\hjtnruqj.dllC:\WINDOWS\system32\jkkjg.dllC:\WINDOWS\system32\mcrh.tmpC:\WINDOWS\system32\nnnkiji.dllC:\WINDOWS\system32\nuttwymq.dllC:\WINDOWS\system32\qvyeluha.dllC:\WINDOWS\system32�... Read more

Answer:Malware Removal Help

Bump

Please, can anyone help me out with this?? Desperate here!!

3 more replies
Relevance 40.18%

Hi! So, a few weeks ago I had an issue with two trojans. One was the GAC (redirecting me to advertisement sites) and another was a System 32\services. I searched online and came across your forum. There was also a similar thread with someone having the same issues. You recommended to do your cleaning and I haven't had a problem with getting redirected. However, I am still getting a pop up from Malware bytes about the System32. I ran your scans a few weeks ago (August 9) and I have attached all of the logs! Let me know if I should rerun any of the scans/programs! Any help would be appreciated. Thanks


--Just went to add the attachments and realize you have a maximum of 5. So, I still have the mglogs.zip and the TDSSKiller log that I can attach. I know you don't like double posts so just let me know when you want me to attach it!
 

Answer:Malware Removal help

Please do the below so that we can boot to System Recovery Options to run a scan. There will be two options to choose from. One if you do not have your Windows 7 boot DVD and another when you have your DVD.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Option1: Enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

Option2: Enter System Recovery Options by using Windows installation disc:
Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



Startup Repair
System Restore
Windows Complete PC Resto... Read more

1 more replies