Computer Support Forum

vundo/spyware protect 2009 malware-logs attached

Question: vundo/spyware protect 2009 malware-logs attached

Hi Guys,
Can I begin by saying a MASSIVE thank you to you all-I'd be totally lost without your help
Ok, down to business-I've done as the guide suggests, performed the XP clean up, ran the programs and I've got all the logs which are hopefully attached. The problems started a almost a week ago when the dreaded "spyware protect 2009" screen started popping up and the icon lodged itself in my system tray and I got suspicious when there was no option to get rid of it-it's disabled my windows firewall, is blocking/redirecting my IE browser with it's phony msgs etc. If you need any more info or if I've somehow left something out/attached the wrong logs just let me know-it's purely out of ignorance and not laziness if that's the case!!!:-o

Thanks again- Cheree :wave

Relevance 100%
Preferred Solution: vundo/spyware protect 2009 malware-logs attached

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: vundo/spyware protect 2009 malware-logs attached

here's the last log

6 more replies
Relevance 102.5%

The volunteer helping me on the "Am I infected" forum recommended I move my problem over here to this part of the site. I'm not sure if I'm at the point where I should reformat my computer, hope someone can help.Here's my original problems and the logs and help I've received so far: http://www.bleepingcomputer.com/forums/t/208885/ms-antivirus-2009-which-turned-into-another-one-and-now-its-that-nfrdll-error-and-malarebytes-and-superantispy-got-their-butts-kicked/I assume that you'll probably get a better explanation from my problems there, but here's the quick and dirty:Dell Laptop, currently disconnected from the Internet. (It was unable to access the bleeping computer forum anyway--just this site specifically, sites like Google, blogs, those kinds of things worked fine.)The problems started with the MS Antivirus 2009 fake spyware stuff, than the browser hijacks (I shut off proxy servers before coming to the forums), and then I got the Spyware Protect 2009 version of malware, and was only able to get Malwarebyte's to run by changing the extension to .bat after reading it here. Since I started working on these forums with DaChew, I've only followed his instructions.Currently working off my wife's computer, a Mac. Using a USB flash drive that DaChew had me immunize so that I can download the programs on this Mac and transfer them over to the infected Dell. Than I copy the logs onto the flash and move them here.Here's my DDS file, i've changed my name on it to USER.DDS (Ver... Read more

Answer:Serious Malware Infection, started with MS Antivirus 2009, Spyware Protect 2009, nfr.dll

Hello Thefactualopinion and welcome to Bleeping Computer,1. Please download GooredFix and save it to your Desktop.Select "2. Fix Goored" by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.2. Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.Double click the ComboFix icon to run it.If ComboFix askes you to install the Recovery Console, please do so..The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.Once the Recovery Console is installed, continue with the malware scan.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Greetings,Thunder

6 more replies
Relevance 100.45%

Hi,

I appear to be infected with both the Vundo Trojan and Spyware Protect 2009. After countless hours of trying and many failed attempts at fixing myself, I am begging for your help!

I am running Symantec AV, but the Defs were a few days old. (Learned my lesson there, huh.)

Here's what I've done.

1) Updated my Def files and ran Symantec virus scan. It found the spyware and removed it (or so it said.)
2) I tried to manually remove the Spyware instances in the registry.
3) I couldn't get malwarebytes to run (the trojan must be blocking the executable.) I renamed it, booted into safe mode and ran it. If found the Vundo virus, said it fixed it...but nah. Still there.

I cannot get Spybot, SuperAnti Spyware, Malwarebytes...anything to run. (With the exception of malwarebytes in safe mode and renamed.) I can't even get to the websites that allow me to download the files--gives me some nonsense about the website being not available. Thank goodness for two computers...

Anyhow, here I am. My file is probably going to look a little odd because of what I've tried. Just wanted to give you a head's up. May as well own up to it and save the both of us some trouble down the road.

Here goes the DDS.TXT file:

DDS (Ver_09-02-01.01) - NTFSx86
Run by user at 19:53:53.12 on Sat 02/28/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.520 [GMT -6:00]
============== Running Processes ===============

C:\WINDOWS... Read more

Answer:Infected with Spyware Protect 2009 and Vundo Trojan

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.Download and Run OTListItPlease download OTListIt by OldTimer to your desktop.Open OTListIt by double clicking its icon. If you are using Windows Vista, right click OTListIt2.exe and select Run As Administrator.Click Run Scan without changing any settings. When the scan is complete, a logfile will open.Copy the contents of the log into your next reply. It will be saved as OTListIt.txt where OTListIt.exe is located.Download and Run Scan with GMERWe will use GMER to scan for rootkits.Please download GMER.zip to your desktop from any of the links below:LINK1, LINK2Right click on GMER.zip and select "Extract All".Close all other open programs as there is a slight chance your computer will crash.Double click GMER.exe. If you are using Windows Vista, right click the icon and select "Run as Administrator". Your security programs may detect GMER's driver trying to load. Allow it.You may see a warning saying "GMER has detected rootkit activity". If so, select NO.Leaving the settings at default, click Scan.When the scan is complete, click Save and save the log onto your desktop.Please include the log in your next reply.Please tell me what changes have been made to the computer since your topic was started. Also give me an update on any symptoms.With Regards,The Panda

13 more replies
Relevance 100.45%

Ever since a week ago, my girlfriend's computer seems to have been severely compromised. I figured it was Vundo, because she did have it earlier and proceeded to take the same steps I did previously in order to remove it. However, it seems that it is possibly a newer trojan, or a completely different one.

At this point, I'm at my wits end and have no idea what to do. What the virus does is, it creates a .dll file in the C:\WINDOWS folder (opposed to Vundo adding it to the system32 folder) and Lavasoft's Ad-Watch will constantly state that there is a "Registry Modification Detected" and will repeat that a thousand times if not dealt with. When the internet is off, or if I use KillBox to stop the process, it will cease. However, it will reoccur if the internet is back on as a new file. The .dll files are always random letters and once or twice the same name.

Possible problems:
Vundo - some files found
Spyware Protect 2009- now a rampant virus, also tried to "scan" her comp

I've tried every scan I can come up with (Malware Bytes, Symantec, Panda Security, VundoFix, etc) and did everything on safe mode. The virus seems to only trigger when it's in a normal Windows XP environment, rather than safe mode.

Any ideas? Thank you SO much to anyone that can help!

I scanned with GMER but it did not complete, and instead, BSOD'd (at first it said something about a Page Load error, but now it's something else). I'll upload whatever was completed.

EDI... Read more

Answer:Trojan(s) Issue - May be Vundo or Spyware Protect 2009

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

19 more replies
Relevance 100.45%

So, I usually try and do this myself but this has gotten out of hand. I've been able to remove the Vundo before but this time my Vundo bug fix isn't detecting it and I'm not sure how to do it manually. Windows Defender and AVG remove some things, but they always end up coming back or when I try to completely remove them it crashes my computer completely and says 'Fatal Error'. I know this can't be good. Now, Spyware 2009 has somehow installed on my computer, I'm having trouble browsing due to pop-ups, and just...AHH. Please help. Thanks

DDS (Ver_09-02-01.01) - NTFSx86
Run by Caitlyn at 13:06:05.14 on Tue 02/17/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1285 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1&... Read more

Answer:Virtumonde/Vundo/Zlob/Spyware Protect 2009

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

10 more replies
Relevance 96.35%

I am getting three screens that come up when ever I try to do work on any program. (1) Windows Security alert (2) Spyware Protect 2009 alert (3) Spyware Alert

DDS (Ver_09-02-01.01) - NTFSx86
Run by Kim at 10:54:20.07 on Thu 02/19/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2430.1853 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)

============== Running Processes ===============

J:\WINDOWS\system32\Ati2evxx.exe
J:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
J:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
J:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
J:\WINDOWS\system32\Ati2evxx.exe
J:\WINDOWS\Explorer.EXE
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\McAfee.com\Agent\mcagent.exe
J:\WINDOWS\svcho.exe
J:\Program Files\AIM6\aim6.exe
J:\Program Files\Windows Live\Messenger\msnmsgr.exe
J:\Program Files\Messenger\msmsgs.exe
J:\WINDOWS\sysguard.exe
J:\Program Files\AIM6\aolsoftware.exe
J:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
j:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
j:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
J:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
J:\Program Files&... Read more

Answer:Spyware Protect 2009 malware

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

2 more replies
Relevance 95.53%

Hello. My kid's PC -- an HP (Model M7567C, with 2, 260 GB hard disks and 2 GB RAM) is infected by "Spyware Protect 2009" malware. The malware repeatedly displays at least 3 different pop-ups saying there's a spyware infection and offers to sell a fix; the program also prevents Explorer from working properly. There are no obvious programs/processes to shut down from the control panel. The machine has Zone Alarm Security Suite installed - I'm not sure if my kids ignored a warning or if the software mistakenly let something in. Zone Alarm technical support said to try running Malwarebytes' Anti-Malware automated removal tool, but the program doesn't seem to run (nothing happens after the program is downloaded and launched). I tried running Zone Alarm virus and spyware scans, but the program runs slowly and eventually hangs (I think I ran the Zone Alarm scan in the Windows Safe mode). I can boot the PC in Windows Safe mode, but unfortunately there is no useful restore point. I can boot the PC in the normal Windows mode but it takes 2 or 3 cold starts. I can use Microsoft Explorer (through a wireless LAN connection), but in the normal Windows mode Spyware keeps hi-jacking Explorer and displaying its rouge messages.

Before I give up and reformat the hard disk and re-imaging the disk from the backup system disks, I would like to try a less time consuming solution. Any suggestions are welcome! Thanks!

I ran the DSS scan as instructed. Here are the res... Read more

Answer:"Spyware Protect 2009" malware problem

I wanted to add some new information to my original posting that seems to be related to my problem.

When my spyware infected PC boots, I get the following messages:

"The application or DLL c:\windows\system32\digeste.dll is not a valid windows image."

"View Manager has encountered a problem and needs to close."

"Error loading c:\windows\griwapaxim.dll. The specified module could not be found."

