Computer Support Forum

Malware Removal - Help!

Question: Malware Removal - Help!

I have had my computer for four years and never ever had problem - I perform regular maintenance and I am careful when surfing.

However, yesterday I was surfing several sites using tab browsing and I believe it was a guitar tab site that I clicked on by accident that downloaded a virus to my system before I could close it.

Suddenly some sort of rogue program popped up on my screen and began scanning all my files and my system went crazy so I shut it down manually. Next thing I knew I had the blue screen of death on restart.

I rebooted the computer in safe mode and looked around and found at least one system file called "ndisio.exe" that looked to be causing problems.

I performed the "Read & run Me First" malware removal guide and then proceeded to the Windows Cleaning for XP.

I had a few issues with my internet after running SUPERAntispyware but I reset winsock and repeated this after each program and it is fine.

My system seems to be running almost normal but I am concerned that I may have missed something since I am an complete amateur in this area

I am posting the logs from each of the four programs. I hope I did everything right.

Also, I could not locate my "folder Options" in my control settings to change my viewing of hidden files which is odd because I have changed them before. Not sure why this is.

I also ran Malwarebytes twice because the first time it said not all files could be removed and then the computer restarted.

When it did a prgoram I did not recognize kicked in and began scanning my system again (looked like the virus?) so I shut it down and did a reboot then re-ran Malwarebytes. I attached both logs below so I will have five total rather than 4.

Any help appreciated!!!! Thanks!

Relevance 100%
Preferred Solution: Malware Removal - Help!

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Malware Removal - Help!

ncaione1 said:





I have had my computer for four years and never ever had problem - I perform regular maintenance and I am careful when surfing.

However, yesterday I was surfing several sites using tab browsing and I believe it was a guitar tab site that I clicked on by accident that downloaded a virus to my system before I could close it.

Suddenly some sort of rogue program popped up on my screen and began scanning all my files and my system went crazy so I shut it down manually. Next thing I knew I had the blue screen of death on restart.

I rebooted the computer in safe mode and looked around and found at least one system file called "ndisio.exe" that looked to be causing problems.

I performed the "Read & run Me First" malware removal guide and then proceeded to the Windows Cleaning for XP.

I had a few issues with my internet after running SUPERAntispyware but I reset winsock and repeated this after each program and it is fine.

My system seems to be running almost normal but I am concerned that I may have missed something since I am an complete amateur in this area

I am posting the logs from each of the four programs. I hope I did everything right.

Also, I could not locate my "folder Options" in my control settings to change my viewing of hidden files which is odd because I have changed them before. Not sure why this is.

I also ran Malwarebytes twice because the first time it said not all files could be removed and then the computer restarted.

When it did a prgoram I did not recognize kicked in and began scanning my system again (looked like the virus?) so I shut it down and did a reboot then re-ran Malwarebytes. I attached both logs below so I will have five total rather than 4.

Any help appreciated!!!! Thanks!Click to expand...

Here are the last two logs from Combofix and MGtools...

13 more replies
Relevance 47.56%

Staff Advisory: This post needs to remain here until one of the malware team advise that it can be moved. This member cannot access our malware forums due to their infection. ~ Animal----------------------------------------------------------------------------------------------------------------------Hello, I got some help from some nice people in the live chat. I have made a log with your hijackprogram and am posting it at the bottom. It created two .txt files so there are two reports. I am unable to open ANY link that has the words anti-spyware anywhere on the page or in the address bar so unfortunately I cannot post this in the malware removal forum because the internet window closes every time. I am in dire need of some help! I have a subscription to spy sweeper and it is keeping things out but I was infected with Antivirus xp 2008 and possibly some viruses because the computer was un-protected for about a month while I was in the hospital..I run with Windows XP and a wireless connection. If someone could take the time to look at this for me I would be so incredibly thankful! I offer my services as a photographer/graphic artist/professional gift shopper/myspace designer/beginner web designer. You can see what I do at www.perfectionpictures.com and contact me if you need anything at all!Current Symptoms (in the order of appearance)Random Total system crash then restart then blue screen then back to windows. msvcp71.exe is missing so a program is being prevented ... Read more

Answer:Antivirus Xp 2008 Removal Help/am I Infected? Can't Open Malware Removal Forum

Hi & welcome,I would like to try a couple things before we go much further so I have a bit better picture of what is happening and can take the needed cautions.1.) click start> run> type msconfig and hit enter.click "boot.ini" tabCheckmark /bootlogClick "apply" and "close"Reboot when askedLocate and delete this file:C:\windows\ntbtlog.txt (in case your extensions don't show it looks like a notepad)RebootLocate & post:C:\windows\ntbtlog.txt2.) Click start> run> type: cmd.exe and hit enter.type the following commands exactly as you see em & hit enter after each one:cd c:\windows\system32dir userinit.exeNote the file size please & report that back to me. Leave cmd open a sec.Back at the cmd window...Type:cd dllcachedir userinit.exedir spoolsv.exeNote file sizes & report that back to me.Type exit in the CMD window & hit enter. (this closes it)3.) Can you see also if you can get this program installed please:http://download.bleepingcomputer.com/hijac.../HJTInstall.exeSave file> run it> follow prompts to install excepting defaults.Allow it to "launch" hijackthis.Click the "Do a System Scan and Save a Log File" optionSave the log file and then it should open with NotepadGo to Edit, Select All and then Edit, Paste to paste the contents of the log hereLet me know if you had any problems with the above please.I advise keeping the system offline as much as possib... Read more

3 more replies
Relevance 47.56%

Apologies, but i'm a bit of a novice. my computer did a scan when i started it and came up with some trojans. when i tried to delete them, a malware removal programme tried to install itself so i closed the download dialog box. unfortunately, i cannot remember the name of the software that was trying to install itself. please would you review my log below and help me clean my computer?

many thanks
---------------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by 0 at 19:57:35.67 on 02/01/2010
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.3000.1826 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows&... Read more

Answer:attempted removal of trojans try to install "malware removal software

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 47.15%

Hi,I have tried many ways to get rid of some Malware that has only recently infected my PV. I hope someone can help me as this is my work PC and I need to plug back into my office network in a few days, but think this would be a bad idea at the moment.The problem first showed itself by insisting I had many viruses etc, and I should install Internet Security 2010. I have installed Malware Bytes removal tool, and installed as instructed. It found the above, said it was removed, but still it appears to exist, although the name of the infection has changed a few times, and is currently redirecting my brower to a similar page to the above malware. A popup now shows that I should install Cyber Security to remove the infections. This is obviously another malicious antivirus/malware program.I have McAfee Enterprise installed (which I can't seem to disable)I have also run SuperAntiSpywarePlus, which did the trick removing a similar problem about a year ago on a different PC. However, although this program also finds problems, and supposedly removes t5hem, the problem is still there.Please help. I have shown Hijackthis log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:58:42 PM, on 29/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\... Read more

Answer:Cyber Security removal; Malware removal not working

Hi,I have tried everything I know of to remove this pesky piece of malware. It seems to keep changing names, starting out as Internet Security 2010, and redirecting me on a google search to a webpage trying to convince I was riddled with viruii and malware, and then trying to sell me thier software, which is really just a scam. I ended up here after a few days of tearing my hair out, almost beaten. I went through the tutorials, but unfortunately that was before I fired off a post in desperation. Please delete my previous post, as I have now followed the suggested path, and run the utilities to help diagnose my problems. The resulting files are attached.Please help. I hope the files uploaded can provide an insight into whats happening.Apologies for jumping right in and posting a Hijackthis log before I had read the tutorials.ntents belowDDS.txt contents pasted belowDDS (Ver_09-12-01.01) - NTFSx86 Run by Greg.Middleton at 15:30:23.26 on Tue 29/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.3063.2330 [GMT 9.5:30]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\windows\Syst... Read more

3 more replies
Relevance 46.33%

I have run the malware removal intructions and when through each programs as they did remove some of the malware and virus. The issue that I am having is that when I open the computer under seperate user and try to run the malware removal programs via internet or through USB drive, I keep seeing a window which pops up asking me which program I want to use to open the program. I have run the computer under the adminstrator and do not seem to have problems running the

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log



View attachment hijackthis.log

malware removal steps and have attached the reports from the intructions.

Even when I try to open add or remove programs under control panel- I get the following message: "C\windoesn\system32\rundll32.exe- application not found. I am thinking that It is something to do with AVG and have removed the program with the step.

Please help....

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log
 

Answer:Help with malware removal- have run malware removal instructions

ssmehta007 said:



....try to run the malware removal programs via internet or through USB driveClick to expand...

Specific download and installation instructions are in our R&R ME FIRST guide :
ComboFix
Running from: l:\combifix\ComboFix.exe <--- belongs on your desktop

RootRepeal
Save it to your Desktop

SAS & MBAM
Installed to the Default Location - "C:/Program Files", as we suggest that you keep them after malware removal.

MGTools.zip
Download this file to the root folder of the drive where you have installed Windows (Typically this would be C:\ and thus you would have a C:\MGtools.exe file after downloading). ​
Please make those corrections and attach the missing RRlog.txt (from RootRepeal) and MGlogs.zip - normally it is C:\MGlogs.zip . Please tell me any problems you still have.
 

