Computer Support Forum

completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have malware

Question: completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have malware

My computer recently became infected. At first, my taskmanager and regedit were locked. Next, my desktop background was locked. I fixed these problems, but continue to be bombarded with malware in my running processes which regenerate upon rebooting. Eventually, I could not startup Windows. Once the Windows loading page was finished, my computer would restart. I upgraded to XP Pro, can now log on, but still have malware. Please help! Thanks for your time!

Relevance 100%
Preferred Solution: completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have malware

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have malware

Re: completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have mal

Here is my MGTools.zip log. Thanks in advance for your help. Any addition info needed please let me know. Take care.

4 more replies
Relevance 126.44%

I have been having problems with my computer for two weeks now..when none of the other software removed the infection I knew I had a big problem...I found your site and I've gone through the "Read & Run Me First malware removal guide," but still have problems. (troj/virtum-gen)
 

Answer:I completed the "Read & Run Me First malware removal guide," still problems

tonymiggs said:





I have been having problems with my computer for two weeks now..when none of the other software removed the infection I knew I had a big problem...I found your site and I've gone through the "Read & Run Me First malware removal guide," but still have problems. (troj/virtum-gen)Click to expand...

I have submitted to you my logs...I thank you in advance
 

19 more replies
Relevance 126.44%

I ran the steps in the Malware removal guide, i haven't seen any new pop-ups, but i noticed that there were a few problems that bitdefender could not fix, and my laptop is still running slow.

I am running windows XP, and will attach all logs.

Thank you in advance for all you assistance.
 

Answer:ran all the steps in "Read & Run Me First malware removal guide," still have malware

Re: ran all the steps in "Read & Run Me First malware removal guide," still have malw

Here are the last three logs.
 

10 more replies
Relevance 124.41%

I went through all the suggested steps within the Malware Removal Guide and Windows XP Cleaning Procedure. My issue is the "Data Execution Protection" error from Windows only when opening Windows Explorer and only on one of the three accounts on this computer. I haven't noticed this error while using any other programs. After going through all the suggested steps, I am still having the same issue. Thank you very much for the help.

behappy7458
 

Answer:ran all the steps in "Read & Run Me First malware removal guide," still have an issue

Re: ran all the steps in "Read & Run Me First malware removal guide," still have an i

Here are the other log files.

behappy7458
 

14 more replies
Relevance 123.83%

I have run through all "Read & Run Me First malware removal guide," steps except that I could not download RootRepeal. Attached are the four logs produced. Am running only NAV 2009 on Windows XP. However, after latest reboot "NAV has detected threats that require your attention - High, INFOSTEALER, Remove Failed" appeared yet again. Please, any assistance would be most welcomed. Many thanks.
 

Answer:Re: ran all the steps in "Read & Run Me First malware removal guide,"

Welcome to Major Geeks!

We cannot continue until you attach the other 2 requetsed logs from RootRepeal and MGtools. If your problem with downloading RootRepeal said something about bandwidth limits, just scroll down to one of the other links given where it can be downloaded from on their web page.
 

1 more replies
Relevance 104.4%

I've gone through the steps from the 'READ & RUN ME FIRST. Malware Removal Guide' process and am happy with my system being malware free.

Now, what to do with the downloaded and installed items? I want to clean these out of my system. Or should I not worry about them?
 

Answer:Clean out the items from "READ & RUN ME FIRST. Malware Removal Guide"

If you do not require any help from us then do the below.


If you are not having any other malware problems, it is time to do our final steps:

We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.

If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
"%userprofile%\Desktop\combofix" /uninstall
Notes: The space between the combofix" and the /uninstall, it must be there.
This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Go to add/remove programs and uninstall HijackThis.
Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders re... Read more

1 more replies
Relevance 104.4%

Background: I watched a video on Veoh. After I finished and closed the window, weird things start to happen. I used to have McAfee but stopped updates for quite a long time?

Below are steps that I have taken.