I noticed that there was a Windows update available today (the February update of Microsoft's anti-spyware program). I installed this application; after this, Zone Alarm Suite was then able to run (up to now, it just hung up), and 2 items were quarintined: WIN32.SYSGUARD adn WIN32.TROJAN.FAKEALERT.IEH

However, there are still problems with my PC. I still can't get Malwarebytes' program to run, even when I rename the *.exe file to *.bat. It seems like whatever is still injecting my PC interferes with any anti-spyware/malware program from running properly and interferes with the operation of Explorer.

Thanks.

4 more replies
Relevance 95.53%

My computer is infected with a malware program called "Spyware Protect 2009" how do I get rid of it? I followed instructions and have copied DDS and Attach files below. popup windows keep appearing saying my computer is infected with a virus and I need to install their software.
DDS (Ver_09-03-16.01) - NTFSx86
Run by John Schlatterer at 2:44:20.15 on Mon 03/16/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.96 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files&... Read more

Answer:remove malware, Spyware Protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any scri... Read more

2 more replies
Relevance 95.12%

Hi All,

Just another sucker that bought a used computer and forgot to update Java Runtime. I got what I thought was a Vundo virus: tons of pop-ups, blocked websites, inaccessible regedit, etc. I went through the entire clean-up process as per Majorgeeks instructions and I have attached the logs. Everything seems to be fine now, but I want to make sure everything's kosher. Thanks for everything, this site is a golden kernel of corn hidden in a mass of online crap.

Apocrita
 

Answer:Vundo malware. Need help - attached logs

Here's the other log file.

Apocrita
 

2 more replies
Relevance 93.89%

Hi,

I've followed the steps in "Read and Run Me First". I will now attach the logs from each step.

I am really not sure what to edit or change and everyone's individual situation is usually a bit different so I didn't want to mess anything up by judging my problem based on somebody else's thread.

Thank you in advance for your time.
 

Answer:Vundo, Malware, Viruses - Logs attached

The last three logs.

Thank you, again. I hope someone can pick out the baddies!
 

7 more replies
Relevance 93.89%

Hi! I am a first time poster, and please let me know if you need anything else other than what I am posting here.

First off, please know that I know virtually nothing about this stuff. I can do basic PC maintenance (updates, scans, and cache clearing), but I know nothing about viruses and such nasty, evil malware as this.

I was visiting a website about 2 days ago called www.glitter-graphics.com to retrieve an image to use in another forum I frequent. There are banner ads on that site (and I thought maybe that's where it came from?), but I wasn't downloading anything. All I needed was the forum code, so I clicked on the image I wanted and then my computer started getting all sorts of popups and McAfee acknowledged there was a problem. (Wish it would have stopped it.) I ran a McAfee scan and it came up with nothing (just had mentioned it had blocked some trojan.vun or something like that, but they don't appear in McAfee's logs.) I also ran SpySweeper and it kept finding the vundo malware and kept removing it, but it never really left.

I have followed your steps in the READ & RUN section of your forums and done everything except the Combofix and the toggle restore (as my system isn't clean, I don't think.) I was too afraid to try Combofix, as there are many warnings about using it, especially if you're an amateur. This is my only PC and I can't afford a new one. Also, I would like to note that I could not get my lap... Read more

Answer:Trojan.vun and Vundo Malware - Logs attached

Hi there

We are currently reviewing your logs and will get back to you with a set of instructions as soon as possible. In the mean time can I ask you whether you accepted the agreement for Hijackthis? This log is missing, so could you run MGTools.exe again this time accepting the license agreement and attach the new Mglogs.zip that the running of it will create.

Thanks

Kestrel
 

14 more replies
Relevance 92.25%

Hello,Please help!!! I only have a couple of days to fix this comp before I leave!!!I am receiving security popups, Spyware Protect 2009 (I did not download) is in my task bar and keeps popping up with infiltration alerts, and IE keeps redirecting to http://browser-security.microsoft.com/blocked.php?r=21.0 displaying "Internet Explorer Warning - visiting this web site may harm your computer!" Then offering to link me to Purchase Spyware Protect 2009.Here is my DDS Log file and attachment.Thanks!!!peace.b.DDS (Ver_09-03-16.01) - NTFSx86 Run by John at 9:11:09.81 on Sun 03/22/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.223.43 [GMT -5:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\VTTimer.exeC:\WINDOWS\system32\VTtrayp.exeC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeC:\Program Files\Analog Devices\SoundMAX\Smax4.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\QuickTime\qttask.exeC:\PROGRA~1\Nero\data\Xtras\... Read more

Answer:Unkown Malware/Rootkit security popups - Protect Spyware 2009

thank you! topic is resolved through off-post email reply.

Malware-bytes removal is the best!

peace.b.

2 more replies
Relevance 88.97%

Hi,
Im new here and hope someone will be able to help. I've had issues with trojan viruses, which malware bytes removal managed to delete. Initially it wouldnt even open to scan, but I managed to get around this by changing the .exe file name.

Now the scans say that there are no malware found, but I am still having issues, as both Spybot Search and Destory and SuperAntiSpyware won't open. Also in IE lots of webpages that I am looking for, are being automatically redirected to ads etc.

Anyway here are my logs from HijackThis, DDS and GMER and have attached the Attach ARK file.

Cheers

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:22:24 PM, on 29/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\PROMon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Fi... Read more

Answer:Malware/Spyware/Virus Issues. Need Help. (Logs attached)

Bump.

10 more replies
Relevance 88.15%

hi all - hope to have followed the posting protocall correctly - thanks in advance for any help offered.

My issues are:

1) Google searches are being hijacked - i.e. you search for something and when you click on the search result a new window will open and google will send you to some random site

2) I cant run various spyware programs. Have tried spybot search and destroy, ewido online scanner and trend micro online scanner - all are blocked and seem to offer a message along the same lines of the program not being able to connect to the server to update (my internet connection is fine)

Computer seems sluggish generally.

DDS File results:

DDS (Ver_09-02-01.01) - NTFSx86
Run by Chris at 19:35:24.97 on 08/02/2009
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.2045.980 [GMT 0:00]

AV: Norton Internet Security *On-access scanning enabled* (Outdated)
FW: Norton Internet Security *disabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe ... Read more

Answer:spyware malware - google searches being hijacked - logs attached

Howdy there and welcome to TSF Forums

I'm Steve and I will be helping you thoughout this fix.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step. Please perform everything in the correct order/sequence.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

Please note that the forum is very busy and if I don't hear from you within three days from this initial post then thread will be closed.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

4 more replies
Relevance 88.15%

Okay, here are text of dds.txt, followed by attachments gmer.txt and attach.txt as per instructions.

Problems are:
on dell dimension 2300, running win xp, sp3, pentium 4,
runs slow/sluggish, recently downloaded spybot (basic version, not advanced features) each run gets longer and hangs. While troubleshooting, discovered my "task Manager" will not open, I get error "App failed to start because VDMDBG.dll was not found, Re-installing app may fix problem."
I ran search, found VDMDBG.dll in 6 or 7 places, including system32 and dll cache, but tried running sfc/scannow which did nothing. Otherwise, system running slowly, background activity can be heard and felt.
here are logs:

DDS (Version 1.0) - NTFSx86
Run by Bill at 0:33:43.04 on Mon 11/17/2008
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.55 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\... Read more

Answer:Spyware/Malware no task manager, logs attached per inst. from Dai

Part two: ATTACH FEATURE NOT WORKING FOR GMER.TXT AND ATTACH.TXT, SO I AM ADDING THOSE AS TEXT INSTEAD OF ATTACHMENTS. THANKS:
Problems are:
on dell dimension 2300, running win xp, sp3, pentium 4,
runs slow/sluggish, recently downloaded spybot (basic version, not advanced features) each run gets longer and hangs. While troubleshooting, discovered my "task Manager" will not open, I get error "App failed to start because VDMDBG.dll was not found, Re-installing app may fix problem."
I ran search, found VDMDBG.dll in 6 or 7 places, including system32 and dll cache, but tried running sfc/scannow which did nothing. Otherwise, system running slowly, background activity can be heard and felt.
here are logs:

ATTACH.TXT AS FOLLOWS:


DDS (Version 1.0)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/31/2007 2:27:45 AM
System Uptime: 11/16/2008 11:36:33 PM (1 hours ago)

Motherboard: MiTAC International Corp. | | Dimension 2300
Processor: Intel(R) Pentium(R) 4 CPU 1.80GHz | Socket 478 | 1794/100mhz
BIOS: Phoenix - AwardBIOS v6.00PG | IntelR - 42302e31 | A02 | 8/25/2002 8:00:00 PM

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 27.44 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP240: 8/19/2008 8:33:59 AM - System Checkpoint
RP241: 8/22/... Read more

19 more replies
Relevance 86.51%

Help,
My new computer has some type of issue with a Virus, Trojan, Spyware, Malware. Updates for Windows 10 will not install, even
after troubleshooting and having the issues "corrected".
I ran one scan that stated "domain hi-jack"
I have attached my last Hijack-This log and FRST reports for your review and consideration for help please.
Thank you.
 hijackthis.log   9.56KB
  3 downloads
 FRST.txt   44.79KB
  10 downloads
 FRST txt file.txt   44.79KB
  4 downloads

Answer:New computer infected Virus, Trojan, Spyware, Malware! Attached logs for review!