18 more replies
Relevance 46.33%

Hi,

I have a dell xps 8300. It started acting up about 1 week ago (freezing while working online, freezing while trying to boot). Today i got the Blue screen asking me to restart if this was the first time I had received a blue screen.
I restarted it was fine for 30 minutes and everything froze.
I restarted it and I received error beeps ( 4 beeps)
I looked that up on dell support and they said it was RAM problems.
I opened up the computer vacuumed a bit, took out ram cards and reinstalled them.
It had been working o.k.for about 1 hour and only froze once more.
I decided to try the malware removal guide and here are the logs
Malware bytes did not find anything
TDSSKiller did not find anything
MGtools ran but as soon as it was done the window closed. i don't know how to find the log
Your help will be greatly appreciated
 

Answer:malware removal - have followed malware removal guide

I still want to see the log from Malware Bytes please.





MGtools ran but as soon as it was done the window closed. i don't know how to find the logClick to expand...

Should be directly on C:\ if that's where you boot Windows from. If you really cannot find the log, you'll have to run MGTools.exe again in order to produce a MGlogs.zip. Thanks.
 

20 more replies
Relevance 46.33%

I read and followed precisely "Vista and Win 7 Malware Removal/Cleaning Procedure"

My issue: I was informed my my isp the following: "Mail Log Parsed from Feb 15, 2013 19:47:04 to Feb 16, 2013 19:47:04 User sent approximately 141,801 messages to 136,591 unique recipients. There were 2598 bounces received in this period, 1 percent of the emails sent. "

I have AVG, running constantly. ISP changed my password to stop the mail. I ran AVG in safe mode. Still not sure trojan erradicated. ISP referred me to your site.

I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.

Please advise if you believe my system is clean, or what further I should do. Since I haven't seemed to find anything, it's hard for me to be comfortable that it's clean.

Thank you emmensely!!

Mike Sieber
 

Answer:Help with malware removal--have performed removal instructions

Welcome to Major Geeks!




mike sieber said:





I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.Click to expand...

Not problems. It is just junk from AVG. All of your logs are clean. Many times when something like this happens, it is not an infection. It is due to a spammer/spammers getting your email login and password and they use it from other PCs to send out their spam. There are cases of infections that can cause spamming ( like some master boot record or partition infections ) but you show no signs of these.


If you are not having any other malware problems, it is time to do our final steps:
We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to ... Read more

3 more replies
Relevance 46.33%

I posted the software forum yesterday and was instructed to complete the malware removal steps and repost here. I have a new computer running Windows 8.1. When I say new, I mean I started having problems within a couple of hours after turning it on!

I have McAfee antivirus protection and downloaded and installed my MSOffice 2013 Home and Student. All seemed to be fine. The MSOffice was up and running and McAfee said I was protected. Suddenly and I don't remember what I was doing...it said Microsoft something (sounded like an antivirus or firewall something) had detected several problems and I needed to "clean my computer". Oh so ignorant of all that was going on with learning Windows 8.1 after using XP for years I told it to clean. Somewhere in there it suggested I do a system restore. All seemed OK until I realized MSOffice was no longer there. I tried to download it again and reload, but with no luck. It occurred to me it had something to do with the system restore so I tried to undo the restore. That of course didn't help. I'm also now getting messages from McAfee that I am covered and safe but that my firewall is turned off and needs to be turned on. However I can get McAfee to do nothing. I can open a screen, but nothing I do makes it do anything. I tried downloading their "Virtual Technician" before I started the process you recommended and it acted like it was downloading, but 20 minutes later it was still "spin... Read more

Answer:malware removal help - removal instructions attempted

Can you try running the tools that were not working before including Hitman, in safe mode please. Let me know how you get on.
 

16 more replies
Relevance 46.33%

Hello!
In reading more of these threads I can see Im not the only one with the iexplore issue.
Glad to know it can be corrected!!!!

I have multiple pop-ups and my computer is as slow as dirt.
When I get home at 3:30 Calif time I will do the HJTInstall.exe thing and post the results.
Would the results of one that was done two days ago help? Yes I was having the issue then and another company did one and told me to email it to someone, which I did but I havent heard anything back and my computer is close to useless at this point.
Can MFDnNC or anyone else help?
Thanks!!!!
Ginny
 

Answer:malware removal/popup/iexplore removal

16 more replies
Relevance 46.33%

Since the ComboFix will not run on Vista or Windows 7 64-bit, I have to look for new malware/virus removal apps... It was good while it lasted. So what tools do people use for Vista these days when the computer says: "WARNING! YOURS COMPUTER IS AN INFECTED BY HARMFUL VIRUS!!!!"

Answer:64-Bit Virus Removal & Malware Removal Tools?

64-bit Anti-Virus:List of 64-bit Anti-Virus For VistaAnti-virus protection in 64-bit environmentsFree Anti-virus:avast! Free Antivirus Avira AntiVir Personal - Free AntivirusAVG Anti-Virus Free Edition 8.5Microsoft Security EssentialsPanda Cloud AntivirusKingsoft Free Antivirus (Cloud Scan)Paid for Anti-virus:NOD32 Anti-Virus PersonalMcAfee AntiVirus PlusTrend Micro AntiVirus plus AntiSpywareNorman Antivirus & AntispywareCA Anti-Virus Plus Anti-Spyware64-bit Anti-Malware tools:Malwarebytes Anti-MalwareSUPERAntiSpywareKaspersky Virus Removal Tool - How to install and use documentationSpyware TerminatorWindows Defender (64-bit)PrevxSpybot S&DAd-AwareNorman Malware CleanerSunbelt Counterspy (free Trial)Comodo BOClean Anti-MalwareSophos Anti-rootkitSanityCheck Advanced Rootkit and Malware DetectorESET Online Antiivirus ScannerESET SysInspectorAnVir Task Manager FreeWinPatrolStart with these:How to use Malwarebytes' Anti-Malware to scan and remove malware from your computerHow to use SUPERAntiSpyware to scan and remove malware from your computer

3 more replies
Relevance 45.92%

Hi,

I am the IT manager in my company.

I have a co-worker, his computer has search redirect issue. That means most likely it has malware.
Then i installed some major malware removal: Spybot Search & Destroy, SUPERAntiSpyware, Malwarebytes

After i installed them, i cannot launch them(That definitely means it has some kind of malwares)
I needed to rename their .exe files, after i can run them and scan my computer.

SUPERAntiSpyware, Malwarebytes found something, but didn't solve the problem, search redirect and
blocking malware removal software are still there. Now i am running Spybot Search & Destroy will see what happened.

By the way, i run them in safe mode because when i logon window to normal mode, it is slow (like it takes a long time to explore hard drive, etc). I suspect the malware slow down my pc. hopefully not registry corrupted or something, but works smoothly in safe mode.

So you guys have any suggestions? or you need a log file from combofix?

Please advise,
Tommy

Answer:malware: google yahoo redirect and can't launch malware removal software

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

5 more replies
Relevance 45.92%

I have scanned with AVG with the latest updates. On top of that insidious google redirect I get random pop ups even when I don't already have IE or Firefox running. Also getting sounds in the background like I'm clicking on a link, surfing the net when I'm not. And SYSTEM in task manager is hogging a ton of memory.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:52:42 PM, on 8/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeC:\... Read more

Answer:persistent malware undetected by virus scans and malware removal tools

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

2 more replies
Relevance 45.51%

I did a hijackthis scan and here's what I got:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:18:17 PM, on 4/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\WINDOWS\System32\00THotkey.exeC:\WINDOWS\system32\TFNF5.exeC:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynT... Read more

Answer:Malware Blocking Acess to Spybot, Microsoft Malicious Removal Tool and other anti-malware programs

Hey guys I solved my own problem. I completely reinstalled windows. (It was about that time anyway)

2 more replies
Relevance 45.51%

Gud day to everyone,

My computer having some malware activity, i have used adware 2008, spyware removal tool, norton anti-virus and other removal tool, but still those malware cannot be deleted.. My Computer icon could not display its properties, instead it appears like a file when you see its properties. It also disabled TCP/IP that why until now i cannot connect to the internet.. I don't have WindowsXP SP2 cd for repair..

Please help me as soon as possible, because it is a server..

Answer:Urgent! My XP SP2 have malware activity!.. cannot remove using malware removal tool

Hello frozenfire03, Welcome to TSF!

I recommend that you read this article… "Having problems with spyware and pop-ups? - First Steps"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.

When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Good Luck with it.

Kind Regards,

7 more replies
Relevance 45.51%

I was surfing the web today and I believe I clicked on a pop up by mistake when I shouldn't have. Avira then blew up with Malware alerts and I knew I had a problem...

I did a virus scan and it removed the detections found but when I did a restart they were back again. Also, the virus seems to move itself around to other .exe files. I found it had infected moviemaker.exe so I manually deleted the file as I don't need it but as soon as I emptied my recycle bin the moviemaker.exe file returned back to its original folder.

I'm afraid something really nasty has infected me. Avira is detecting it as a W32/Infector.Gen2 and Maleware Bytes is detecting 2 Malware.Packer.Gen files.

I went through the Read Me First steps on this site and preformed everything it asked. However, I was unable to uninstall my previous JAVA (ver 19) and was not able to install the newest version of JAVA. Both gave me errors that the installation program wasn't working.

I'm attaching the logs here. Can anyone help me get rid of whatever is infecting my machine? I would really appreciate the help!
 

Answer:HELP-Requested Malware Removal (Infector.Gen2 / Malware Pacger Gen)

Here is the 5th log.
 

6 more replies
Relevance 45.51%

Please help me,
I cannot access any internet (wifi & ethernet) after malware removal using GridinSoft Anti Malware. I already updated network drivers, but it's still not working.
 