Step 1: House Cleaning & Setup
Complete

Step 2: Enable viewing of hidden files, system files and file extensions
Complete

Step 3: Select and run the all steps in the cleaning link below based on your Windows Operating System
? If you have Windows XP, continue here:Windows XP Cleaning Procedure

SuperAntiSpyware (Free Edition) ? I first ran the scan and it crashed. I then followed the steps to uncheck the 2 ?User Kernel?? boxes and the scan completed successfully. However, when the application started to clean up the quarantined items, system crashed again. (Log attached) No further step taken with SuperAntiSpyware

Malwarebytes Anti-Malware ? I finished the scan successfully. When I tried to clean the quarantined items, system crashed. After reboot, I opened the application and deleted all items in quarantine. This time completed with no problem. (Log attached)

ComboFix ? When I tried start the application, I got an error message. ?ALERT It is NOT SAFE to continue! The contents of the ComboFix package has been compromised. Please download a fresh copy from: bleepingcomputer.com Note: You may be infected with a file patching virus (Virut)? I downloaded ComboFix again but got the same error message again.

Cou... Read more

Answer:Problems encountered "READ and RUN ME FIRST. Malware removal guide"

I need the log from running MGTools --> C:\MGLogs.zip
 

5 more replies
Relevance 104.11%

Hi there,

Long-time reader, first time poster....

I've been running through the steps on the READ & RUN ME FIRST page, trying to fix up this computer I've inherited.

I've gotten as far as the Windows XP Cleaning Procedure page and tried to run combofix.exe as instructed and ran into a snag:

The little blue window was up and running through it's scan when it seemed to pause. It never re-started, and I waited for well over an hour. I didn't touch my mouse through the whole process, and no other browsers were running or anything.

At this stage there were no other icons or toolbars on the desktop at all. Just the paused ComboFix window.

I made the decision to re-boot, and now ComboFix won't run at all. I've tried deleting it and re-downloading but the same thing keeps happening: when I run the program, the blue window pops up for a fraction of a second and then disappears. Nothing else happens.

My desktop clock is still in 24 hour time.

What gives?

Any advice is appreciated...
 

Answer:Trouble with "READ & RUN ME FIRST. Malware Removal Guide"

Welcome to Major Geeks!

Just skip ComboFix and continue.





muukiithefinn said:





My desktop clock is still in 24 hour time.

What gives?Click to expand...

This happened because ComboFix never finished.

You can fix your clock from Control Panel ->Regional and Language Options and then on the Regional Options tab click the Customize button then on the next form click the Time tab. Then change the Time format to what you want. It explains there what the lower case and upper case letters will do. Upper case H is giving you 24 hour clock settings.
 

20 more replies
Relevance 104.11%

Hi,

The last couple of days I started noticing my Gaming computer started slowing down, it's primarily used for playing computer games, but I do check my e-mail and the news on it from time to time. Today I left my browser open for a couple hours (my ISP's webmail), and when I came back to my computer there were numerous popups and programs wanting to install themselves. Now also a couple days ago I tried updating IE with Microsofts Update thing, I thought it was complete as it didn't have anything else for me to install, but after the popups started happening I checked again and it wanted me to install SP3, after installing SP3 it gave me more updates, and still the popups kept happening.

I searched the internet and found one solution that said to install Malwarebytes' Anti-Malware, which I did, and it removed a few things, but every time I reboot my computer and run Malwarebytes' Anti-Malware it keeps finding two more files (the same two every time). After this I uninstalled my old anti-virus (was AVG) and installed Norton as I ran Malwarebytes' Anti-Malware on my other computer that uses Norton and found no problems, kind of was hoping Norton would resolve the issue, but sadly it didn?t.

I finally found this website and all the steps you guys have for clearing Malware, but after doing it all I still get popups, and Malwarebytes' Anti-Malware keeps finding files after reboot. The difference is though, that now the popups seem to... Read more

Answer:Did the "READ & RUN ME FIRST. Malware Removal Guide" Still have problems :(

The other log.
 

2 more replies
Relevance 104.11%

I think I downloaded a virus. I went through the whole Malware Removal Guide and it found some problems, but I don't think it fixed everything. My laptop makes that loading sound constantly now and it's freaking me out!

I'm on Windows Vista, and I have a HijackThis log, CounterSpy log, newfiles, and runkeys. I've attached three of the four on this post, and the last one in the second post. I do not have a BitDefender or PandaActiveScan log because I am using Vista.