Hello TangoRules and Welcome to the BleepingComputer.  
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.
Before we move on, please read the following points carefully.
Please complete all steps in the specified order.
Even if tools don't find malware, I want you to post the logfiles anyway.
Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
Don't install or uninstall software during the cleanup unless you are told to do so.
Ensure your external and/or USB drives are inserted during always the scan.
If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
Please reply to this thread. Do not start a new topic
As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
Please open as administrator  the computer... Read more

0 more replies
Relevance 81.18%

Hi all,

First, thank you for taking a look at my post.
I am cleaning a computer remotely for someone and have ran into a problem of not being able to remove a couple of files and registry entries.
The problem started with screen prompts of Spyware Protect 2009 fake spyware alerts.
McAfee is installed as their antivirus program.
I've cleaned most of the malware using SuperAntiSpyware and MalwareBytes. MalwareBytes detects the remaining files, but is unable to remove them even after reboot. I'm unable to delete, rename, or move a file that I see (dbcyxgy.dll) in the System32 folder.
I've also ran VundoFix and ComboFix.
The computer is running without popups or other blatant behavior at this point, however, it begins to slow after use.
Thank you again for looking at my post.
DDS (Ver_09-03-16.01) - NTFSx86
Run by ROBERT at 16:11:29.14 on Tue 05/05/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.383.151 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\... Read more

Answer:Spware Protect 2009 Infection/Vundo

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Relevance 81.18%

So somewhere I got the Spyware Protect 2009 virus/trojan. I have tried Malwarebytes, ComboFix, AVG 8.0, and tired to install Hijack This!!!! I did this all while in SafeMode and no luck. I click on the install, and the hourglass shows up, and then after awhile it disappears. I even renamed Malwarebytes etc. What do I do besides get the gasoline can ready?

Answer:Infected with Spyware Protect 2009...Can't install any spyware removal tools

Let's see if any of these help.Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..***Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.If you cannot use the Internet,you will need access to another computer that has a connection.From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program. If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.Manually Downloading Updates: Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

11 more replies
Relevance 79.13%

Had the spyware protect 2009 on this computer and i think i have cleaned it off, could someone verify for me, and make any suggestions you see fitthanks in advanceCris-------------------------------------------------------------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:09:06 PM, on 3/3/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Acer\Empowering Technology\ePerformance\MemCheck.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC: ... Read more

Answer:spyware protect 2009

There are still problems for sure, I cannot install malwarebytes, sdfix or combofix. internet explorer freezes and crashes. I found this removal guide and attempted to follow it.

--------------------------------------------------------------------------------

Spyware Protect 2009 manual removal:
Kill processes:
c:\\WINDOWS\\aazalirt.exe c:\\WINDOWS\\dkekkrkska.exe c:\\WINDOWS\\dkewiizkjdks.exe c:\\WINDOWS\\iddqdops.exe c:\\WINDOWS\\ienotas.exe c:\\WINDOWS\\iqmcnoeqz.exe c:\\WINDOWS\\irprokwks.exe c:\\WINDOWS\\jikglond.exe c:\\WINDOWS\\jiklagka.exe c:\\WINDOWS\\jrjakdsd.exe c:\\WINDOWS\\jungertab.exe c:\\WINDOWS\\kitiiwhaas.exe c:\\WINDOWS\\kkwknrbsggeg.exe c:\\WINDOWS\\klopnidret.exe c:\\WINDOWS\\krkdkdkee.exe c:\\WINDOWS\\krkmahejdk.exe c:\\WINDOWS\\krtawefg.exe c:\\WINDOWS\\krujmmwlrra.exe c:\\WINDOWS\\ktknamwerr.exe c:\\WINDOWS\\kuruhccdsdd.exe c:\\WINDOWS\\ooorjaas.exe c:\\WINDOWS\\oranerkka.exe c:\\WINDOWS\\oropbbsee.exe c:\\WINDOWS\\otnnbektre.exe c:\\WINDOWS\\otowjdseww.exe ... Read more

3 more replies
Relevance 79.13%

Hello, Is there anyway a relatively inexperienced PC user can get rid of the spyware protect 2009 nasty pop up? I am running windows xp. This is nothing I downloaded intentionally & it is interupting access to my e-mail and a lot of websites. I see several others have this same problem but some of their "fixes" look a bit beyond me! Many Thanks for any assistance!
 

Answer:spyware protect 2009... HELP!

Hiya and welcome to Tech Support Guy

Are you still having this problem? If so, do the following:

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Download and scan with SUPERAntiSpyware Free for Home Users
Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click &q... Read more

3 more replies
Relevance 79.13%

Hey, thanks in advance for any help you can provide me. My computer recently started acting funny and I was recieving the message: The application or DLL C:\windows\system32\digeste.dll is not a valid windows image. Please check this againstyour installation diskette; when I booted up my computer and then sometimes when ever I opened certain programs. I didn't think much about it or that my computer was running slower. Then after a few weeks Spyware Protect 2009 began popping up. I updated my Norton (Norton 360) and ran a scan. It found and quartined (I guess) Bloodhound.sonar.1 and Hacktool.rootkit and prompted me to reboot. Things would run fine but I would still get the DLL message when I booted up and then Spyware Protect would come back. We would do the same thing all over again.Also my A drive light would come on about every 20 seconds and if you put a disk in there and formated it and left it in there, 20 seconds later it would put something it. My father-in law said it looked like it was created a boot disk. I disabled the A drive for now. I have done all the begginng steps and have my HijackThis log below. Thank you again and please feel free to contact me if you need more information. Sorry for being so wordy, trying to give you as much info as possible.
DDS (Ver_09-02-01.01) - NTFSx86
Run by Peo Osornio at 13:58:37.42 on Wed 03/04/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.1... Read more

Answer:Spyware Protect 2009 HELP!

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. Please download Trend Micro - HijackThis. Do a new scan with Trend Micro - HijackThis and post it in your next reply.] Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that yo... Read more

2 more replies
Relevance 79.13%

Hi,
I have the spyware protect 2009 malware. I tried to follow the instructions in this website on installing malwarebytes anti malware - but it doesnt run. I disabled norton 360 and tried running in safe mode, it still does not seem to run
Please help....the spyware is now causing firefox and IE to close as well....

DDS (Ver_09-03-16.01) - NTFSx86
Run by Shaji at 0:50:03.25 on Wed 05/13/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.415 [GMT -5:00]

AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINDOWS\System32\svch... Read more

Answer:Spyware Protect 2009 - Please Help

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Please include the C:\ComboFix.txt in your next reply for further review.

4 more replies
Relevance 79.13%

So my other computer caught a virus called spyware protect 2009. I think you know what it is. It's a phony anti-virus program that gives fake results and what not. I managed to get rid of it by task manager. But when i reboot the computer, it comes back. I tried using this method: http://www.ehow.com/Printarticle.html?id=4751003 but when the program installed, it didn't give me a destination to put the program to and the folder it made didn't have anything in it.

The computer is running windows xp professional. Please help.
 

Answer:Spyware Protect 2009

Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a fla... Read more

1 more replies
Relevance 79.13%

This problem initially started as a Spyware Protect 2009. I don't see that popping up anymore, but the Malware Bytes won't work either. Ran the SAS and posted it, and was told to run these and post them.DDS (Ver_09-03-16.01) - NTFSx86 Run by Stephanie Smith at 18:57:31.65 on Tue 04/14/2009Internet Explorer: 7.0.5730.13============== Pseudo HJT Report ===============uStart Page = hxxp://www.comcast.net/uSearch Page = hxxp://www.google.comuSearch Bar = hxxp://www.google.com/ieuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%smSearchAssistant = hxxp://www.google.com/ieuURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dllBHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dllBHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dllBHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01... Read more

Answer:Spyware Protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Relevance 79.13%

I was infested with Spyware Protect 2009 yesterday. I have Windows Live OneCare and it gave me a warning but did not seem to remove everything.

I downloaded CounterSpy which seemed to delete everything but I got a warning a little bit ago that said:
16 bit ms-dos subsystem the ntvdm cpu has encountered an illegal instruction

I have a feeling something is still not correct with the system.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 8:58:44.17 on Wed 04/29/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1170 [GMT -4:00]

AV: *On-access scanning disabled* (Updated)
AV: Windows Live OneCare *On-access scanning enabled* (Updated)
FW: Windows Live OneCare Firewall *enabled*
FW: *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files... Read more

Answer:Spyware Protect 2009

Please disregard now. I decided to reformat my hard drive and do a clean install.

2 more replies
Relevance 79.13%

What an annoying bit of malware this thing is...

I've run the full XP cleaning procedure and am not having any issues currently. Figured I'd rather be safe than sorry and consult the experts!

Logs are attached!

All help appreciated,
Whitty
 

Answer:Spyware Protect 2009- I think I got it, but want to be sure...

Welcome to MajorGeeks!

I am currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Our queue is working the oldest threads first.

Thanks for your patience.
dr.m
 

6 more replies
Relevance 79.13%

Hello,I just joined your community today, and I am in need of some help.I have been infected with spyware protect 2009 also kown as antivirus 2009.I will will tell you what I have done so far.The first thing I did was went to task manager in the process tab and stopped it from running.Then next I went into msconfig and stopped it from starting up with the pc.Then I went into program files and deleted it from there, I also went into add/remove but there was nothing there.After that, the pop ups stopped and everything seemed fine until I try to use any type of browser.I pefer to use opera or safari and not IE7 very often.The problem I have now is safari and IE7 wont even connect and opera will only go to certain sites. If I try to go to any type of virus/malware removal site I get redirected to some fake garabage.I even tried a system restore but would not let me do it. I do have spybot and avast, malwarebytes but none of these programs will even open for me to sacan the pc.So I did a HJT log so you guys could take a look and hopefully help me figure out what is wrongLogfile of Trend Micro HijackThis v2.0.2Scan saved at 4:40:49 PM, on 1/11/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32�... Read more

Answer:spyware protect 2009

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

2 more replies
Relevance 79.13%

Hello! My son called me at work yesterday from home to tell me that he was getting several popups on our home PC. He e-mailed me a screen shot and I saw that it was Spyware Protect 2009. While still at work I did some research (including this site) and printed out sheaves of instructions. I also downloaded several malware removers and Windows security updates, renamed them and burned them to a CD. I went home in the evening and spent several hours running malware removers and going through manual removal steps to make sure I got everything. (I used MBAM, HijackThis and SUPERAntiSpyware, and I went through a couple of different manual routines including Microsoft's. Microsoft's instructions included some suggestions for hardening my system, which I followed.) Then I ran a complete virus scan using my free Avira antivirus (last updated 4/27/09), which found nothing. I think the computer is clean.But I'm still having three problems (that I know of):1. No Internet access.2. The BITS service won't start.3. The Automatic Update service won't start. (error 0x80072772)The PC is a Dell XPS running Windows XP Media Center Edition. It's the only PC with Internet access, and it's hooked up by cable into a DSL connection.Logs from MBAM, HijackThis and SUPERAntiSpyware are listed below. I ran them in that order. I also have ComboFix on the CD, but I haven't run it. (I did see a post from bigjeff80, who was apparently having the same problem as me. He said ComboFix solved... Read more

Answer:Spyware Protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

2 more replies
Relevance 79.13%

Daughters PC infected with Spyware Protect 2009. I ran Malaware Bytes and McAffeee Virus scan with limited succes. Spyware Protect 2009 removed but PC wouldn't display desktop icons. Couldn't switch between users. I enabled explorer.exe and icons appeared but his was only a temporary fix. Did a little research and decided to run combofix. I know I shouldn't have rushed into it but I have a long week ahead of me and wouldn't be able to help the kids with this PC. Any way, combofix seems to have corrected the problem but I am not an expert and would greatly appreciate a review. Attached please find my DDS and attach logs.