More replies
Relevance 45.51%

Hi, I'm suddenly having a lot of trouble with malware. My computer seemed to be running okay but I ran Malwarebytes as I occasionally do, and it picked up a fair amount of malware on my system. I deleted it and rebooted, but that's when my problems really began. Upon restarting, my internet connection has become almost unusable. It's extremely slow and generally I can't even open a page that I want after trying to refresh several times. Oddly though, google is working perfectly and a few other sites seem to work too, including this one. I've tried running MBAM again and again, each time it picks up more malware and I remove it, then reboot and the cycle renews. I can't seem to get rid of all of it, every time I scan my system there's just more of it. I've tried ComboFix but it doesn't seem to have done anything. One persistent thing seems to be photo_id.exe, I've got a few messages from MBAM saying it can't be removed and I need to reboot. Also, I've noticed that if I'm trying to reach a webpage, although it won't load there seems to be some redirecting, for example I just tried to reach a wikipedia page and it says &quot;The server at topsearchfeed.com is taking too long to respond&quot; For some reason I can't bloody format this properly no matter how hard I try, so here's an attached HJT log:
 

Answer:Malware removal attempt led to unusable internet, still can't remove all malware

problem has become more serious, now my mother has told me that the internet on her laptop is also extremely slow and essentially unusable, I'm worried that something from my computer has got on to hers via the wireless network we're both connected to. Somebody please help me
 

2 more replies
Relevance 45.1%

Hi. I am trying to diagnose a problematic laptop for a friend. I don't know the details of what happened to cause the problems. The main problem I can detect is that the laptop is EXTREMELY slow. It seems like anything I try has a delayed response (even a simple mouse click). I followed the Malware Removal Guide, but was only able to run two of the five suggested tools as follows:

1) SUPERAntiSpyware - I ran this after manually updating the definition files on the version already installed and the scan found nothing.

2) Malwarebytes Anti-Malware - I was not able to update the definition files for the current version installed. After several attempts to uninstall this (via the Control Panel), I was able to do it via CCleaner. However, I was not able to re-install a more recent version due to problems with the Windows Installer service. After uninstalling an outdated version of Java (Update 14) via the Control Panel, I have not been able to install/uninstall any more programs.

2) combofix.exe - not compatible with 64-bit OS

3) RootRepeal - did not run on 64-bit OS

4) MGtools - did run; kept getting errors, but continued to completion

Attached are the SUPERAntiSpyware and MGTools logs:
 

Answer:Possible Malware preventing me from running malware removal tools

I am not seeing any malware in those logs. I do not know why MalwareBytes would not run, are you able to run it in safe mode? How does the PC behave when you use safe mode?

More than likely I think I will be sending you off to the software forum.

We can do this:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:



O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsM... Read more

5 more replies
Relevance 45.1%

Had a machine in riddle with viruses which we duly cleaned up and removed without incident. Uninstalled the applications one at a time, restarting each time it was required and all was good.

After removing the last app (dont ask me which one it was I cant rememebr) the machine no longer starts.

It's boot cycling but once we disable automatic restart on system failure it brings up a STOP 24 error.

Have booted to puppy linux and examined the hard drive (which is SATA btw) and the data seems intact so we can assume, physically at least, that the drive is good.

Booting to an XP CD and attempting to access the recovery console to run chkdsk /r and it appears the drive is either not detected or is empty (the latter we know not to be the case)

Boot to an X CD to attempt a repair install and it tells me there is no hard drive present.

Check the BIOS and the drive is detected properly. swap the hard drive for a SATA CD and it detects the CD without issue which makes me thing the SATA controller must be functioning too.

Now it seems that the this single disk system has some kind of RAID configured on it according to the boot screens. My next step would be to remove the RAID but I'm concerned it might format the drive. Is this likely? It has an ASUS A8R-MX/S motherboard but the info I get from their site is a little vague.

Am I on the right track with the RAID thing or way off base, help me folks its driving me nuts.
 

More replies
Relevance 45.1%

Please find attached the logs from the scans in the Windows XP Cleaning Procedures. I followed the Cleaning Procedures but still have a problem. The problems can be pinpointed to yesterday when I surfed to a web site without having an up-to-date Anti-Virus definition files. Before I knew it, I had an infected machine.
There seems to be 2 problems.

(1) After restarting the computer, Windows File Protection gives following message.

Windows File Protection
Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. Insert your Windows XP Profession CD2 now.

I have Dell OEM Windows XP Media Center 2005 installed on my Dell Dimension 5150/E510. Problem is, Dell has a Windows XP re-installation CD but Dell states there is no 'CD2'.

(2) I keep getting pop ups every time Internet Explorer is open. The pop ups occur on their own.

Hopeful you can help me to fix the problem. :confused
Thanks,
Ankur

p.s. Please note, the AVG Anti-spyware log is not attached because it was not generated by the tool. I scanned my computer using Trend Micro (after updating virus definition files) and I can provide the logs if you need.
 

Answer:Malware problem not fixed with Malware Removal instructions

Welcome to Major Geeks!

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
Java 2 Runtime Environment, SE v1.4.2_03

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F3 - REG:win.ini: load=C:\WINDOWS\system32\mlljg.exe
O2 - BHO: (no name) - {3F7BDD0B-0462-4F19-8B87-54D83601B87C} - C:\WINDOWS\system32\mlljg.dll
O2 - BHO: (no name) - {B8AFD866-6B8B-490E-DA2E-39E671810F96} - C:\WINDOWS\system32\mknamps.dll (file missing)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime

After clicking Fix, exit HJT.


Now download The Avenger by Swandog46, and save it to your Desktop.

Extract avenger.exe from the Zip file and save it to your desktop
Run avenger.exe by double-clicking on it.
Check the 'Input script manually' box.
Click on the magnifying glass icon.
Copy everything in the Quote box below, and paste it in the box that opens:




Files to delete:
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\mlljg.exe
C:\WINDOWS\system3... Read more

9 more replies
Relevance 45.1%

Dell m1330 Vista home premium. I have malware isses, frequent memory dumps, google redirection and something is preventing me from running or installing anti-malware programs. I had to install malwarebytes using the rename method, but the program will not run in safe mode or normal. I had spybot previously installed but I was also prevented from opening, so I tried reinstalling, but before it can complete the installation I get the blue screen of death memory dump! Before reading the procedure I ran coolweb, kill2me, windows defender and windows malicious software tool. None of the programs found anything. I also perfomed a couple system restores, but both failed.

Should I continue with the cleaning procedure (combofix), or does anyone know how I can get malwarebytes and spybot to run?
 

Answer:Trying to follow malware removal procedure, but malware is preventing me?

Here's my MGtools log, it was the only program that worked.
 

4 more replies
Relevance 45.1%

Hi, i got infected because i was triying to run malwarebytes and it skip the part of analising the files, it ended in arount 1 minute in a full scan, and i tried to download dr web cure it, and it dont allow me, the computer seems fine, but those things are very strange, and when i was running the scan i was in safe mode...
 
thanks for the help

Answer:Malware infected, malware removal tools useless

Greetings samidelcueva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

0 more replies
Relevance 45.1%

Four steps that will keep your PC happy, healthy, and crap-free

Malware sucks. In the best-case scenario, it craps up your system with unwanted files and occasionally makes itself known in the form of a persistent pop-up window or annoying browser-based toolbar. In the worst-case scenario, malware completely takes over your desktop or laptop and ruins your life.

Your system slows to a crawl. You can’t even boot into Windows in the time it takes you to walk to the kitchen and back. Your data gets sent off to a faraway Internet land or, worse, your actual keystrokes are recorded for some unsavory individual to see. Malware locks down your browser, making you unable to actually do any browsing without being carted off to some bogus domain. You can barely run a program in Windows without getting bombarded by fake advertisements, programs, and dancing people on your desktop.

We can’t make this stuff up.

So what’s a computer enthusiast to do? Step zero: Read this guide, because we’re going to walk you through all the key details you need to know to both rid your computer of this junk and keep it free of downloaded nasties forevermore.



Read more at:
Maximum PC | Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Answer:Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Most excellent reading, thanks for posting for all to see, I , myself, use most all of these myself, the only paid program i have is malwarebytes, the rest are free add ons or are free programs . Thanks.

5 more replies
Relevance 44.28%

HEY GEEKS NEED A LITTLE HELP. I HAVE A WINANTIVIRUS POP U THAT COMES UP EVERYTIME I AM ON THE NET, AFTER U X IT OUT 5 TO 6 OTHER POP-UP COME UP ABOUT A VIRUS. I AM RUNNING AVG EVERY MORNING, SYBOT SEARCH AND DESTROY, AD-WARE 6.0. HERE IS A HIJACK THIS LOG FILE TELL ME WHAT TO GET RID OF PLZ.

EDIT: Removed inline HJT log


THANKS

DOOKIE
 

Answer:winantivirus removal, malware removal

Hi and Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.


Run this first

Virtumonde aka Trojan Vundo Removal - some people also refer to this as WinFixer

Then run the below and atach the requested logs for the malware experts to look over.


Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.



When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

[*]runkeys.txt - the log from GetRunKey.bat
[*]newfiles.txt - the log from ShowNew.bat
CounterSpy - ONLY IF you were not a... Read more

1 more replies
Relevance 44.28%

Hi. Thanks for this. I need to first tell you that I don't even know how to generate the logs everyone posts here for troubleshooting. I'm sorry. Maybe someone could tell me how, then I will.