In case it helps, I thought I found the virus and it installed as "Video Codec" or something and I tried to uninstall it in the Programs section but it wouldn't let me. It said something like "The file could be corrupt or it could be a virus. It could be removed with the /NCRC command switch, which is not recommended." I tried deleted the files at the source manually, and I think that worked because when I tried to uninstall it again it said that it had been deleted and asked if I wanted to remove it from the programs list. I removed it, but I think the virus created another program called WebVideo Support because now I can't uninstall that and it was created today and I don't know where it came from.

Thanks so much for your help, and let me know if any other information would be helpful.
 

Answer:I've gone through the "Read & Run Me First malware removal guide," still problems

Runkeys.txt attached.
 

44 more replies
Relevance 99.18%

I ran all the malware removal steps and everything went well. I am attaching logs. I also have MGlogs.zip on my hard drive will you guys need this? Thanks for the help its worked well. Everything went in the order the directions said.
 

Answer:I ran all steps from READ & RUN ME FIRST. Malware Removal Guide

Sending the MGlogs.zip file
 

2 more replies
Relevance 90.77%

Hi! I've completed all the steps in the "READ ME FIRST" section, but haven't downloaded Hijack This! yet... I want to be sure it's the right thing to do first.

I've been using Mozilla Firefox as my browser for around a year and have never had spyware/adware troubles until recently. For some reason, I've started to get IE pop-up's while I'm surfing in Firefox. Other issues I've been having include: Aurora pop-up's; clicksearchclick links everywhere; a blackend desktop that reads WARNING YOU'RE IN DANGER etc...; there is a blue desktop underneath the black one which says "Security Warning: and a bunch of other letters and words including VXDVMM. Also, not sure if it's related but since it just started, I assume it is but when I plug something into my USB port I get a blue desktop that tells me I need to do a memory dump. My HD is 40GB and is maybe 1/2 full... plus, I just defragged a few days ago and the issue is still there. I've been using my USB port for years and have never had a problem until recently. Finally, to my knowledge I have no firewall on my system. Is there a good free/cheap one out there to help me out?

Thanks for any tips. You people are great and run a super-helpful site. It's nice to see people providing free help for other people. You are all to be commended.

Thank you!!
Steve
 

Answer:S.O.S. - having several problems. "READ ME FIRST" steps completed

Oh, one more thing: for some reason I wasn't able to run the Symantec Security Check. It wouldn't open with my Firefox browser due to an issue with my cookie settings... I allowed it to open via my Tools>Options>Cookies but it still wouldn't. Thanks!
 

19 more replies
Relevance 89.32%

I have completed the "read and run me first" guide and the "windows xp cleaning procedure" and I'm still having problems. I did not, however, run combofix because of the warning that 1/100 computers fail after use (don't like those odds). I have attached the logs that were created.

The problem I am having is that when I'm on the internet doing something I'll go to a web page and as soon as it finishes loading the page closes. It doesn't happen on all web pages just certain pages.

Before I completed the read and run me first/windows xp cleaning procedure, I could not get ad-aware or counterspy to run on my computer. I am now able to do so, but neither fixed the problem.

CounterSpy did however find "Bifrost Backdoor" (hkey_users\s-5-1-21-3965320847-892991537-108970575-1006\software\wget) and "AntiVirus Gold Rogue Security Program" (hkey_users\s-5-1-21-3965320847-892991537-108970575-1006\software\microsoft\internetexplorer\desktop\components\1) which I suspect might have something to do with my problems. But I was unable to remove the problems because my registration with counterspy has run out.

Attached are the zip from MGTools and the log from Ad-Aware. If counterspy created a log, I could not find it.

Any help is appreciated, thank you very much.
 

Answer:completed the "read and run me first" guide and still have problems

jakkalofv said:





. I did not, however, run combofix because of the warning that 1/100 computers fail after use (don't like those odds).Click to expand...

It did not say it would fail your computer. It said on 1/100 computers it will fail the disinfection process.

Since your trial copy of CounterSpy has expired, please uninstall it as it is of no use to you anymore and will just get in our way.