Thanking you in advance for your time and effort.

Sincerely,
Dave

DDS (Ver_09-03-16.01) - NTFSx86
Run by Kathryn at 23:18:07.76 on Sun 05/03/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.64 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\m... Read more

Answer:Spyware Protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Relevance 79.13%

I had thh same problem in my computer.

Your solution is perfect.

Thank you very much

Answer:Spyware Protect 2009

Hi IGOmichigan. I split your post to it's own topic, Thanks for that but this infection has probably left a few more footprints. So I would like you to do this MBAm scan and be sure.Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Th... Read more

1 more replies
Relevance 79.13%

I just got a popup about sypware protect 2009 and a popup in the task tray on the right hand side. I closed the window with the task manager. I know it's a virus and I ran a mbam scan, which seems to have gotten rid of it, but still I would like to be sure that it's all gone and that it doesn't happen again. I have windows XP, sp3, and eset nod32 antivirus 4

thanks!

Answer:spyware protect 2009

Follow with these...Run ATF and SAS:From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser click that browser at the top and choose: Select AllClick the Empty Selected button.If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.NOW Scan with SUPEROpen from the desktop icon or the program Files listOn the left, make su... Read more

35 more replies
Relevance 79.13%

I'm not sure if this is the correct place to post this, but I did not see another place that seemed to fit. My computer has seemed to have downloaded and installed Spyware Protect 2009.

I have tried to download the suggested application, Malwarebytes Anti-Malware, however, my computer will now not let me execute any files like this.

My computer also wont let me into my web browser. All attempts are greeted with a webpage from Spyware Protect stating that the site is unsafe and wont let me proceed.

It also seems to be shutting off my firewall.

Is there anything that I can do to clean this out? I've done searches on my computer for files and programs associated with Spyware Protect, but can't seem to find anything.

Answer:Spyware Protect 2009

Hello you are in the right place.Try these first...Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..***Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.If you cannot use the Internet,you will need access to another computer that has a connection.From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program. If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.Manually Downloading Updates: Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

4 more replies
Relevance 79.13%

My computer got infected with some kind of virus, mcaffee keeps telling me it removed whole bunch of trojans and viruses but doesnt look like it realy solves the problem. i ran combofix but the spyware alert keps showing up and asking me to buy a program clled spyware protect 2009. so i need help

Answer:spyware protect 2009

The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".C... Read more

7 more replies
Relevance 79.13%

Folks,

I'm on a Dell Inspiron 1520 with Windows XP Pro that has a corporate version of Symantec running with automatic updates.
I was out surfing the web last weekend when I clicked on an innocent looking link that behaved oddly. Before I knew what had happened I began getting Spyware Protect 2009 popups operating on my system.

I stopped what I was doing and try to let Symantec run a full scan and it found a few things, and I downloaded the spyware program from PCTools which seemed to get rid of the Spyware Protect popups, but I'm still having problems.

My disk defragmenter won't run, either through the program or using the defrag in RUN mode. Internet Explorer often won't open and when I can get it to open by going through Yahoo messagenger and opening mail, it often redirects my searches. I can't get my flash memory to open. It doesn't show up when I plug it into my computer when it's operating and if I startup my computer when it's already attached, it give a message about the number of secrets being exceeded.

I downloaded spybot search and destroy at the recommendation of a friend, but it won't open either.

I've also downloaded hijack this and have generated the following log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:04 PM, on 4/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WI... Read more

Answer:Spyware Protect 2009?

I'm learning somethings by following other thread in this forum. I don't have a lot of data on this computer, so last night I dug up my Windows XP CD and have moved my data off onto a CD. Tonight I'm going to re-install my system and then put the anti-malware software that's been suggested here back on, and finally try moving my data files back on to the computer.

Even though I haven't received direct help. I'm happy to have had access to thoughts and advice from the experts on this site via other threads.

Jerome
 

1 more replies
Relevance 79.13%

i think i got hit with spyware protect 2009. i could use some help to get it off my computer. i think i have some adware also. i am running windows xp and using firefox if that helps.

Answer:think i got hit with spyware protect 2009

Hi and welcome to BleepingComputer The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Result... Read more

8 more replies
Relevance 79.13%

April Fool's Day hit me with a bunch of pop-ups from Spyware Protect 2009. Attached are my logs. Please let me know if there are further steps to take.
 

Answer:Spyware Protect 2009

Let's start with this:

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




O1 - Hosts: 91.212.65.122 spyware-protector-2009.com
O1 - Hosts: 91.212.65.122 www.spyware-protector-2009.com
O1 - Hosts: 91.212.65.122 secure.spyware-protector-2009.com
O1 - Hosts: 91.212.65.122 knockerClick to expand...

After clicking Fix, exit HJT.

Now Download HostsXpert and then follow the below steps.

* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click the Make Writeable? button.
* click Restore Microsoft's Hosts File and then click OK.
* Click the X to exit the program

NOw use windows explorer to find and delete:
h:\windows\Tasks\At1.job
h:\windows\system32\udehgur.dll

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file.
 

3 more replies
Relevance 79.13%

Dear Computer Professionals,I hope that I have come to the right forum and my problem will be solved with your help.Background:Recently my desktop computer (operating system: windows XP) was infected with Spyware Protect 2009. Antivirus (AVG 7.5, free edition) was already installed on my computer. I scanned my computer with AVG and found spyware protect 2009, after that it was deleted.Now:Even though spyware is deleted, but now I have three main problems in my computer.(1) My computer is running very slow.(2) IE always directs to this page, browser-security.microsoft.com/block.php?r=17.2, but nothing appears on this page. Firefox is fine, but internet is very slow.(3) I have dial-up internet connection, whenever I open Internet connection window, and click on Connect button, my computer restarts automatically, always. But if I close/cancel these processes (ServiceLayer, alg, SMAgent, MDM, SEPCSuite, SMax4, LaunchApplication, apdproxy, acrotray, VM303_STI) from task manager, then only I am able to connect to the internet.I think my computer is still infected with something. I also tried to install Spyware Doctor, SmitFraudFix, and Malwarebytes Anti-Malware, but all these programs are not running.Please help me, to fix my computer.Please also note that I am not a computer guy, so guide me step by step.Thank you.

Answer:Spyware Protect 2009

Hello and welcome please run these next. Next run ATF:Please download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".Next run MBAM:Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update i... Read more

13 more replies
Relevance 79.13%

System xp media ed.sp3Spyware protect 2009 pops up on my in-laws computer I have screen shoots of some of the pop ups It keeps changing saying that it is being attacked from the internet."Infltration Alert"Your computer is being attacked by an internet virus. It could be a password -stealing attack, a trojan - dropper or similar.

Answer:spyware Protect 2009

DDS (Ver_09-03-16.01) - NTFSx86 Run by Owner at 9:30:47.00 on Fri 04/03/2009Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.81 [GMT -5:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated)FW: McAfee Personal Firewall *enabled*============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\LogMeIn\x86\RaMaint.exeC:\Program Files\LogMeIn\x86\LogMeIn.exeC:\Program Files\LogMeIn\x86\LMIGuardian.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\McAfee\MSK\MskSrver.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program File... Read more

17 more replies
Relevance 79.13%

Well unfortunately I have came in contact with this issue. I have just got struck with spyware protect 2009 and I can't figure out how to get rid of it. I don't want to load any of the programs that suppose to get rid of them until I know they aren't "one of them". If you can tell me how to remove it myself or a program that will assist and is safe that would be great. These pop-ups are very annoying. Thanks for your ssistance in advance.

Answer:spyware protect 2009

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 79.13%

This is a program that is trying to sell my anti-spyware protection and produces many annoying pop-ups, and any assistance in removing it would be appreciated!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:14:40 PM, on 4/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\sysguard.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\... Read more

Answer:Spyware Protect 2009

bump
 

2 more replies
Relevance 79.13%

dds attached... thank you

Answer:spyware protect 2009

Hi,Please don't attach your logs.* Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

5 more replies
Relevance 79.13%

I recently had this problem which was resolved thanks to you guys, but am back. Same computer has been infected by"Spyware Protect 2009". I've looked around online and tried to delete it but it prevents some files from running it would appear. You just click an icon and it does nothing.Symptoms:-Cannot run MBAM, but can run ad aware for example (which finds nothing wrong). Tried to reinstall it and it does not run. -Tried to run Spyware Doctor, cannot even get it to install.Where can I even start on this issue??