Because my laptop wouldn't even boot to the O/S last week, DELL's tech support helped me move files, reformat and reinstall the OS. I reinstalled McAfee. A security tool warning popped up. I knew it was rogue; I came here and got rid of using mbam and process explorer - very easy. Or I thought I did. On my daughter's desktop this morning, there were 3 porn shortcut links ON HER DESKTOP!!!! There was also a link to "Active Security" - trying to figure out wtf this was it turns out it was another rogue. Awesome. It at least had an uninstall on Add/Remove programs... but obviously it is not gone, if that is even the cause of all this... Thinking MBAM would be a logical quick fix, I figured I would try that. My Mbam won't load - I have reinstalled and it - it reinstalls and then when I try to quicksccan it says I don't have permissions and then I can't even open it again. I can reinstall, then it is hijacked when I try to scan. My McAfee won't scan either so both are being hijacked and I also am having the same browser redirects as others when clicking on sites from search results. McAfee can't even fix itself. In safemode, McAfee tells me the truth at least that it is not working (in regular mode it poses like everything is... Read more

Answer:Ugh - Malware Removal Tools Disbled by Malware

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Relevance 44.28%

Hiya

Im running XP, avg detected trojans, the first one it got rid of, the second one Generic13.ATHP it could only remove it partially, apparently located in in c:\windows\system32\svchost.exe

Started the Malware Removal Process as recommended, SuperAntiSpyware wouldnt install, so I changed the filename, and it has installed but when I attempt to run it I get an error message -

SUPERAntiSpyware Free Edition has encountered a problem and needs to close. We are sorry for the inconvenience

The same happens with any other malware/spyware removal program, Spybot S&D, Malwarebytes etc...

Is there anything I can do to fix this?

Thankyou!
 

Answer:malware halps/malware removal not running

Hi again,

also tried doing this (as seen in another thread)

Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

* Scroll down to ?Non-plug and Play Drivers? and click the plus icon to open those drivers.
* Then search for TDSSserv.sys
* Let me know if you find this or not.
* If you do find it, right click on it, and select Disable. Do not try to uninstall it.
* Also if this is found and you disable it, then reboot and see if you can run the cleaning procedure and attach the requested logs.


but the device mentioned is not present (although there are a few that have error "!" things next to them, but 30 or so others.

:confused have no idea if any of this will help you lovely helper person, but i guess im just trying...
 

2 more replies
Relevance 44.28%

Have got a strange one, where have attempted to remove XP antispyware 2009 using malware antimalwarebytes. Looks to have been partly successful - but have got something else interfering. Frequently have pages on IE as "not found".

Have posted HJThis log and Malware Antimalwarebytes log below. Thanks for any assistance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:58, on 08/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdjserv.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologi... Read more

Answer:Malware - blocking removal by malware antimalwarebytes

16 more replies
Relevance 44.28%

Hi all, 
 
Recently on Chrome browsing on a site a received a web site popup saying "Your browser contains MALWARE. You have to install Chrome Malware Removal Tool". Confirming with OK opens an extension page:
 
https://chrome.google.com/webstore/detail/chrome-malware-removal-to/mbdoonnjlifcmakklcaembokjhjikank
 
I have a strong suspect this is a malware!!!
 
What I'm trying to understand if what kind of malware infected the web site I visited. Some technical specs could be useful . The web site is of a my friend and I'd like to help them to identify the malware infected their web site...
 
 

More replies
Relevance 44.28%

About a week ago, I noticed that when running Internet Explorer www.google.com that clicking on a website would take me to an add instead of the website. If I clicked back and clicked on the website again, it would correctly go to the website.

A day or two before noticing this issue I had upgraded to AVG 8.0 Free and had installed the latest Firefox version.

I am running a Windows XP Professional SP2, Intel Pentium 2.8 GHz.

I ran the instructions at forums.majorgeeks.com/showthread.php?t=35407 and am still experiencing the same issue as described above.

Any help would be greatly appreciated! This is the first forum I've ever posted to so be patient!

Thanks,
Deb
 

Answer:Malware - Exists after running MalWare Removal

This is the last of the Malware log files.

Thanks again!
Deb
 

2 more replies
Relevance 43.05%

When I try to run a scan from usind AVG anti-virus, Avira, Windows Defender, or SuperAntiSpyware; when the scan gets to a certain point, Windows shuts computer down with a blue window. It says Kernel_Stack_ Inpage_ Error plus some standard verbage about if you recently installed sortware/hardware,see administrator, etc. At bottom it says: STOP: 0x00000077 (0x00000001, 0x00000000, 0x00000000, 0xF79B1D24). I could sometimes run AVG scan in "select drives/folders" mode but recently it quit allowing that after I upgrade to AVG 9 (free). I uninstalled AVG and went to Avira but with same results. Scanning with Windows defender did the same. I recently installed and ran SuperAntiSpyware and was able to pinpoint problem to " System Volume Information" directory. I am unable to open to see contents as Windows shows no files in it. When I ask Ariva to scan it, Ariva says no files also but if I use AntiSpyware to scan, it shows many files during it's scan but will get to a certain point and computer will shut down. I can almost see file that shuts it down but it happens too fast to catch it. I was able to run "RootRepeal" and log is below. I was not able to run "DDS.scr".

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/30 13:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepe... Read more

Answer:Unknown malware/virus won't let any anti-virus/windows defender/malware removal progran to complete scans

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

23 more replies
Relevance 42.23%

I have followed recommended protocols to suceessfully remove the "Trovi" malware from my computer.
But have one minor problem.
The virus removal programs successfully removed the malware programs, as the program no longer runs on my computer.
But the malware appears to have left code in the windows startup directing the computer to run files which are now no longer present on my computer.
Problem is that this causes the following Windows Popup box "Run DLL" to come up , before any other windows startup programs run.

The Pop up box contains the following wording"

" There was a problem starting
C:\Users\LESTER\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
The specified module could not be found."

Does anyone have any suggestions on how to get rid of the code lines in start up that lead to the popup box, so that it will no longer occur at computer start up.

Thanks.
Lester
 

Answer:Trovi Malware - "Run DLL" pop up box remains on windows startup after malware removal

Follow this thread and attach requested reports

http://malwaretips.com/threads/malware-removal-assistance-how-to-get-help.20334/
 

1 more replies
Relevance 42.23%

My computer recently became infected. At first, my taskmanager and regedit were locked. Next, my desktop background was locked. I fixed these problems, but continue to be bombarded with malware in my running processes which regenerate upon rebooting. Eventually, I could not startup Windows. Once the Windows loading page was finished, my computer would restart. I upgraded to XP Pro, can now log on, but still have malware. Please help! Thanks for your time!
 

Answer:completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have malware

Re: completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have mal

Here is my MGTools.zip log. Thanks in advance for your help. Any addition info needed please let me know. Take care.
 

4 more replies
Relevance 41.41%

I ran the steps in the Malware removal guide, i haven't seen any new pop-ups, but i noticed that there were a few problems that bitdefender could not fix, and my laptop is still running slow.

I am running windows XP, and will attach all logs.

Thank you in advance for all you assistance.
 

Answer:ran all the steps in "Read & Run Me First malware removal guide," still have malware

Re: ran all the steps in "Read & Run Me First malware removal guide," still have malw

Here are the last three logs.
 

10 more replies
Relevance 41%

Hey,

So I got infected with this virus/malware MS Removal Tool. Things that I noticed: it created a file nvpcpl.dll, hid all my d drive files and removed 90% of the items from the Start > All Programs menu. I ran through all the scans but still cant seem to get the programs in the All Programs menu back. Attached are my clean scans in the order recommended. Just as an fyi, C: is my primary drive, D: stores all documents/pictures/music, F: is the external hard drive. Thanks for the help.
 

Answer:Malware removal help - MS Removal

Things that I noticed: it created a file nvpcpl.dllClick to expand...

See this link About nvpcpl.dll You do not have macafee installed and I am not seeing the file in your logs. Do you still see it? If so give me the full file path. But you also have NvCpl.dll running which relates to Nvidia which IS installed.

Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.


Right-click OTM.exe And select " Run as administrator " to run it.
Paste the following code under the area. Do not include the word Code.

Code:


:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}]

:files
C:\Documents and Settings\All Users\Application Data\oJh06504hBkGg06504

:Commands
[emptytemp]
[Reboot]

Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
Push the large button.
OTM may ask to reboot the machine. Please do so if asked.
Copy everything in the Results window (under the green bar), and paste it into notepad, save it as something appropriate and attach it into your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file prese... Read more

3 more replies
Relevance 40.18%

Hi. I (apparently in error, according to your instructions) ran ComboFix on my work computer in an effort to remove a spyware infection that attempts to coax me into installing a bogus spyware removal program. It also seems to cause hyperlinks in search results to misdirect to advertisements. My ComboFix log follows:

ComboFix 09-03-23.01 - ethan 2009-03-25 12:58:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.179 [GMT -7:00]
Running from: c:\documents and settings\ethan\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bszip.dll
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
c:\windows\system32\sdra64.exe
c:\windows\system32\sys.dat
c:\windows\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2009-02-25 to 2009-03-25 )))))))))))))))))))))))))))))))
.

2009-03-24 18:10 . 2009-03-09 12:06 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-24 15:55 . 2009-03-24 15:55 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-03-24 15:55 . 2009-03-09 12:06 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-24 15:18 . 2009-03-24 15:18 <DIR> d-------- c:\program files\Lavasoft
2009-... Read more

Answer:Help with malware removal

Howdy there and welcome to TSF Forums

I'm Steve and I will be helping you throughout this fix.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step. Please perform everything in the correct order/sequence.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

Please note that the forum is very busy and if I don't hear from you within three days from this initial post then thread will be closed.