Please run and attach the requested log from SUPERAntispyware as gievn in the READ & RUN ME.

Also do the below which was also requested in the READ ME.


Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 6
Viewpoint Media Player <-- should have been uninstalled in step 1 of the READ ME

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment
 

3 more replies
Relevance 89.03%

Hijack this log

Can I post my hijack this log here for feed back?
 

Answer:Reports from "MALWARE REMOVAL GUIDE!"

Re: Hijack this log

Hi Bob O



As I mentioned in the earlier thread the guide I will repost below needs to be followed as you likely already know is that malware is a massive pest these days and does its level best to hide itself in any number of places, So just a Hijackthis log will not show all the malware that can be on your PC, the full guide of our steps below has a few other logs that show alot of the malware on your PC and where they are located,



Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide


Once these are attached to your next post in this thread as its best to keep all info in one place, out malware experts will be able to determine if indeed you have a malware issue and if so they will post some manula removal instructions for you to follow to clean up the remaining pest.
 

12 more replies
Relevance 88.16%

i completed the malware removal process step by step(i think). attached are logs. please check and advise. thanks in advance...bridgeman001
 

Answer:Malware removal steps completed, what now

Welcome to Major Geeks!

It would be more helpful if you explained what malware problems you are having. Also have you been working on malware removal in another forum. I see you have BFU installed and I wondered why.

You forgot to attach the log from SUPERAntiSpyware. Did it find anything?


The only items I question right now are the below two files which appear to be drivers. Do you know what these are from?
Code:

2008-10-11 23:32 .2008-10-11 23:32 11,264 -a- H:\WINDOWS\system32\drivers\uzi0ote5.sys
2008-10-10 22:24 .2008-07-08 14:54 148,496 -a- H:\WINDOWS\system32\drivers\21466736.sys

R1 is-H3JRUdrv;is-H3JRUdrv;H:\WINDOWS\system32\DRIVERS\21466736.sys [2008-07-08 148496]
R1 uzi0ote5;AVZ-RK Kernel Driver;H:\WINDOWS\system32\Drivers\uzi0ote5.sys [2008-10-11 11264]

 

1 more replies
Relevance 88.16%

Here are the reports. Let me know what to do next.

Also, I play online rpg's a lot (particularly City of Heroes/Viallains). I find myself getting a lot of "lag" when I play. Any way to put an end to this annoyance?

Thanks
 

Answer:Malware removal steps 1 - 6 completed

Hi Bookman1269!
Welcome to Major Geeks!

I'm missing 4 of your scans and the ones you ran weren't installed correctly. There is another way to do this which is a bit easier and produces less logs. Please go to this link NEW READ & RUN ME FIRST WITH MG TOOLS and follow the instructions. I suspect part of your lag may be from too many temporary files, which should be aided by running CCleaner at the beginning of the instructions in this link. You may also have malware, but I can't tell you that without seeing the logs.
When you finish with the instructions, you should have 4 logs:

- AVG Antispyware 7.5
- BitDefender (BDScan)
- Panda (activescan)
- mglogs.zip

Please make sure to follow the instructions for your operating system. Once we have a chance to look at these logs, we can tell you a little more about what's going on with your computer.

abri
 

1 more replies
Relevance 88.16%

Im having problems with my Windows 7. The machine has been behaving odd lately, a few random bluescreens, the display drivers seem to be buggy as in windows aero is not working and I cannot view any videos in vlc, having a considerate amount of missing .dll issues and I cannot access device manager to check anything. I suspect some kind of malware. I have the 5 logs attatched to my post.
 

Answer:Help with malware removal - have completed steps in FAQ

Your logs are clean. You may need to post in the software forum for further assistance. You should remove either AVG or Kaspersky Internet Security.

Have you tried doing a system restore?
 