Answer:Spyware Protect 2009

Hi here are some tips to try to MBAM to run so you can post a log.Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..***Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.***Open up command prompt, type in following commands: XP >> click the Start menu at the lower-left of your computer's desktop and select "Run". Type cmd into the Run box and click "OK".Vista >> click the Start menu at the lower-left of your computer's desktop and Type cmd in the search box.regsvr32 mbamext.dllregsvr32 ssubtmr6.dll regsvr32 vbalsgrid6.ocxregsvr32 zlib.dll ***If you cannot use the Internet,you will need access to another computer that has a connection.From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program. If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.Manually Downloadi... Read more

1 more replies
Relevance 79.13%

Having some trouble....spyware protect 2009 pops up.. XP SP3.....here is my highjack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:32 AM, on 4/11/2009
Platform: Windows XP SP3 (WinNT

5.01.2600)
MSIE: Internet Explorer v8.00

(8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F22



7FCA9A08}\PIFSvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.

exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcpr

oxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program

Files\ASUS\AASP\1.00.12\aaCenter.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Microsoft

Shared\Works Shared\WkUFind.exe... Read more

Answer:Spyware Protect 2009

I need you to run malwarebytes and then combofix and post both of their logs and post a new hijackthis log.
The programs can be found in my guide below

The log you postes is heard to read

9 more replies
Relevance 79.13%

My laptop just got that infection Spyware Protect 2009, well I came in and turned my computer on just now a few times and once the Windows screen comes on, it goes black and the mouse is in the middle of the page and it will not go past that, I cannot even get to the desktop. I need help, please. I keep AVG, Spybot, and Adaware up to date also.

Thanks.
 

More replies
Relevance 79.13%

Ok, help!

Friday afternoon my work laptop was infected with Spyware Protect 2009. I have followed the guide on this site and many others by removing registry keys, deleting files in the windows folder, programs folder, etc - stopping processes etc.

BUT I cannot run ANY anti-virus programs - or anti malware - most notably malwarebytes. I even created a boot disc with Avira to scan and it found nothing!

I know I have the spyware protect virus because I got the popups, found the corresponding files & registry keys (sysguard.exe, etc). They are all gone - but I'm getting increasingly worse performance with my laptop. I even tried to run the malwarebytes program from safe mode - same result. I also tried the suggestions by changing the file name AND extensions - no good.

This wonderful malware also prohibits me from visiting your site so I have to post from my personal laptop.

What am I missing - and what in the world can I do to at least get malwarebytes to run?

I'm getting random popups in firefox still, security and random other sites are blocked, can't run any anti-virus/anti-malware programs, and most recently this evening I can no longer connect via VPN to my work network, AND I couldn't login to Windows normally. When I tried to press "CTRL + ALT+ DEL" to login to normal windows it did nothing. I can log into safe mode w/ networking though.

Please, any help would be appreciated anything that can help would help me out!

I'... Read more

Answer:Spyware Protect 2009 - Tried EVERYTHING

Rename this file:C:\Program Files\Malwarebytes' Anti-Malware\mbam.exeTo something else such as:abcde.batThen double click the file and see if Malwarebytes will run.

1 more replies
Relevance 79.13%

This virus is killing my computer and my work efficiency. Can someone PLEASE tell me how to remove it FOREVER!!!

Thanks,

 

Answer:Spyware protect 2009

Hi, Welcome to TSG!!
Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

3 more replies
Relevance 79.13%

Spyware Protect 2009 just popped up on my comp. How do I get rid of it?

Heres my MBAM Log:

5/13/2009 11:00:52 PM
mbam-log-2009-05-13 (23-00-52).txt

Scan type: Quick Scan
Objects scanned: 123538
Time elapsed: 14 minute(s), 28 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
C:\WINDOWS\sysguard.exe (Trojan.Vundo.V) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bbd4551a-9b23-41cd-9bcd-818aa2da7b63} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bbd4551a-9b23-41cd-9bcd-818aa2da7b63} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted suc... Read more

Answer:How can I get rid of Spyware Protect 2009?

Please download and scan with Dr.Web CureIt - alternate download link.Follow these instructions for performing a scan in "safe mode" after running ATF-Cleaner.If you cannot boot into safe mode, then perform your scan in normal mode. Be aware, this scan could take a long time to complete.-- Post the log in your next reply.Rescan again with Malwarebytes Anti-Malware (Quick Scan) in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.Please post a complete MBAM log to include the top portion which shows the program/database version, operating system, date of scan and scan type.

1 more replies
Relevance 79.13%

Usually I know how I got infected and that is that I did something stupid. This time I don't know how I got the infection. To make matters worse I had a hardware problem that I have resolved but now my PC crashes every ten minutes or so. Not sure if it is from the infection or a new hard ware issue. While firefox is working and allows me internet access IE is down and gives me an error message.

At the time I got infected I wasn't even using my computer I was in bed. Firefox was running with Star pirates up on it, but not IE.

Unfortunately I can not complete the GMER scan at this time.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Kevin at 16:20:45.29 on Fri 01/22/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2537 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG9\... Read more

Answer:Spyware protect 2009

Hiya,


Quote:




Unfortunately I can not complete the GMER scan at this time.




Can you give more detail about this? Is it crashing? What happens when you try to run it?

1 more replies
Relevance 79.13%

My desktop PC has been infected with the Spyware Protect 2009. I can't get online with the desktop, which means I also am unable to network to my printer I am using another laptop in the house at the moment, & am able to transfer info as needed via a thumb drive.

I have followed this thread: http://forums.techguy.org/malware-removal-hijackthis-logs/797462-spyware-protect-2009-help.html and so far have run Malwarebytes' Anti-Malware, then SUPERAntiSpyware, then HijackThis.

I am not sure what I need to do next other than I started my own thread. I have all the reports noted above ready to post. Can someone get me started on fixing this?

Thanks in advance for your help
 

More replies
Relevance 79.13%

DELL VOSTRO 1000 running Windows XP Problem 1 Have Spyware Protect 2009 pop-ups I was trying to get this removed but can't get access to any web pages other than home page (Yahoo). This appears in browser window : browser-security.microsoft.com/.blocked.php. Any suggestions? Thanks!
 

More replies
Relevance 79.13%

Having issues with IE and Spyware 2009.
DDS (Ver_09-03-16.01) - NTFSx86
Run by lcole at 9:36:00.70 on Wed 04/01/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3574.2717 [GMT -4:00]

AV: eTrust ITM *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\MS\SMS\CORE\BIN\CLISVCL.EXE
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\OmniBack\bin\omniinet.exe
C:\oracle\ora9i\bin\omtsreco.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\MS\SMS\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\... Read more

Answer:Spyware Protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Relevance 79.13%

Hi,
I am having an issue getting rid of the above listed spyware. I downloaded Malware, but it will not open or run a scan. Any advice? Thank you Denese

Answer:Spyware Protect 2009

Hello and welcome. First I am moving this from the XP forum to Am I Infected for scans.Some types of malware will disable MBAM (MalwareBytes) and other security tools. If MBAM will not install, try renaming it.Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first***Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..***Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.***Open up command prompt, type in following commands: XP >> click the Start menu at the lower-left of your computer's desktop and select "Run". Type cmd into the Run box and click "OK".Vista >> click the Start menu at the lower-left of your computer's desktop and Type cmd in the search box.regsvr32 mbamext.dllregsvr32 ssubtmr6.dll regsvr32 vbalsgrid6.ocxregsvr32 zlib.dll ****If you cannot use the Internet,you will need access to another computer that has a connection.From there save mbam-setup.exe to a fla... Read more

1 more replies
Relevance 79.13%

I have no idea where it came from but all of a sudden I keep getting a baloon window that indicates a windows security alert and then says windows reports that computer is infected. Antivirus software helps to protect your computer against viruses....blah blah blah.. It also shows a Spyware Protect 2009 alert box that indicates a infiltration alert indicating my computer is being attacked. It has taken over my search engine so that each time I put in www.google.com in my search it gives me a faux internet explorer cannot display this page message.here is the dds.txt logDDS (Ver_09-03-16.01) - NTFSx86 Run by Jodi Tabicas at 22:37:19.01 on Wed 03/25/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.22 [GMT -4:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated)FW: McAfee Personal Firewall *enabled*============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\Program Files\McAfee\... Read more

Answer:Spyware Protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Relevance 79.13%

I recently got the Spyware Protect 2009 virus on my laptop. I am unable to access the internet now because of it. How do i remove this virus without being able to access the internet? I tried finding it in the add/remove programs but it is not there.
any help would be appreciated.
thank you

Answer:Spyware Protect 2009

If you cannot use the Internet or download any programs, you are going to need access to another computer (family member, friend, etc) with an Internet connection. Please download Dr.Web CureIt and Malwarebytes Anti-Malware, save them to a flash (usb, pen, thumb, jump) drive or CD, transfer to the infected machine, then run the programs. If you cannot transfer to the infected machine, try running directly from the flash drive or CD.You will also need to, manually download the database updates for MBAM, save and transfer them as well. After installing MBAM, just double-click on mbam-rules.exe to install and update.Mbam-rules.exe is not updated daily. Another way to get the most current database definitions is to install MBAM on a clean computer, launch the program, update through MBAM's interface, copy the definitions (rules.ref) to a USB stick or CD and transfer that file to the infected machine. Copy rules.ref to the location indicated for your operating system.XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-MalwareVista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-MalwareIf you cannot see the folder, then you may have to Reconfigure Windows to show it.Print out and follow these Instructions for scanning with Dr.WebCureIt in "safe mode".If you cannot boot into safe mode, then perform your scan in normal mode. Be aware, this scan could take a long time to complete.-- Post the log in your next reply.Print o... Read more

1 more replies
Relevance 79.13%

I ran ComboFix.exe to erradicate Spyware Protect 2009. I think it is gone!

Answer:Spyware Protect 2009

Hello.Do you want us to check or something? What was the purpose of this topic? Combofix WarningComboFix is an extremely powerful tool and you should not be using Combofix unless instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.Try running MBAM and see if it finds anything else.Download and run MalwareBytes Anti-Malware(Full Scan)Please download Malwarebytes Anti-Malware and save it to your desktop if you lost your copy and need to install it, otherwise skip the installation step and continue with the Full Scan.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is... Read more

5 more replies
Relevance 79.13%

So I've been trying to get rid of this thing for a few days now and haven't been very successful overall. I got rid of some of the stuff it brought but the fake virus scanner keeps popping up a long with a slough of fake error messages and the inability to run any other anti-virus/malware program. I've tried the malware removal guide but cant run any of the tools, and I've tried disabling TDSSserv.sys in the control panel but no such driver exists. I'm at my wits end here.:confused
 

Answer:Spyware Protect 2009

I know you indicated you have tried some of the below, but see the notes and additional info and try again. Also remember to try safe mode and also renaming files. You need to be very clear on explaining what you can and cannot do. For example, download the files, installing the programs, and running the actual scans are 3 distinct phases and you need to tell us exactly which pieces you can and cannot do for ALL of the tools we ask you to run.


Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below i... Read more

15 more replies
Relevance 79.13%

System is not responding very well, keeps hijacking internet and will not allow system restore nor have I been able to get COMBO FIX TO RUN see attatched log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:47, on 3/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\WINDOWS\sysguard.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\svcho.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\rantoul2\Desktop\mbam-setup.exe
C:\Documents and Settings\rantoul2\Desktop\mbam-setup.exe
C:\Program Files\Tre... Read more

Answer:Spyware Protect 2009

bump has been two days really need some help
 

3 more replies
Relevance 79.13%

My computer was infected and here is my Highjack This log.Any help would be appreciated. I cannot tell if PC Cillin removed it.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:41:44 AM, on 4/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files&#... Read more

Answer:Spyware Protect 2009

Please download The Comedian.exe to your desktopDouble click the program to run it. It will only take around several minutes to run.It will do a series of tasks and tell you when each one is finished.You will be prompted to press any key after each stepWhen it is done it will close and exit itself automatically.You can delete The_Comedian.exe once it is finishedNEXTPlease download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfec... Read more

2 more replies
Relevance 79.13%

Please instruct on how to remove Spyware protect 2009.

Answer:spyware protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Relevance 79.13%

Hello,

Yesterday evening I found that I had gotten a rogue anti-spyware by the name of Spyware Protect 2009. I wasn’t too concerned at first, as I’d gotten it before a couple of weeks ago (although I have no idea how, as I read it was contracted by opening spam emails, which I hardly get, much less open). Last time, after reading up on it for several hours, I finally came across Malwarebytes’ Anti-Malware, and it worked like a charm. It was gone. So, my first instinct this time was to open that up to get rid of it. Except I found that it wouldn’t load. I even tried to Run As…Administrator, only to find that I didn’t have access (which I should).

Last time, after reading all the manual ways of deleting it, I was quick to find all the program files and processes they were telling me to find and delete/end were either missing or hidden. That wasn’t an option. So I tried to get on IE to find alternatives. That’s when I discovered that this version of Spyware Protect 2009 was much more potent. It let me open my browser, but if I typed anything about Spyware Protect 2009 or getting rid of it into Google, IE would suddenly fail or I would be redirected to a site (along the lines of browser-security-windows.com, although I don’t remember exactly as hasn’t happen again in a bit).

My friend thought he could help and tosses several programs my way (over AIM, since I couldn’... Read more

Answer:Spyware Protect 2009 help!

Not meaning to be a bother, but it's been 5 days? Is that normal? XD
 

2 more replies
Relevance 79.13%

I am running XP Home and have been infected by a fake hijack alert which is trying to make me download a program this I declined but it now flashes up om screen every minute telling me I am being hijacked giving me a windows security alert. I have scanned with my antivirus software which found a trojan horse and fake alarm, these were removed but I suspect the software for this is deep in the system. I have tried system restore but although I have restore points before the infection it will not restore. How do I get rid of Spware Protect 2009

Answer:Spyware Protect 2009

Have you tried Mbam click here and Superantispyware click here ?

4 more replies
Relevance 79.13%

I am receiving a pop up called Spyware Protect 2009. There is an item loaded in the sys tray which shows a balloon "windows security alert" and a pop up that displays a fake virus scan.

McAfee does not detect this virus with the latest DAT and engine updates.

I am running windows Xp, patch 3.


DDS (Ver_09-03-16.01) - NTFSx86
Run by hpadmin at 22:32:05.07 on Tue 04/07/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.5.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.392 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\MBK\McAfeeDataB... Read more

Answer:Spyware Protect 2009

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Place combofix.exe on your Desktop
Disable your AntiVirus and AntiSpyware appli... Read more

11 more replies
Relevance 79.13%

I attempted to remove Spyware Protect 2009 from my niece's computer. I also attempted to remove MyWayWebSearch. After running Spybot S&D, I kept getting the registry change box popping up MANY times. The entry part said SpybotDeleting (with many different numbers behind it). Now I'm wondering if I should have denied those changes. I thought it was Spybot deleting them but now on booting up there is numerous command windows popping open. I'll post a HJT log and hopefully one of the wonderful helpers here will be able to point me in the right direction.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:32 PM, on 3/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\PROGRA~1\mcafee.com\agent\mcagent... Read more

Answer:Spyware Protect 2009 & more

I don't know what happened but the above HJT log does not show the Spybot deleting lines that I need to know if I should have HJT 'fix' them. AND if so, after HJT fixes them do I allow the registry change in tea time or should I disable tea timer before fixing them?

Anywise here's an upated HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:53:15 AM, on 3/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
... Read more

1 more replies
Relevance 79.13%

I keep getting popups in the bottom right hand corner of my screen with "INFILTRATION ALERT." from Spyware Protect 2009. I also get popups saying "Vulnerabilities found" ahd I have the option of Activate Spyware Protect 2009 or Stay unprotected, of which I choose the latter. The popups come every 30 seconds to a minute or so. Thanks in advance for all your help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:35:55 PM, on 4/17/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CTPDPSRV.EXE
C:\WIND... Read more

Answer:Spyware Protect 2009

6 more replies
Relevance 79.13%

Can someone please help me with this? This thing keeps poping up on my computer saying "Spyware Protect 2009" and it wants me to buy this thing. I can't get rid of it. I have malware bytes and ran a scan. It said I have virus and it would remove them when I rebooted. I did that and it's still all messed up. How do I fix this?

Thanks...
 

Answer:Please Help! Spyware Protect 2009

Here's a log... I tried to send as an attachment but I'm not sure if I did it right so I copied and pasted. It's nearly impossible to even post because my browswer keeps redirecting and closing. It's makeing me crazy.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:54:59 PM, on 4/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\sysguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\eHome\ehSched.ex... Read more

3 more replies
Relevance 79.13%

Hello, i've been infected by something which has installed Spyware Protect 2009 into my PC.

It won't allow me to access any webpage. Right now, im using the internet in Safe Mode. It also won't let me open several programs including SuperAntiSpyware and Malwarebytes.

I've managed to update Malwarebytes in Safe Mode and i'm running a Full System Scan in Safe Mode as well.

I would really appreciate some help in trying to rid my computer of this.

Thanks.

Answer:Spyware Protect 2009

Try running RKill.... then as quicka as you can run Mbam and / SASPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.You will need to run the application again if rebooting the computer occurs along the way.

1 more replies
Relevance 79.13%

Hello,Short Background:I had a virus Spyware Protect 2009. After posting my problem in Am I infected? What do I do?, I was helped by boopme and was asked to run ATF Cleaner, Malwarebytes Anti-Malware, SUPERAntiSpyware Free, SmitfraudFix, and dds. I could not run SmitfraudFix, and dds. So, then I was asked to run RSIT, and now I am posting my log.txt file in this forum.(For complete background, please go to this link http://www.bleepingcomputer.com/forums/t/209360/spyware-protect-2009/)Scanning Results:Logfile of random's system information tool 1.05 (written by random/random)Run by kuwait at 2009-03-16 19:53:36Microsoft Windows XP Professional Service Pack 2System drive C: has 60 GB (51%) free of 117 GBTotal RAM: 511 MB (53% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:53:40 PM, on 3/16/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\VM303_STI.EXEC:\Program Files\Adobe\Acrobat... Read more

Answer:Spyware Protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any scri... Read more

12 more replies
Relevance 79.13%

I have mcafee and its seems to not be able to update to get rid of this spywareprotect thing. husband is even more computerdummy than me and probably authorized this thing. please help not sure if i got all the logs i was supposed to i was only able to save these two


DDS (Ver_09-03-16.01) - NTFSx86
Run by michelle at 17:41:05.12 on Fri 04/10/2009
Internet Explorer: 7.0.5730.11

============== Pseudo HJT Report ===============

uStart Page = hxxp://home.peoplepc.com/websearch
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://home.peoplepc.com/search
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
mSearchAssistant = hxxp://home.peoplepc.com/search
uURLSearchHooks: AGSearchHook Class: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - c:\program files\agi\common\_agcutils.pyd
mWinlogon: userinit=c:\windows\system32\sdra64.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6261\SiteAdv.dll
BHO: {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - No File
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\... Read more

Answer:help please with spyware protect 2009

Hello -

There should also have been another log created by DDS, attach.txt

If you did not save it, please run DDS once again, save attach.txt and attach it to your next reply.

19 more replies
Relevance 78.72%

Here are my logs:
i) HJT
ii) Combofix
iii) Log (from command:
cmd /c Vfind -ltf "%systemdrive%\beep.*" >Log.txt&Log.txt&del Log.txt).


I) HIJACKTHIS LOG:[/SIZE]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:06, on 2008-10-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\TEMP\TV3C41.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.exe
C:\Program Files\Sun\StarOffice ... Read more

Answer:Antivirus 2009 won't delete - Hijackthis, Combofix logs attached.

One more question; in my combo log, why does it say, "C:\Documents and Settings\fmugure\Start Menu\Antivirus 2009 . . . . failed to delete."?

And that comment is correct, I still have this folder in my start-up folder even though it is empty. I'd like to delete the folder as well please.

1 more replies
Relevance 78.72%

My laptop is infected with Spyware Protect 2009 - using Avast anit-virus; spybot and the spyware remains. Here is my hijack log... please advise.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:28 AM, on 2/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauc... Read more

Answer:Rogue Spyware - Spyware Protect 2009 - HELP!

Used Malwarebyte's Anti Malware - problem solved.
 