Download GMER Rootkit Scanner from here or here. Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your... Read more

2 more replies
Relevance 40.18%

HI I am not new to reading forums, but now I need your help. I have been infected with Systemsecurity and have been able to run Malwarebytes in safe mode and rebooted. All seems clear EXCEPT when I use Yahoo search, I have search issues. I have been reading that I might have to do more than what I have done. Attached are the LOGS requested. Can you help me figure out if I need more action so that this does not pop back up? Thanks for your help.

Answer:Malware removal help

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTL ReportPlease download OTL from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results (if any) into this thread.

10 more replies
Relevance 40.18%
Question: Malware removal..?

Hi, and thank you before I even start . I did all the steps as per the instructions on this forum. The Superanti didn't pick up anything, nor did the Malwarebytes.

Hopefully I have attached everything correct.

The reason I am posting is because my anti-virus software (webroot) has twice picked up malware for quarantine, even after the superantispy and malwarebytes running.

Thank you!
 

Answer:Malware removal..?

The other one.
 

10 more replies
Relevance 40.18%

hey i am having a problem with a error that pops up every time i open a program.i think its malware but im not shure."The application or DLL c:\progra~1\wi9130~1\datamngr\datamngr.dll is not a valid windows image.please check this against your installation disk." please help me i am useing a valid windows copy but i do not have the disk ?? ran DDS wil post DDS.txt along with other instructions from referral (gmer etc) thanks.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Owner at 20:31:46 on 2012-01-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1031 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToo... Read more

Answer:Help with Malware Removal

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed. Note that if you do not respond within 5 days I shall no longer check this thread for replies.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
IMPORTANT - for Windows Vista and Windows 7 start all tools by using right click > Run as Administrator.


Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

A guide and tutorial on using ComboFix

Please read all the informatio... Read more

1 more replies
Relevance 40.18%

Hi, If someone could help me I would appreciate it. Seems my browser gets hijacked everyday even when I remove the virus/Troj with Malwarebytes 'Anti-Malware software. When I search google for something it seems to navigate below to 1.2.3.0 then to a google page with wrong results. Below is my Hi jack this file:Thank youLogfile of Trend Micro HijackThis v2.0.2Scan saved at 10:54:53 AM, on 12/29/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\brss01a.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exeC:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\Common Files\Microsoft Shared\VS7DE... Read more

Answer:Help with Log/Malware removal

It now says waiting for 7.7.7, I have used every spyware program i could find and I still cannot solve this problem. Is there anyway to fix this without formatting? Thank you for your help.. Below is my DDS.txt
DDS (Version 1.1.0) - NTFSx86
Run by kozm at 9:49:13.01 on Tue 12/30/2008
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.1750 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiV... Read more

69 more replies
Relevance 40.18%

Please see the attached logs. Problems were only that computer was loading slowly and a black box would pop up once in awhile.
 

Answer:Malware removal help

Hello, Bonfire




Bonfire said:



Problems were only that computer was loading slowly and a black box would pop up once in awhile.Click to expand...

You probably should look into trimming your running services - there's alot of them.

*Other than the tools our guide instructed you to save there, I strongly recommend that you clean up this account's Desktop immediately leaving only shortcut links. [ C:\Users\Integrity\Desktop ] Do not store downloads, exe files, iso files....etc on your Desktop. First it is not a safe place to keep them (i.e., you may loose them due to malware, and a cluttered Desktop is an easy hiding place for malware), and last but not least - it can have an effect on your PCs performance.

Re-run HitmanPro, activate its 30-day Trial license and fix these detections:
Malware remnants
Potential Unwanted Programs

Ignore all other detections.
Afterwards, click the Next button.
HitmanPro may want to reboot the PC in order for the changes to take affect, please do so.
After reboot and when you are back in Windows, run another scan with HitmanPro and then attach the latest HitmanPro log

Please re-run RogueKiller and run a scan. After it finishes the scan, select the Registry tab and then select any of the below that exist and then click the Delete button.




[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-260313422-843111330-963923735-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://search.co... Read more

7 more replies
Relevance 40.18%

Hi, I went through the steps and I am still having issues. There is still multiple pop-ups and ads being spammed at me whenever I use any browser. I followed the steps including the junkremover for browser hijacking and this is still occurring.
It has been happening for the past 3 days when my girlfriend brought here computer from work home to work at home. She tried to download software she needed for work from a source that was less than legit.


I was unable to upload the hitmanpro log as it exceeded the maximum allowed file size.

Also, the correct malwarebytes log did not make it to my flash drive, so I will have to retrieve the copy and upload it later tonight.
 

Answer:malware removal help

Zip the Hitman log or split it into two parts and attach it that way. Also attack the MBAM log.
 

5 more replies
Relevance 40.18%
Question: Malware Removal

Hi,

I recently downloaded a bad file that brought with it Virtumonde.Crack, 'Spyware Detection Alert' (an icon in the system tray with two circles - red and green - with an exclamation mark in the red one) and something called 'OptionInfo' which also appears with an icon in the system tray.

I've run Spyware S&D, Ad-Aware, AVG Anti-Virus/AVG Anti-Spyware and SmitFraudFix - all to no avail. Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:00:37 AM, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EX... Read more

Answer:Malware Removal

Run HijackThis and click Open the Misc Tools section
Click Open Uninstall Manager, Save list and save the log to your Desktop.
A list of programs will open in Notepad. Post the contents of the log here in your next reply.
 

3 more replies
Relevance 40.18%

Hi Members,

I need help if anyone can be so kind, I cannot get rid of the above file already used malwarebytes ver 1.33 but still no joy. I did some research and found that this file can be protected by rootkit, whatever that is, and I am loathed to got there without some help.. Thank you in anticiptation

Answer:dds log for malware removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scans:Please update Malwarebytes' Anti-Malware and run a full scan and post the logs with the DDS log. * Download DDS by sUBs from one of the following links. Save it to your desktop. ... Read more

2 more replies
Relevance 40.18%
Question: Malware removal

Have followed your malware removal guide and am attaching the log files created. System appears to still have issues.
 

Answer:Malware removal

Mgtools log as required
 

9 more replies
Relevance 40.18%
Question: Malware removal

We have malware in one computer. After running all the programs Iminent is still the home page and other pop ups keep appearing from the browser. Please help. Thank you.
 

Answer:Malware removal

jallenaz said:





We have malware in one computer. After running all the programs Iminent is still the home page and other pop ups keep appearing from the browser. Please help. Thank you.Click to expand...

I think I have rid the Iminent web page that kept opening in Chrome. Now everything seems to be working as it should.
 

18 more replies
Relevance 40.18%
Question: Malware Removal

I am having trouble getting my virus sc ans to come up clean. Many different scanners give different result so ill let the attachments speak for themselves. I have experienced only one pop-up but im trying to eliminate this problem before it becomes one.
 

Answer:Malware Removal

more attachments...
 

9 more replies
Relevance 40.18%
Question: Malware removal

Hey all, just wondering if you guys an help with some malware i cant remove, i ran the 'Read me first' steps and still encounter problems with my laptop including crashing and slow operating. I attached the combofix file......

cheers
 

Answer:Malware removal

Welcome to Major Geeks!

If you ran the READ & RUN ME FIRST, you need to attach the below logs that were requested:

SUPERAntiSpyware
Malwarebytes
RootRepeal
MGtools

 

5 more replies
Relevance 40.18%
Question: malware removal

A friend wanted me to check out their computer. Internet explorer did not work. I got it fixed however I noticed a hitchhiker named tuvaro had taken over her search engine. I ran malwarebytes and found she had quit a few hitchhikers -over 1000. cleared them with malwarebytes, so I thought. However tuvaro still hanging in there. So i ran another program called spyhunter. it found the same adware programs and more. My question is are we being fooled into thinking the free version of malwarebytes cleans anything or is there another reason I am still seeing these unwanted adware programs.
 

Answer:malware removal

11 more replies
Relevance 40.18%

I have read and followed all of the instructions on the malware removal guide. As of right now, I am no longer having pop ups, but my add or remove programs is not loading correctly, and the online scans still found malware on my computer. Here are my scans. I would greatly appreciate your help!

-Jenna
 

Answer:Malware Removal Help

The rest of the scans...
 

15 more replies
Relevance 40.18%

I Have run everything suggested, but I still seem to have a problem. I also ran IOBit 360 which still finds a trojan. When I run CCleaner it cleans GBs out of the temp file.
 

Answer:Help with Malware removal

I Have run everything suggested, but I still seem to have a problem. I also ran IOBit 360 which still finds a trojan. When I run CCleaner it cleans GBs out of the temp file.
 

7 more replies
Relevance 40.18%

My PC is very slow at loading certain web pages. Also the speedtest.net website hangs up at "searching for best server based on ping." An identical PC on the same router does not have these symptoms.

My logs are attached. I was unable to get a log froom HitmanPro because it hangon a screen asking me for my installation key.
 

Answer:Please help with malware removal

Welcome to Major Geeks!



HowardW said:





My logs are attached.Click to expand...

No logs were attached.





HowardW said:





I was unable to get a log froom HitmanPro because it hangon a screen asking me for my installation key.Click to expand...

Hitman Pro is free to use for scanning. You do not need a key. Please just run a scan and save a log to attach.
 

13 more replies
Relevance 40.18%
Question: Malware Removal

Ran all the steps listed and I'm still having probs. They started about a week ago after I had been checking the internet for mortgage refinance rates and info. My home page has been hijacked to zhaodao123.com (site is in Chinese). Prior to performing removal instructions, about 5 Chinese sites auto-added to my favorites list every time I got online, Chinese pop-ups, and icons added to desktop upon start-up. Post removal, still have hijacker, but haven't experienced the other probs (yet).