7 more replies
Relevance 88.16%

Hi.In the last week or two, i have noticed that my computer is running slower than normal, as in taking a long time to open web pages, and on a few occasions i have been viewing a website, only to find that it dissapears and a completley different website appears.I have ran windows defender, that turned up nothing.I also have spybot, that turned up a load of usage tracks, which i removed anyway.So i just thought i would post these three logs to you to see if there is anything interesting in there.I am new to all this, but i have printed the "self help" pages out for the computer hope hijack this process  tool, to try and understand it a bit more.I am running windows xp pro sp3.internet explorer 8Thankyou for your time at looking at the logs.[attachment deleted by admin]

More replies
Relevance 87.29%

Hi....I'm new, and not very PC smart. It's taken me a week to go through all your steps for malware removal, but I'm still getting them!

My OS is Windows XP Professional service Pack 2 (build 2600) version 7.1h.
Hard Drive is 119.96GB with 107.56 free. RAM is 254MB.

The processor is 2.4 gigahertz Intel pentium 4, 8 kilobyte primary memory cache, 512 kilobyte secondary memory cache.

Don't know what all this means, but I think you need it....

Here's the problem.

Firstly, we suddenly got an automatic Windows style dial-up connection window. This had not been the normal way for us to get on line. The dialing program window shows C\WINDOWS\system32\fd2ba95f.exe

Then a series of pop-ups which include "SYSTEM INTEGRITY SCAN WIZARD", "MALICIOUS SOFTWARE REMOVAL WIZARD", ULTIMATE WINDOWS DEFENDER" TRIUMPH ON-LINE CASINO", " BT YAHOO ONSPEED", REAL PLAYER UPDATE", "THERE IS NO VIRUS PROTECTION DETECTED ON YOUR PC", and lastly, "YOUR COMPUTER IS AT RISK. NORTON VIRUS IS SWITCHED OFF". It wasn't.

To the best of my ability, I ran all the steps as outlined in your pre-posting requirements. I don't get these pop-ups all the time, in fact, they are quite rare, but they are annoying, and I don't like the idea the PC is still infected.
The dial-up connection window is always there. We just ignore it.

I have saved, ready for sending, an Activescan log, a BD scan lo... Read more

Answer:I've completed the required steps for malware removal...now what?

Welcome to Majorgeeks!

Yes! As requested in the READ & RUN ME, attach your logs if still having problems.
 

5 more replies
Relevance 87.29%

I have followed the removal guide to the letter and I am still getting the trojan downloader BHO.BHG or BHO.BGL thing anytime I hit a webpage, its making my AVG work overtime. I am also getting website redirects. I did have the virtumonde thing and tried the alternative scan for that, it keeps trying to fix the same thing every time I reboot.
the spybot scan: "couldn't fix all problems, associated files in use (memory)", I never saw that before.

Attached are the requested files when asking for help, everything was done in order.

I appreciate any help that you folks could provide and thank you in advance.

Brian
 

Answer:Malware removal steps completed, problems still around...

Additional scans requested
note, the AVG scan saved in the .tab format, it will not upload.

Thanks in advance
Brian
 

11 more replies
Relevance 86.42%

I am still getting a virtumonde and a double click error on spy bot. Also i know during the scans several items were not able to be fixed. The computer is still running pretty slow. Thanks ahead of time for your help.
 

Answer:Completed Malware removal guide... Now what?

I'm new to this but I will follow your instructions to the "T".
 

10 more replies
Relevance 86.42%

I did all the steps in the Vista Cleaning Procedure thread. I'm still have issues and I dont know what to do to solve it. Ive had problems for a long time, pretty much since I got my comp. I think i double clicked on an open comp to comp wireless network at school and i think it may have something to do with it.

I know i have problems because when I'm on campus I get banned for having spyware activity. The ban is temporary (2hrs) but a pain nonetheless. The wireless network i was talking about shows up as 'uwo 2' (greasy because the school network is 'UWO ##') and is always available even if i know i'm not within range of anything.

I have Kapernsky 2009 updated and installed on my computer and my drivers are also up to date.

I can't seem to find the other logs, I searched and restarted. In the programs respective folders there doesn't appear to be anything, i don't really understand whats going on with it.

I would also note that I have had a ton of issues with my wireless card and I've had to reinstall the drivers a few times. I still have to constantly repair my connection. Its always the same thing, that the wireless capability was turned off. Ive tried changing the settings via an online fix but it didn't do anything. This last part may just be because my wireless card is just a whack product.