1 more replies
Relevance 78.72%

I seemed to have picked up the trojan/spyware called Spyware Protect 2009.It essentially installs a program that acts as a fake spyware checking program, frequently producing popups that say your computer is at risk. It also makes Internet Explorer and Firefox VERY slow; it takes around 1 - 2 mins just to load some websites. I am redirected to a Microsoft security site occasionaly when I try to open run a search using the Windows search feature.I've already removed the program from my start up list using msconfig, so I no longer get the annoying popups. I am unable to revert to a previous system restore point. Macafee anti-virus software does not detect anything. I can not open Spybot - Search and Destroy. CWShredder runs, and removed one file. I was only able to install Malwarebytes' Anti-Malware after renaming the install file, but I can not run it now that it's installed. Ad-Aware seems to work ok, but did not solve the problem.There are suggestions on other websites for files to search for and delete, but none of these files are showing up on my computer.Does anyone have any further steps I can take?(Moderator edit: thread moved to more appropriate forum. jgw)

Answer:Spyware Protect 2009 trojan/spyware

You have posted in the wrong forum, you should have posted in the Am I infected? What do I do? forum.This tutorial might be able to help How to remove Spyware Protect 2009Good Luck!

3 more replies
Relevance 78.72%

Greetings, My friend is having an issue with IE (and Firefox) and his whole PC in general.

He clicked on a link coming from MSN (obviously a virus) And He is having those pop-up window with Antivirus 2009 and I know that he is having Virtumonde (Vundo)

I tried cleaning it with Spybot and VundoFix (and another software that I forgot the name) But still infected.

I included the HJT log below and I up for a solution soon.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:09:43, on 2008-11-30
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask... Read more

Answer:HJT logs about infected PC with Vundo and AV 2009

16 more replies
Relevance 78.31%

Hello, my mother's computer is infected with Spyware Protect 2009. I am unable to use internet explorer from her computer at all but have been able to use the Google Chrome browser; however, it is incredibly slow. I attempted to use the DDS but that sat for about 20 minutes and no logs came up. I was able to use Hijack This and have attached a log from that. I hope that will work for your purposes.

There are two pop-ups that are coming up regularly - one is an 'infiltration alert' that has various "attacks listed" the other is similar to that and comes in the middle of the screen and has stay unprotected as an option.

I do not know what my mother clicked on to become infected with this.

Answer:Spyware Protect 2009 alert

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

2 more replies
Relevance 78.31%

I've been working on this thing since Saturday afternoon and have yet to get rid of this nasty bug.

Basically, it's a false spy-ware program which consists of an annoying pop-up telling me I need to buy their program to get rid of "detected spyware" on my computer. Program is "Spyware Protect 2009."

Steps I've already taken.

Malwarebytes scan (both in regular and safe modes). Did not pick it up.
Spybot S&D unable to update.
Can't open "regedit" to manually delete files.
I've re-booted in safe-mode, searched for "sysguard" in "files and folders" and deleted it. Also deleted "iehelper.dll". Computer runs fine after reboot and then 15 minutes later the program seems to re-install.

Any help? I'm desperate!

This is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:39 PM, on 4/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HP\HP Software Updat... Read more

More replies
Relevance 78.31%

This is the second time I have been infected by the Spyware Protect 2009 (SYSGUARD) issue in just a few days. Although, I now suspect it may never have gone away. I have followed all the recommended methods for getting rid of it. It now appears that the main culprits are gone (i.e. SYSGUARD.exe removed, Registry entries for SYSGUARD cleaned up etc.). However, I had a lot of trouble getting MALWAREBYTES to run (had to rename execution program) and SUPERANTISPYWARE won't run at all (even with a rename). I try to run them and nothing happens. I have had both of these programs on my system for sometime now and have never had this problem. It also appears that my Norton Antivirus gets shut off whenever I reboot.

Unfortunately, I have tried to provide all the logs that are requested. However, the only thing I can provide is the logs from MGTOOLS. As noted above, nothing else will run.

Another Note: I can get my existing version of Malwarebytes to run (by changing the execution file name). However, I cannot get or install a new updated version. When I run my existing version of Malwarebytes I get 'nothing found'. When I try to install an update it simply stops after the initial install process (i.e. does not start MALWAREBYTES).

Note: This first attachment was created while running in Safe Mode. I'll try to create another one after I do a normal start.

I can usually fix most of these issues myself by running the tools in these threads... Read more

Answer:It all started with Spyware Protect 2009!!!

Here are the logs not running in safe mode.
 

5 more replies
Relevance 78.31%

I was infected with Spyware Protect 2009, and I ran MalwareBytes. It got rid of the fake antivirus program and popups, but my IE is still getting taken over by another fake site. The web address that comes up is <hxxp://browser-security.microsoft.com/block.php?r=17.1> Also, my computer restarts itself every once in a while. I have followed the instructions and what follows is my DDS report - the Attach.txt is attached as well. Thank you so much for your help!DDS (Ver_09-01-19.01) - NTFSx86Run by Kevin at 19:30:32.09 on Mon 01/26/2009Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_10Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.287 [GMT -5:00]AV: Trend Micro PC-cillin Internet Security *On-access scanning enabled* (Updated)FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled*============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system32\WLTRAY.exeC:\WINDOWS\stsystra.exeC:\Program Files\Dell\QuickSet\quickset.exe... Read more

Answer:Infected with Spyware Protect 2009, need help!

Hi,I see you have Viewpoint installed...Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.ViewpointViewpoint ManagerViewpoint Media PlayerThen, * Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPost the log from ComboFix in your next reply.

10 more replies
Relevance 78.31%

Lately, I've been having a bit of difficulty removing a rogue anti-virus program called Spyware protect 2009 that somehow installed itself on my computer without my consent. This was making me kind of scared since I'm not really computer-savy. I think I managed to remove most of it, but I have feeling it left some dangerous things/trojans on my computer that my anti virus/spyware/malware programs can't detect. The programs that I've used were...Zone Alarm Internet Suite: It wasn't able to get rid of Spyware protect 2009 making it useless.and...Malwarebytes Anti-malware: This program helped me a lot in getting rid of most of the trojans including Spyware protect 2009.However, I used Malwarebytes lately and it couldn't delete some of the trojans (usually two were left). It said it would delete them upon reboot, but it didnt. I did 3 scans from Malwarebytes; here is the log:Malwarebytes' Anti-Malware 1.35Database version: 1931Windows 5.1.2600 Service Pack 34/2/2009 12:18:55 AMmbam-log-2009-04-02 (00-18-55).txtScan type: Quick ScanObjects scanned: 70460Time elapsed: 15 minute(s), 13 second(s)Memory Processes Infected: 1Memory Modules Infected: 1Registry Keys Infected: 14Registry Values Infected: 2Registry Data Items Infected: 2Folders Infected: 22Files Infected: 68Memory Processes Infected:C:\WINDOWS\svcho.exe (Trojan.Agent) -> Unloaded process successfully.Memory Modules Infected:C:\WINDOWS\system32\iehelper.dll (Trojan.Vundo.H) -> Delete on reboot... Read more

Answer:Was infected with Spyware protect 2009; please I need help

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTListIt2 ReportPlease download OTListIt2 from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results (if any) into this thread.

23 more replies
Relevance 78.31%

Does anyone know how to get rid of this virus? I cannot open cmd, close programs through task manage, install new anti-spy/malware. I cannot find the file or anything.
Your help would be much appreciated.
p.s im running vista

Answer:Help- I've got spyware protect 2009 virus

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.


http://download.bleepingcomputer.com/grinler/rkill.exe
http://download.bleepingcomputer.com/grinler/rkill.com
http://download.bleepingcomputer.com/grinler/rkill.scr



Note:

You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message. Run rkill repeatedly until it's able to do it's job. This may take a few tries. You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.

At this point, you should now be able to run analysis tools.

Once the tool has run, do NOT reboot the machine, and then try to run DDS and GMER.

If for some reason the machine reboots, repeat the process. Again, try not to restart the machine.



Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.Disable any script blocking protection
Double click dds.pif to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply... Read more

2 more replies
Relevance 78.31%

Computer has been noticeably slow and sluggish for the past month. I have AVG (free version) as my main anti-virus program and also frequently run Spybot, Malwarebytes and Ad-Aware.

Last week things started getting worse. I ran a remote scan from Bit Defender's website and it reported to find viruses on both my operating hard drive and my old hard drive (which I knew to be infected with a virus that I'm slaving off the main hard drive). Bit Defender reported to have removed the viruses off the main hard drive, but it also reported that it was unable to remove some of the viruses off the older slaved hard drive. I'm not necessarily concerned about the older infected slaved hard drive as I simply use it to pull off old files such as MS Word docs, Excel docs and pictures and music.

After running the Bit Defender remote scan and seeing the report, I thought everything would be good again but in fact things took a turn for the worst. Immediately after the Bit Defender scan I started getting the following pop up message in the lower right hand corner of my screen:

"Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now." Note the poor grammar. Dead giveaway in my opinion that this is some type of bogus spyware.

Additionally, I'm unable to run any of my anti-virus/malware programs. When I try to... Read more

Answer:Need help with removal of Spyware Protect 2009

8 more replies
Relevance 78.31%

Hey, my girlfriends computer got that Spyware Protect 2009 virus. How do I get it off? Thanks!

Superman

Answer:Infected with Spyware Protect 2009

Follow this link to the instructions for removing Spyware Protect 2009 http://www.bleepingcomputer.com/malware-re...re-protect-2009

1 more replies
Relevance 78.31%

First, I want to say thanks. I found a lot of useful information here, and I wanted to share my experience to help others.

Last Friday our laptop became infected with a virus that called itself "Spyware Protect 2009." And I want to caution EVERYONE to be very careful even after this virus is "removed." Our computer was still infected, but with a different virus.

Spyware Protect 2009 made a similar showing as others have described for the Antivirus 2009. The pc ran really slow and access to websites was very slow or blocked with claims of infection. The virus produced lots of pop-ups telling me the pc was infected with viruses and claimed to have found a few. Then, a McAfee (antivirus that was installed and running) pop-up indicated that a virus was found and quarantined.