Had a hard time downloading and scanning initially, computer would go to blue screen indicating a prob was detected & Windows needed to shut down to prevent damage, disable BIOS memory options caching/shadowing, stop: 0x0000008E (0XC0000005, 0X805BFAA0, 0XBAA0FA90, 0X00000000). I didn't know what to do with that, so I just kept restarting computer and following your directions. Eventually, scans started working and computer stopped shutting down. On Spybot scan, computer stopped at 118104/133091 win32Qhost.ake and would not finish the scan (tried several times). I did delete the 8 Sogou detected up to that point. I'm assuming the attached logs indicate all of the other probs which were deleted. If not, I wrote most of them down.
 

Answer:Malware Removal

Re: Malware Removal Logs

MGlogs.zip attached
 

8 more replies
Relevance 40.18%
Question: Malware Removal

Good Day

An acquaintance of mine reccommended your site to me and I would like to thank you for the step by step guide - very helpful fo a novice like myself.

I have attached the logs as requested however this will be my only post as I only have 4 attachements to send.

My Malwarebytes log was 335kb which I was told is too big to upload so I have zipped this if that's ok?

Unfortunately I could not get RootRepeal to run - my computer would frieze and after some time would tell me I needed more virtual memory - I then waited 2 hours before it crashed.

I tried again however, but unfortunately met with the same fate so I decided to move on.

I do hope this isn't a problem

Many thanks
 

Answer:Malware Removal

Fortunately the scans took care of the malware. The only thing you need to do is to:

Use windows explorer to find and delete:
c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP

Then use add/remove programs to uninstall:
LiveUpdate (Symantec Corporation)"
LiveUpdate (Symantec Corporation)"
LiveUpdate Notice (Symantec Corporation)"

If you are not having any other malware problems, it is time to do our final steps:

We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real-time protection. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
"%userprofile%\Desktop\combofix" /u

Notes: The space between the combofix" and the /u, it must be there.
This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Go to add... Read more

1 more replies
Relevance 40.18%

Hi
Iam a Novice User.. Today i was infected by a Malware that gives a pop up"Attention!some dangerous trojan horses detected in your system..Windows Xp files Corrupted" and so on whenever i try to open Windows explorer..If i try to access internet explorer it leads to a id "http://free-viruscan.com/id/4912933/4/1/"Well this is my Hijackthis logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:07:19, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
c:\Progr... Read more

Answer:Malware removal help...

Welcome to TSF.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O2 - BHO: IE ext - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\coni.dll
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\WINDOWS\system32\coni.dll

Download Malwarebytes ' Anti-Malware at http://www.besttechie.net/tools/mbam-setup.exe or http://www.majorgeeks.com/Malwarebyt...are_d5756.html Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open i... Read more

5 more replies
Relevance 40.18%
Question: Malware removal

here are the logs after i completed the malware removal process. please look at this and get back to me. thanks

P.S: I did run Ccleaner, Spybot Search & Destroy in safe mode but couldn't run counterspy in safe mode. Instead i ran that in normal mode.
 

Answer:Malware removal

Welcome to Major Geeks!

You need to tell us what malware problems you are having!

Also you need to attach the other three requested logs from the READ ME:
CounterSpy - only for Windows XP, 2K, & NT users
Bitdefender - from step 6
Panda Scan - from step 6


Is your copy of Spyware Doctor a paid version or a free trial version?
 

13 more replies
Relevance 40.18%

Hi,

I am new to this forum and would appreciate help in getting rid of a malware on my computer. My Dell Dimension 8400 (Pentium4) running XP and loaded with Norton Internet Security 2007 seems to have been infected. Initially the internet connectivity and computer processing slowed down and there was a periodic popup message indicating that the computer is infected and copies are being made of my files. Clicking the popup took me to a site where AVS system care offered downloads to correct the problem. I did not use the downloads and ran the Norton full scan on my machine. It picked up a few files / trojans and removed them. But the problems persists (except the popup) and the NIS scan does not help further. Reading some of the threads on this website I realized I probably have a AVS System Care trojan. At this time the system and internet works off an on and I do not have access to task manager. I would appreciate any help I can get to remove this malware and be rid of the problems.

The Hijackthis log file is attached below for reference.

Thanks. Kb.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:43:01 PM, on 1/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nslsvice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchos... Read more

Answer:Need help with Malware removal

16 more replies
Relevance 40.18%

Hello, I keep getting popups and when i try to open internet explorer or mozilla i get a message that says insecure internet activity threat of attack, continue to website unprotected?
here is the text from dds.txt The weird file name was win32.....rafiab i cant get it to come up again i dont remember the exact wording. Hope someone can help.
Thanks

DDS (Ver_09-02-01.01) - NTFSx86
Run by Katy Burns at 20:41:33.32 on Sat 02/07/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.207 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Pro... Read more

Answer:malware removal dds.txt

ok security center alert says win32.Zafi.B high risk level

3 more replies
Relevance 40.18%
Question: Malware Removal

Hear are the files I attached. I finished everything. All scans and such. I will post a second one with the other two scan reports. Thanks!
 

Answer:Malware Removal

Malware Removal 2

Here is the second post with the other two reports. Thanks again!! I followed all steps.
 

5 more replies
Relevance 40.18%
Question: malware removal

I have just finished the Malware removal House cleaning scans ill attach the logs . Thank You this site is excelent

More replies
Relevance 40.18%
Question: Malware removal

I used combofix to clean my machine and would like help with analyzing the log file.
This is my first post.

Answer:Malware removal

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/430363 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

3 more replies
Relevance 40.18%
Question: malware removal

please help me remove these viruses from my computer

Answer:malware removal

Hello bosslady.. You didn't say which ones... so lets look for them.Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your ... Read more

1 more replies
Relevance 40.18%

Hello, first time here so sorry if I dont do things correctly. I have gone through the malware removal procedure and have attached my log files. The only step I had a problem with was RootRepeal. The program installed fine and started up fine but as soon as I clicked the "Scan" button my computer restarted. I tried this again and the same thing happened.

I obtained a number of viruses and malware when I was trying to apply windows xp themes for the first time. I downloaded a program called UxMultitheme or something similar. Obviously not good. Had programs like "Xp Security" and I beleive the other one was called "AntiSuite" or something like that. Tried a few things myself and managed to fix a lot of the problems but am now currently stuck.

My computer seems to be running fine except for the odd redirect in my internet browser and when I run a "HiJackThis" log I notice a few things out of order.

In any case any help would be appreciated.

Thanks
 

Answer:Help With Malware Removal

Let's start with this:

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.
* Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
* If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
* Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::

Driver::
{34AF3FE6-08DB-45DC-9522BB53AE978A5D}

File::
c:\windows\TEMP\1D.tmp
C:\Documents and Settings\Administrator\Local Settings\Application Data\1474v
C:\Documents and Settings\Administrator\Local Settings\Application Data\2054117988
C:\Documents and Settings\Administrator\Local Settings\Application Data\4b8ki
C:\Documents and Settings\Administrator\Local Settings\Application Data\abcijxytp
C:\Documents and Settings\Administrator\Local Settings\Application Data\cnhijgmcc
C:\Documents and Settings\All Users\Application Data\1474v
C:\Documents and Settings\All Users\Application Data\2054117988
C:\Documents and Settings\All Users\Application Data\4b8ki
C:\Documents and Settings\Administrator\Templates\1474v
C:\Documents and Settings\Administrator\Templates\2054117988
C:\Documents and Settings\Administrator\Templates\4b8ki
C:\... Read more

17 more replies
Relevance 40.18%

I appear to have gotten some type of malware or virus that wont allow me to run anything type of .exe file. Neither AVG nor Malwarebytes will run, they open up then crash. I installed the latest version of Hijackthis and attempted to run it and same thing, it scans for a few seconds then the program shuts down. When I try to open it back up it says "windows cannot access the specified device, path or file....etc". This is for both normal mode and in safe mode.

Not sure where to go from here since I cant even get a Hijackthis log.

Any help would be appreciated!
 

Answer:Help with malware removal

16 more replies
Relevance 40.18%

Hi,

So something was done to my MAC. Every time I click on a link I have pop-ups, I have videos on webpages for advertising and when I shut down there is a new window that asks me if I want to abort installation.

Any help would be great.
 

Answer:Malware Removal Help

Unfortunately I don't support Mac here.
You need to find Mac forum.
 

3 more replies
Relevance 40.18%

Hello All,

I was unable to do every step of the malware problem guide until I got to the program RootRepeal.exe . I am unable to download it. I have downloaded hijackthis. I can't seen to get rid of certain things. I am getting popups. My problem is a lot better as I've been working all day on it. How do I get rid of this onc eand for all? Thank you!

Answer:Malware Removal Help Please

Hi,Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.Download DDS and save it to your desktop from here or here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop. Post them back to your topic.Download GMER here by clicking download exe -button and then saving it your desktop:Double-click .exe that you downloadedClick rootkit-tab and then scan.Don't check
Show All
box while scanning in progress!When scanning is ready, click Copy.This copies log to clipboardPost log in your reply.

2 more replies
Relevance 40.18%
Question: malware removal

Hi,
i have been given a machine to clean.
Ran all programs except mgtools. having a hard time downloading it.
other logs attached. tdskiller found no threats.

any help would be greatly appreciated

thanks
Andy
 

Answer:malware removal

Can you download MGTools.exe to another computer and transfer it via thumb drive?
 