I would really apreciate help! I really dont want to have to wipe my computer.

Thanks in advance. ... Read more

Answer:Completed Malware Removal Guide: Please Help

Your SAS and MBAM logs are here:




"C:\Users\David\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\"
supera~1.log 2009-02-25 465 "SUPERAntiSpyware Scan Log - 02-25-2009 - 16-34-19.log"

"C:\Users\David\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\"
mbam-l~1.txt 2009-02-25 896 "mbam-log-2009-02-25 (17-28-45).txt"Click to expand...

But the look to be clean by the size. I do not see where you ran ComboFix.

But I am not seeing any issues in your logs.
 

1 more replies
Relevance 86.42%

and here are my results. let me know if you see anything funky.

attached:
bitdef resluts
avg anit spy
hijack this
 

Answer:Completed the Malware removal guide...

attached:
getrunkeynow
shownew
 

4 more replies
Relevance 86.42%

Computer infected two days ago. Ran all of the required programs, now computer is very sluggish, not sure if I got rid of everything. Also, continue to have Google redirect virus.

Here are the logs.

Thanks for your time.

Mike
 

Answer:Computer infected with Malware, Steps from Read Me First thread completed

Additional log.
 

5 more replies
Relevance 86.13%

Followed all steps to the word...A lot of things have been fixed. However there are still problems like pop ups and my computer is very slow to connect to the internet.
 

Answer:Computer very slow after Malware removal steps completed

Computer very slow after Malware removal steps completed...bdscan

this is my bdscan results
 

10 more replies
Relevance 85.84%

i have a big problem, 2days ago 2 icons appeared on my desktop called "live safety centre"+"online sercurity guide" and im geting sercurity alerts in my task bar telling me to download antiviruses and system performance monitor and also im geting loads of pop ups, iv tryed every thing i can think off is der any1 da can help me.

Thx :confused
 

Answer:malware 2 icons on my dt called"live safety centre"+"online sercurity guide" plz help

Re: malware 2 icons on my dt called"live safety centre"+"online sercurity guide" plz

Welcome to Major Geeks!


I'm going to post two sets of instructions below. Each will be enclosed in separate Quote boxes. Make sure to complete the first one 100% before moving on to the second one.





STEP 1: Complete this procedure completely including attaching the requested log before doing the second procedure.

Download SmitfraudFix (by S!Ri) to your Desktop.

Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please attach that log in your next reply.

Note:process.exe ( which is used my SmitFraudFIx ) is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. The below is a link to what process.exe is.

http://www.be... Read more

6 more replies
Relevance 85.55%

I just completed the Malware Removal Guide and still have infections. I'm trying to clean my Dad's business computer which was infected with multiple viruses that were causing pop ups for software downloads. The one that was recurring in malwarebytes scans even after removal was AGprotect and tcpsr. I am attaching all the log files from running SUPERantispyware, malwarebytes, combofix, rootrepeal and mgtools. If I can get help as soon as possible that would be great because my dad received notice that his internet was going to be disconnected by his ISP since he had viruses.

Thanks
 

Answer:Completed Malware Removal Guide but still have problems

here's the other log
 

9 more replies
Relevance 85.55%

Whilst following the guide the following occurred also.

Didn't know what viruses I had so didn't use Special Removal Tools at this point

Uninstalled Viewpoint Media Player using add/remove programs

Had trouble restarting in safe mode for both accounts especially the non-adminstrator account. But was eventually able to run ccleaner and spybot on both

I was unable to run counterspy on both accounts in safe mode and only ran on administrator in safe mode. Ran counterspy in normal mode on the other account

Had to run bitedefender twice as the web browser closed down 3/4 the way through completion the first time. Ran Panda active scan twice as well as the web browser also closed down half way through on both occassions. Hence I just went onto the next step and did not run Panda active scan through to completion. These were both done in normal mode as unable to run in safemode with networking.

I know used the special removal tool for Virtumonde aka Winfixer successfully.

Logs are now attached.

Thanks heaps.

Rob
 

Answer:I've also completed Malware Removal Guide....Next Action?

More logs to accompany "I've also completed Malware Removal Procedures.. Next Action?

The rest of the logs.