It's a clever strategy that the real virus program actually starts loading other real viruses on your pc to trick you. Your resident antivirus program flags one or two, but their pop-ups tell you about that and more to convince you that you need their product. It's also impossible to close their pop-ups in a safe way.

We never fell for the virus tricks, and we'd power down the computer and start-over, but over time the virus becomes more aggressive in blocking internet access.

The real virus program will not let you even visit the malwarebytes website by name -- the website is blocked as an infected site. If you search the malware hjt forums, you can find links to the ... Read more

Answer:Spyware Protect 2009 and keylogger

6 more replies
Relevance 78.31%

Hello. So I'm new to this deep of a level of anti-virus/trojan/etc. security. When I logged into my computer today my firewall (Default windows XP firewall) was turned off and Spyware Protect 2009 was on my computer, spraying popups and alerts at me. I looked here for help and got Malwarebytes' and that seems to have fixed it. I want to be sure though that there isn't anything obscene about my registry and such that is screwing with my computer. I followed the instructions in the sticky post and here is what I have (Thanks for any help in advance):
DDS (Ver_09-03-16.01) - NTFSx86
Run by RJ at 16:03:57.26 on Fri 04/24/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1333 [GMT -5:00]

AV: Sophos Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS&#... Read more

Answer:Spyware Protect 2009 and other problems.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Relevance 78.31%

This just started yesterday and i dont know how to fix the problem.. I am getting a popup about every 1-2 minutes telling me i have an Infiltration alert from spyware protect 2009 alert. Is says " Infiltration alert.. your computer is being attacked by an internet virus. it could be a password-stealing attack, a trojan - dropper or similar. Details attack from: 215.94.47.1, port 14103 attacked port: 26770 threat win32/nuquel.e " then it ask do i want to block this attack? clicking no the box dissapears the come back, clicking yes it opens up a web page for spyware protect 2009 to buy it. i also get another pop up saying the exact same except the threat is bankerfox.a (btw the popup appears at the bottom right hand part of the screen by the time) Then in the middle of the screen i get a popup that says " Spyware alert! vulnerablities found your computer is infected by spyware - 34 serious threats have been found while scanning your files and registry. It is strongly recommended tha you disinfect your computer and activate realtime secure protection against future intrusions." it gives me an option to either activate spyware protect2009 or stay unprotected. I have Mcafee on my computer and i tried to run virus scan but it comes up with nothing? please help
Here is the dds report

DDS (Ver_09-03-16.01) - NTFSx86
Run by Nicole at 15:05:04.04 on Mon 03/30/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.263.1033.1... Read more

Answer:Receiving pop up for Spyware protect 2009

Hello Kittikat,Download Security Check by screen317 from here or here and save it to your Desktop. Unzip SecurityCheck.zip and a folder named Security Check should appear. Open the Security Check folder and double-click Security Check.bat Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Full Scan", then click Scan. The scan may take some time to finish, so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply along with a fresh HijackThis log. Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinf... Read more

2 more replies
Relevance 78.31%

Hello,
I am getting pop ups saying INFILTRATION ALERT and Windows Security alert in the right hand corner, claiming my computer is being attacked by an internet virus. It says it could be a password-stealing attack, a trojan-dropper or similar.

Attack From: ,port:
Attacked port:
Threat:

Now there is a pop-up that is stuck in the middle of the screen saying:
Spyware Alert! Your computer is infected by spyware- 34 serious threats have been found while scanning your files and regisrty.

Any help is appricated
Thank you

Answer:Spyware protect 2009 Alert

Welcome to BCThe process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all obj... Read more

11 more replies
Relevance 78.31%

Hi. I have been infected with the Spyware Protect 2009 rouge spyware and have followed all the instructions on bleepingcomputer.com to attempt to remove with no luck. I am attaching my hijackthis logs for review by someone smarter than me! I appreciate any help.

Nancie
DDS (Ver_09-03-16.01) - NTFSx86
Run by Test at 11:42:43.84 on Fri 04/17/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.639.219 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Linksys Wireless-G USB Wireless Network Monito... Read more

Answer:Infected with Spyware Protect 2009

Hi My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.If you do not make a reply in 5 days, we will need to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we... Read more

3 more replies
Relevance 78.31%

I get relentless popups with Spyware Protect 2009 saying that I have vulnerabilities found, attacks coming in, etc. I'm aware that this program is a scam at best, malware at worst. However, I'm also getting issues where I can't access web sites a number of times and I get redirected to a HTTP 404 error(the re-direct goes to "http://browser-security.microsoft.com/blocked.php?r=21.0" as the new url), I get random popups after using google/yahoo, so I think I have more going on than this.

I also had avast expire without registering (I didn't realize that happened, which is obviously what started here).

What should I do first? Typically I've run an HJT log, but I didn't want to just slap up a huge file on here right out of the blue. I have no idea how to even get rid of this rogue program let alone figure out whatever else I have.

Thanks
Tim

Answer:Infected with Spyware Protect 2009 (at the very least)

Hi lets get an MBAm log. Also you can remove Avast and install AntiVir Free from here. First run MBAM and psot that log.http://www.bleepingcomputer.com/forums/topic3616.htmlNext run MBAM:Please download Malwarebytes Anti-Malware (v1.36) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is select... Read more

20 more replies
Relevance 78.31%

DDS (Ver_09-02-01.01) - NTFSx86
Run by HP_Administrator at 19:21:04.73 on Thu 02/26/2009
Internet Explorer: 8.0.6001.18372
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.230 [GMT -6:00]

AV: Webroot AntiVirus with AntiSpyware *On-access scanning enabled* (Updated)
FW: Webroot AntiVirus with AntiSpyware *disabled*
FW: Webroot Desktop Firewall *disabled*

============== Running Processes ===============

C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\srvany.exe
C:\pvsw\bin\w3dbsmgr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
C:\Progra... Read more

Answer:Infected with Spyware Protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

2 more replies
Relevance 78.31%

Hi AllI am infected by Spyware Protect 2009I installed Combofix and run according to instruction.I got this in note pad belowwhat should I do next to remove thatthank youComboFix 09-02-02.04 - aytekim 2009-02-03 14:00:09.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1523 [GMT -5:00]Running from: c:\documents and settings\aytekim\Desktop\ComboFix.exeAV: Kaspersky Anti-Virus 6.0 *On-access scanning disabled* (Updated)AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) * Resident AV is active.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\404Fix.exec:\windows\system32\Agent.OMZ.Fix.exec:\windows\system32\dumphive.exec:\windows\system32\IEDFix.C.exec:\windows\system32\IEDFix.exec:\windows\system32\iehelper.dllc:\windows\system32\o4Patch.exec:\windows\system32\Process.exec:\windows\system32\SrchSTS.exec:\windows\system32\tmp.regc:\windows\system32\VACFix.exec:\windows\system32\VCCLSID.exec:\windows\system32\WS2Fix.exec:\windows\system32temp#01.exec:\windows\wiaserviv.log.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Service_WinDriver((... Read more

Answer:I am infected by Spyware Protect 2009

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

2 more replies
Relevance 78.31%

hello,

This started about 5 days prior to this post. i had my browser open while playing eve-online, and all the sudden i get this spyware protect 2009 thing popping up and going ballistic. I mistakenly clicked on the popup above my toolbar, thinking it was my anti-virus detecting the spyware 2009 program. It was not. It was the malware's popup...After that, my trend micro found 2 trojans. It said it had cleaned them, but they must have re-appeared.
I found this sysguard.exe program I didn't recognize then next day, when the spyware protect came up again, leading me to believe that this was the root of my problems.
Well, anyways, after a few anti-virus/spyware removal tools and alot of cursing. I went and deleted this sysguard.exe myself and at least one of it's registeries. I didnt believe that this solved the problem completly, because my comp was still slower than norm.
My search led me here. after following the READ & RUN ME FIRST guide, I found i still had at least one trojan.

After running the slew of programs you have suggested, my machine is running significantly faster, but i am not sure if my drive is clean of this bug. I will attach my logs as asked, Thanks in advance.
 

Answer:sysguard.exe/spyware protect 2009

Welcome to Major Geeks!

Why are you running this PC with no protection software installed?

Your logs are clean but we have one more minor item to take care of before final instructions.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - Startup: PowerReg Scheduler.exe

After clicking Fix, exit HJT.


If you are not having any other malware problems, it is time to do our final steps:

We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.

If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
"%userprofile%\Desktop\combofix" /u
Notes: The space between the combofix" and the /u, it must be there.
This will uninstall... Read more

1 more replies
Relevance 78.31%

Referred here from: http://www.bleepingcomputer.com/forums/t/207118/spyware-protect-2009-spyware/ ~ OBI started receiving popups this afternoon about this program Spyware Protect 2009. I ran malwarebytes and it found the sysguard file and I deleted it. No more pop ups but my IE and Mozilla do not work. For some reason safari works. After this I posted in the Am I Infected section, now I can't run MBAM and they told me to post in here.DDS (Ver_09-02-01.01) - NTFSx86 NETWORK Run by Cody at 21:36:35.65 on Sat 02/28/2009Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_10Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.767.536 [GMT -6:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Safari\Safari.exeC:\Documents and Settings\Cody\Desktop\dds.scr============== Pseudo HJT Report ===============uInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyOverride = 127.0.0.1uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - TB: {70DE7956-479D-4EB7-8641-2B45774C350E} - No FileTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - EB: {32683183-48a0-441b-a342-7c2a440a9478} - No FileuRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odluRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgrounduRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [AdobeUpdater]... Read more

Answer:Spyware Protect 2009 Problem

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

2 more replies
Relevance 78.31%

I have been infected with spyware protect 2009 which is taking over my entire machine. Nothing can run. I have shut the machine down in order to prevent any damage (or further damage). I have the ability to take this hard drive out and install it on another computer as a secondary drive if that would help. At this time, nothing can be run on the computer as everything is immediately killed by the virus.Any help would be appreciated. Thanks!Edit: Due to logs not being present I have moved this topic from HijackThis Logs and Virus/Trojan/Spyware/Malware Removal to the more appropriate forum, to expedite assistance being rendered. ~ Animal

More replies