7 more replies
Relevance 40.18%

I have installed NOD32 2014. My laptop freezes at startup sometimes after the desktop appears. I am running windows 8.1 and DDS could not be run. It gives the error message 'DDS is not meant to run on compatibility mode. The program will now exit.'

Answer:Malware removal help

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.   Scan with FRST (Recovery Environment)To run FRST on Vista and Windows7:For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.Plug the flashdrive into the in... Read more

9 more replies
Relevance 40.18%

Hi there!I've gone through all the steps u recommended here. There were some slight problem during the process, mainly after running quick scan with anti-malware and rebooting as recommended, the system crashed, and have to do a restore to boot. After that I run cc cleaner again, and malware again (SAS haven't find anything earlier, therefore I skipped to run it again). In that run, malware stated -finally- everything as clean. However AVG keeps sending alerts about Packed.Protector.C in atapi.sys. (The system itself is already looking much more healthier, thanks)I'll try to attach all the logs I've created during the process. Thx in advance[Saving space, attachment deleted by admin]

Answer:Malware removal help

Never mind! I've read everything here, using the self helping methods (your analizer tool as well), and combofix (great scripts) and my pc is clean. Thx for the great posts and itineraries

1 more replies
Relevance 40.18%

So it would appear that I am infected with WinantivirusPro 2006, I get the pop ups constantly but I have not installed the program. I also get blank windows popping up to a certain ip address that contains information on what I was currently doing. Such as this "http://85.12.25.85/trafc-2/rfe.php?cmp=vm_mg_ff_nonusa_fail&nid=ec&uid=AB11DEAC21A011DB973F00167647FA98&guid=e0f30edd+1D10514769CC421B8E80F83036AF28EA&lid=forums%3E&url=http%3A%2F%2Fforums.majorgeeks.com%2Fshowthread.php%3Ft%3D38752&affid=862"

So I went through the steps you guys have posted and I have lots of logs for you read, I really need your help and I hope that I can make it as painless as possible. I already ran VundoFix as well and it deleted a lot of .dll files that I noticed were spyware.

Oh and for future notice, I am unable to load safe mode. My computer simply loads it and I cannot do anything but move my mouse. I do not know if this is related to spyware or not.

Attached are the various logs that were requested in the steps.

Thanks in advance,
Ryan
 

Answer:Various Malware, need help in removal Please

Here are some additional files that were requested.
 

8 more replies
Relevance 40.18%

here are my logs from the removal process

View attachment HitmanPro_20150116_1946.log



View attachment TDSSKiller.3.0.0.42_16.01.2015_18.16.25_log.txt



View attachment mblog.txt



View attachment RKReport.txt



View attachment history.txt
 

Answer:Help with malware removal

Still need the log from running MGTools.exe -> C:\MGLogs.zip.
 

14 more replies
Relevance 40.18%
Question: Malware removal

Hello,
I am wondering if anyone can help me with a problem. The problem is that when I use Ad-aware in full sweep mode it keeps getting stuck on a file named......InprocServer32. Does anyone know what this is? and how to remove it from my computer?
Thanks in advance,
didiohio

More replies
Relevance 40.18%
Question: malware removal

hi, chaslang did a great job of removing malware and such from my wife's computer. thanks, now i would like to have mine done. i removed as much stuff as i could. here are the logs. if you could please analyze them it would be appreciated. thank you.
 

Answer:malware removal

here is MGlogs file.
 

2 more replies
Relevance 40.18%

Alright. I hope this is the right forum section to be posting under. If not, please feel free to move it. Onward!
 
I work at a bank in the IT department. We have roughly 150 pc's that we manage. Some of these PC's connect to a terminal server, others don't. However we have been having some issues lately with people getting loads of popups. I myself actually just ran into this issue today.
 
What is happening: A user will be using the internet and all of a sudden the entire page turns into one big link. So, no matter where or what you click it will open another window. Of course it's the usual popups stating that your computer is infected and call this number, blah blah blah. So, we then run Malwarebytes. It is pretty much guaranteed to find something. Usually it finds anywhere from 3-20 things. Some of these are PuP's, others are registry keys.
 
So, after running the scan and removing the bad files I tell them they should be good to go. It usually only lasts a day or two though before we get another call and they are telling us that they are infected again and getting popups. So, we repeat.
 
What is the deal? I have tried cleaning junk files and then scanning. No luck. The issue seems to happen with any site really. When it happened to me I was actually on this website haha. Other users have it happen from the Weather Channel's website. They were using Internet Explorer so we told them to switch to Chrome. That worked for a while but now the issue is h... Read more

Answer:Malware Removal - Need Help

Sometimes it as simple as emptying the browsers cache. In other cases adware is the culprit and its removal can vary
from just using AdwCleaner, Junkware Removal Tool and Eset Online Scanner. Using CCleaner clean up is a good idea, too.
It is also common to see some trojan dropper installing the adware.
 
Rebooting the computer would be necessary to completely remove adware and malware in most cases. MBAM asks to do that, too.
 
Here is the usual instructions for using the programs mentioned above.
 
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download
 
Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program windo... Read more

8 more replies
Relevance 40.18%

Remove Security Tool and SecurityTool (Uninstall Guide). I'm stuck on Instruction #22-the instructions indicate to click on the link and download the appropiate windows operating system file. What opens is not a downloadable file, is more like a notepad file. How do I readd the Host file that I removed.

This is what appeared when I clicked on the XP link:

# Copyright ? 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

More replies
Relevance 40.18%
Question: Malware Removal

I connected my portable harddisk to my NEC laptop last week and suspected my laptop had been infected with virus. Everytime I reboot my laptop, when it prompted for boot password, the password was entered automatically without me typing. I scanned with Avast but did not find any virus.

I followed the Malware Removal Guide (everything run smoothly except when running Root Repeal, I had to close a the dialog "Error - Invalid PE image found") and attached the logs here.

Would appreciate it very much for your kind help.
 

Answer:Malware Removal

Attached is MGlogs.zip.
 

6 more replies
Relevance 40.18%

HiI was working on a malware problem with garmanma in another forum Topic referenced is here: http://www.bleepingcomputer.com/forums/t/272285/need-help-with-malware-removal/ ~ OB and we got to a point where he thought it was best to turn the case over this forum. He asked me to post the Root Repeal and DDS logs here for your review. I have also attached the zipped Attach.txt file. This was my original problem description:----------------My computer has begun responding very slowly. Boot up takes forever, programs take a long time to open, the computer occassionally hangs when performing certain functions, e.g. copy/paste in Windows Explorer, and I am having to use Task Manager a lot to end various processes that hang up and won't open or close. OS is XP Home SP3.-----------------We ran a bunch of scans and malware removers, which found and eliminated several items, and I believe the computer speed has improved. But, based on the Root Repeal log, garmanma thinks there may still be something in there that needs your help to fix. Also, when trying to execute garmanma?s instructions I found I could not boot into safe mode using the f8 method. The computer locks up part way through the driver loading. The only way I could get into safe mode was via safeboot, but garmanma has cautioned me against doing that if malware is suspected. That problem was not resolved, and I would like to get the f8 safe mode access back in operation if possible. It used to work at one time. ... Read more

Answer:Need help with malware removal

Hello,We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: log.txt info.txtThanks

20 more replies
Relevance 40.18%

Before I lose my mind here are the log files that are from the instructions that were posted. Any help is greatly appreciated. I am in hte middle of finals and have a teenager who decided to gag up our computer! HELP!!! :cry
 

Answer:Malware removal (1/2)

Malware removal (2/2)

Ok this is the second part of what was found. I hope I am understanding ll this it is definately all greek to me. Am I missing anything?? Once again help is appreciated.
 

2 more replies
Relevance 40.18%

Hi there,

I have read and run your "read me and run me first" page and now I'm asking for support.

I have run all the programs you suggested and will attach the log files.

I can't seem to get rid of Trojan.Downloader.Swizzor. The programs say it's been deleted, quarantined and disinfected, but it keeps popping up.

I'm also having some trouble with having my browser time out. I happens constantly and I have to reboot to get it to behave. Everything esle is also super super slow.

I really appreciate any and all help that you can provide.

Thanks so much.

It looks like I'll have to post the log files in stages.
 

Answer:Help with Malware Removal

Log files part 2.
 

8 more replies
Relevance 40.18%
Question: malware removal

How do I remove malware named "Best Malware" that was deposited onto one of our computers? I know that there are downloadable software packages but I don't want to intefere with McAfee Total Protection.Edit: Moved topic from Win 7 to the more appropriate forum. ~ Animal

Answer:malware removal

Hello and welcome.. Please click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.Reboot into Safe Mode with NetworkingHow to start Windows 7 in Safe Mode>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead... Read more

1 more replies
Relevance 40.18%

For the backstory to this issue, please refer to: http://www.bleepingcomputer.com/forums/t/201127/suspected-malwarevirus/ (not sure how to post the link properly - new to this)I was having trouble getting DDS.scr to work, but I changed it to DDS.pif and it worked.DDS.txt:DDS (Ver_09-02-01.01) - NTFSx86 Run by Tony at 14:44:11.79 on Mon 02/09/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1219 [GMT -8:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\Explorer.EXEC:\Program Files\Microsoft LifeCam\MSCamS32.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\RTHDCPL.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Program Files\lg_fwupdate\fwupdate.exeC:\Program Files\Nero\Nero 7\InCD\NBHGui.exeC:\Program Files\Nero\Nero 7\InCD\InCD.e... Read more

Answer:DDS log for Malware removal

Hi again. It's me again You did not make any mistakes it's just we are very busy and sometimes things get pushed behind. Sorry about that.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.If you do not make a reply in 5 days, we will need to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.E... Read more

19 more replies
Relevance 40.18%

Hi everyone, I've started through the malware removal process but whatever is on my computer will not let me navigate to my harddrives through My Computer. Is it allright to create a folder in shared documents to put all this stuff in or is there a way to work around this problem. I know I had read it was best to put everything in root c:.
 