Cheers

Rob
 

16 more replies
Relevance 85.26%

Ran everything a few times. Still comes back.
 

Answer:"Online Security guide", "Live Safety Center" malware

a few more logs
 

16 more replies
Relevance 84.97%

Hi, I have followed everything that you have said to do and can now upload the logs. I can't think of anything that brought the virus on so don't have any additional details for you. When performing the SuperAntiSpyware search, I had to cancel the first search so now have two logs. I have uploaded both of them and the log from the most recent search has been uploaded second. Also, I cannot do a system restore and it asks me to contact the domain administrator. Is there any way of being able to perform a system restore again?Thanks very much.[Saving space, attachment deleted by admin]

Answer:Regarding "Read this before requesting malware removal help"

Welcome to CH.Open HijackThis and select Do a system scan onlyPlace a check mark next to the following entries: (if there) O15 - Trusted Zone: http://*.buy-internet-security10.com O15 - Trusted Zone: http://*.buy-internetsecurity10.com O15 - Trusted Zone: http://*.is-soft-download.com O15 - Trusted Zone: http://*.is-software-download.com O15 - Trusted Zone: http://*.is-software-download25.com O15 - Trusted Zone: http://*.buy-internet-security10.com (HKLM) O15 - Trusted Zone: http://*.buy-internetsecurity10.com (HKLM).Important: Close all open windows except for HijackThis and then click Fix checked.Once completed, exit HijackThis.----------Download Lop S&D by Eric_71 and save it to your desktop. Lop S&D will only run on Windows XP and Windows VistaDisable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.Double click LopSD.exe - If you are using Windows Vista or Windows 7, right-click on the LopSD icon and select Run as administrator to perform this scan.* Choose the language by typing of the corresponding letter and press Enter* Click OK at the informative window.* Type 2 to choose Option 2 (Delete with Hosts File Restore), then press Enter* Wait until the end of the scan.* A report will be generated, post the contents of it in your next reply, along with a HijackThis log.

13 more replies
Relevance 84.68%

Looking for a review of my logs please. Not sure what is slowing down my computer. I am having lots of trouble with Microsoft Office 2007, but in general it takes super long to open up any program. My computer just started doing this recently. Before it was much faster.
 

Answer:Completed Malware Removal Guide need review of logs

Additional logs from SuperAntiSpyware.
 

4 more replies
Relevance 84.68%

Ok - I had a trojan try to take over my computer. It was trying to direct me to their brand of "spyware removal" software. I've run through everything in the Malware removal guide and everything seems to be working with one exception.

I'm still having trouble booting consistently into Windows (XP Pro). It will get to the screen just prior to all of the user accountings showing and will just completely start over in the boot process. Sometimes it will show me the boot to the last known good state screen and sometimes not. In any case, it doesn't seem to make a difference what I choose at that screen. Safe mode doesn't boot any better than normal, and the last known good configuration doesn't make any difference either. With all of this being said, usually after several attempts, it will boot like normal and all is good until the next re-boot.

I'm wondering if I have a hardware problem to go with my malware problems (terrible coincidence) or if my Windows installation is somehow corrupted?
 

Answer:Trojan problem --Malware removal guide completed

Additional log post
 

10 more replies
Relevance 83.23%

I still seem to be having issues with pop-ups. I've attached the 5 logs from running the MGtools. Can anyone take a look and tell me if I still have problems that weren't removed?
 

Answer:I performed all the steps following the malware removal guide, but...

Here are the other two logs.
 

13 more replies
Relevance 80.33%

I have followed recommended protocols to suceessfully remove the "Trovi" malware from my computer.
But have one minor problem.
The virus removal programs successfully removed the malware programs, as the program no longer runs on my computer.
But the malware appears to have left code in the windows startup directing the computer to run files which are now no longer present on my computer.
Problem is that this causes the following Windows Popup box "Run DLL" to come up , before any other windows startup programs run.

The Pop up box contains the following wording"

" There was a problem starting
C:\Users\LESTER\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
The specified module could not be found."

Does anyone have any suggestions on how to get rid of the code lines in start up that lead to the popup box, so that it will no longer occur at computer start up.