Answer:Malware Removal Help

I found the work around on that one and moved on to superantispyware and malwarebytes... neither of which will run. I was able to get them installed by changing their names but the programs themselves won't run in normal or safe mode. Superantispyware also won't run using the alternative startup. My question is should I go ahead and move on to the combofix and continue or do I need to find a way to run one of these.
 

7 more replies
Relevance 40.18%

Hello. I've already run the steps in the "READ & RUN ME FIRST" guide and pop-ups have temporarily stopped, but I would like you to view my scan and HiJack This logs to make sure everything has been deleted. This post contains my bdscan, activescan, and counterspy scan logs. I will post a reply with the getrunkey, shownew, and hijack this logs. Thanks.
 

Answer:Please help with Malware removal

Here are the GetRunKey, ShowNew, and HiJack This logs. Thanks again.
 

13 more replies
Relevance 40.18%
Question: Malware removal

My wife's computer seems completely f**ed. Started with endless pop-ups, redirects, dropping the internet. I've done the malware removal process. Couple of things. MBAB did not give me an option to save a log. It apparently DID quarantine a bunch of stuff. Second, MGTools seemed to be denied excess many times. I'm running Win8, should I have tried to disable UAC? Also the MGzip log is in the MGTools folder. I'm going to attach it with the other logs I WAS able to get. But later in the instructions you say not to attach that log but one out of the MG.exe. I'm confused. Can't find the TDS log.
 

Answer:Malware removal

also she's got a bunch of crazy sounding folders on her drive called: doeal4ReAll, easitOshoop, Flexible SHoppeir, PriceDownloader, SSAVEEnron, StickyNotes Just popped up, and Supplement Pro. WTF?
 

9 more replies
Relevance 40.18%

Hi, I need help..!!

I seem to have some sort of malware / spyware / virus on my laptop which does not allow me to connect to internet in regular mode; but i am able to do so in safe mode.

I have scanned using HijackThis and report follows. I have tried various virus / spyware scans including SpySweeper, Spybot s&d; Xoftspy. But, I still cannot connect.

At times, a popup comes up stating that my comp is at risk; this links to "onlinesecurityworld.com" web. Also, I get 3 links on my desktop:
Error cleaner; Privacy protection; Spyware & malware protection;
all linking to "onlinesecurityworld.com".

Thanks in advance
 

Answer:Please Help.. with removal of Malware

Welcome to MajorGeeks.com, please follow our standard cleaning procedures:

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support


Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around..
When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
CounterSpy
AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
Bitdefender - from step 6
Panda Scan - from step 6
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat
HijackThis
NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
 

1 more replies
Relevance 40.18%

this is the scan info from GMER which i was told to do in the thread "buying online safe?" And no i dont have a windows disc or boot cd. ive had a slow computer for almost a 6 mon. and couldnt buy anything online because of the risks. But now im following these steps to eliminate these problems once and for all



DDS (Ver_09-12-01.01) - NTFSx86
Run by Wilfredo Portales at 19:56:01.40 on Wed 12/02/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.452 [GMT -8:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AVG Internet Security *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Progr... Read more

Answer:malware removal help

Hello -

Some of the slowness may stem from too many security products installed.


As stated in our pre-posting sticky topic...

http://www.techsupportforum.com/f50/...lp-305963.html


Quote:




If you have more than one antivirus software installed, leave only ONE and uninstall the others




While this may seem like greater protection, it can cause problems including slowdowns, system hangs or even crashes. This can happen if both AntiVirus applications attempt to access the same file at the same time. This may cause the applications to interfere with each other, or cause the system to lock up. It can also be a drain on system resources, making a machine run slower than it should.

I see you have more than one Anti-Virus program installed, Spyware Doctor with AntiVirus and AVG. Choose one to keep and uninstall the other.

Any antivirus program must be removed via add/remove program.
For any program that doesn't have an add/remove entry, you will have to do this:re-install the program -> reboot -> uninstallOf the two, I would uninstall Spyware Doctor with AntiVirus.

For now, also uninstall STOPZilla, as it can be a drain on resources.

-----------------------------------------------------------------------

As mentioned in our preposting topic:

http://www.techsupportforum.com/f50/...lp-305963.html


Quote:




3. Uninstall the following via Add or Remove Programs in Control Panel:

p2p ... Read more

19 more replies
Relevance 40.18%

I have a TON of malware on my computer. I've run quite a few free scans and they all come up with different results. I know I have the WinTools thing or whatever it's called. I tryed to end the processes WSup.exe, WToolsA.exe and WToolsS.exe, but they keep restarting themselves. I ran HiJackThis. Thanks for any help.

Logfile of HijackThis v1.98.1
Scan saved at 3:04:31 PM, on 8/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavProt.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\B... Read more

Answer:Malware removal. Please help.

I went through and deleted some stuff from my computer and registry, so I thought an updated HiJackThis log might be useful. My main annoyances have been fixed, but I'm not sure if there's still stuff running on here or if I might've screwed something up.

Logfile of HijackThis v1.98.1
Scan saved at 12:41:19 AM, on 8/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-gb\msnappau.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2004 version 6\u... Read more

2 more replies
Relevance 40.18%
Question: Malware Removal

Thanks for the great directions on scanning and removing. I have followed Steps 1-7 in the Read & Run Me sticky.

I have attached the logs from Bitdefender and HijackThis. I was not able to run Panda Active Scan. I attempted from both Safe and Normal Modes. All links to Panda Software did not work. I did do a Google Search to try to find other links but all failed.

Please review my logs to see if anything else needs to be cleaned.

Thanks so much.

Mark
 

Answer:Malware Removal

I forgot to add that when I went to disable System Restore, I found that it was never enabled and that I can not enable it. The error message states that a network administrator must make the changes. The compute is not on a network and I was logged on with an administrative account in XP.

Please give me any advice on this issue. Thanks
 

14 more replies
Relevance 40.18%
Question: Malware removal

Hi, i'm trying to fix this pc for a friend of mine without any luck so far. I've scanned it with malwarebytes which found 1800 infections and webroot which found 11 infections but the pc is still very slow and i'm sure there's still some malware on it.

I would really appreciate any help you guys can give me.

here are the scans.
DDS (Ver_10-12-12.02) - NTFSx86
Run by Michelle at 2:10:42.09 on 19/01/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.41 [GMT 0:00]

AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Webroot Internet Security Complete *Enabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: Webroot Internet Security Complete *Enabled*

============== Running Processes ===============

C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\s... Read more

Answer:Malware removal

FYI after looking at the volume of posts you guys get looking for help i decided to format the pc and reinstall windows.
thanks anyway

Brenm2

2 more replies
Relevance 40.18%

I am trying to clean up a badly infected computer for a friend. I have tried following instructions in Malware removal forum. This machine is so badly infected that I could only download recommended programs in safe mode. However, I cannot install them in safe mode and normal mode is not working properly. I did run AVG which was on the machine already. This cleaned up some stuff, but I suspect there is lots more. What do I do next? Machine is running WinXP SP1, IE V6.
 

Answer:Need help with malware removal

What happens when you try to install programs in normal boot mode? You only said you had to download in safe mode. What exactly is wrong with trying to run in normal boot mode? Have you tried booting in normal mode with your internet connection unplugged?

You need to try all steps in the READ ME. Some of them do not require installations. MGtools does not require a true installation. It is a self extracting ZIP file that just automatically runs the program. Have you tried ALL steps in the READ ME including MGtools?

If you cannot run anything and cannot get us any logs, then the answer will be quite simple and that is reinstall since we cannot begin to help you without any information.
 

17 more replies
Relevance 40.18%
Question: Malware Removal

Please help I was not able to connect to the internet without going into safe mode and I read one of the forums and found out that it was malware so I downloaded the software and ran it full scan while my computer was in safe mode,removed everything and now I can get the ie to open (thank you) but my computer is loading so slow it is like 5 mins before the desktop loads and then to actually open an ie is taking for ever. Im going crazy!!!!!:cry
 

Answer:Malware Removal

Welcome to MajorGeeks!

Please refer to our:

READ & RUN ME FIRST. Malware Removal Guide

You need to attach (See: HOW TO: Attach Items To Your Post ) the below logs created by running the requested scans
SASlog.txt log from SuperAntiSpyware.
Malwarebytes Anti-Malware log
ComboFix.txt (normally C:\ComboFix.txt)
MGlogs.zip - normally it is C:\MGlogs.zip - only attach this log from MGtools.exe DO NOT attach any logs seen in the MGtools folder.
You will need to post 2 messages to attach all four logs since only 3 attachments are allowed in any single message. Post all of them in one thread.
Be patient after posting your logs and wait for one of the helpers to get to you. It can take a while to read thru all of the logs and to create individual fixes for you.

 

1 more replies
Relevance 40.18%

Hello JonGri I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", ... Read more

Answer:Malware removal please help.

Hello Gringo,
This is very noble. I am responding to your post in another computer as the infected computer would not start. I will do what you told me to do as soon as that infected computer can have a decent screen.
Much appreciated.
Jon

22 more replies