Thanks.
Lester
 

Answer:Trovi Malware - "Run DLL" pop up box remains on windows startup after malware removal

Follow this thread and attach requested reports

http://malwaretips.com/threads/malware-removal-assistance-how-to-get-help.20334/
 

1 more replies
Relevance 78.3%

Hi ...

I've been able to run most but not all of the steps outlined in the malware "sticky" ... my computer is much more stable now but i'm still getting signs (like browser popups and Ad-Aware "critical objects") of problems ...

i'm attaching a HiJackThis log

here's some additional information:
i'm running Windows XP Pro SP1

i downloaded the MGTools for Windows XP Pro but couldn't get them to run.

from Safe Mode:
i ran CCleaner
i ran Microsoft Windows Malicious Software Removal Tool
i ran Spybot
i ran Counterspy (couldn't see the Take Action button and reran in Normal Mode)
could not get Bitdefender to run

i hope i've provided enough information to get started ...
any help you could provide would be greatly appreciated ...
 

Answer:numerous problems following the malware "sticky" steps

i'm adding an attachment of the log from CounterSpy to provide additional information ... the log seems to capture most of the malware problems i'm having ... i quarantined all the files listed in the log but i'm still having problems with them ...
 

45 more replies
Relevance 77.72%

Hi,
I want to thank you guys from the bottom of my heart. I cleared most of the malware from my laptop with the usual programs. (Yes, I invited the Devil in). Something(s) was still in my system that would not allow me to access the Windows Update site, or update my virus and mal programs. I found this old thread "READ & RUN ME FIRST. Malware Removal Guide", and followed it to a tee. After reboot, Windows update was already downloading files.

Cheers,
Bill Campbell :major
 

Answer:READ & RUN ME FIRST. Malware Removal Guide

Welcome to Major Geeks!

And your welcome. Thanks for letting us know of your success.





bbillcampbell said:





I found this old thread "READ & RUN ME FIRST. Malware Removal Guide", and followed it to a tee.Click to expand...

While the thread was originally started a long time ago, the procedure in it is frequently updated. Thus it is not an old procedure. The date of the thread starting, does not equal the date of the last update. We don't recreate the thread each time the procedure is changed. We just edit the procedure.
 

1 more replies
Relevance 76.85%

I just want to verify my pc is clean and I want to be able to download service pack 3.  i have a dell xps 400 with windows xp. DDS log:.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-06-23.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume2Install Date: 1/6/2012 9:04:06 AMSystem Uptime: 1/9/2012 10:05:35 PM (0 hours ago).Motherboard: Dell Inc.           |  | 0FJ030Processor:               Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhzProcessor:               Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 228 GiB total, 170.344 GiB free.D: is CDROM ()E: is CDROM ()F: is Removable.==== Disabled Device Manager Items =============.Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: Linksys WMP110 RangePlus Wireless PCI AdapterDevice ID: PCI\VEN_168C&DEV_0023&SUBSYS_00721737&REV_01\4&5855BE9&0&20F0Manufacturer: Linksys, A Division of Cisco Systems, Inc.Name: Linksys WMP110 RangePlus Wireless PCI AdapterPNP Device ID: PCI\VEN_168C&DEV_0023&SUBSYS_00721737&REV_01\4&5855BE9&0&20F0Service: WMP110.==== System Restore Points ===================.RP1: 1/6/2012 9:15:55 AM - System CheckpointRP2: 1/6/2012 10:15:25 AM - Software Dist... Read more

Answer:need someone to read logs- completed all steps on virus removal.

Malwarebyte logs:1/9/2012 10:12:06 PMmbam-log-2012-01-09 (22-12-06).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 197467Time elapsed: 16 minute(s), 46 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)

13 more replies
Relevance 76.85%

First of all, I am pretty certain that I have malware...my main problem is that I have the blue default background saying "Warning: Spware Has infected your PC..."

I am running into obstacle after obstacle trying to perform the read & run first instructions. I first uninstalled all the listed malware programs and then tried to install the latest Java (in safe mode) and I got a message saying "The system administrator has set polices to prevent this installation". I then finished the rest of step 1 "house cleaning and setup" with no problems. I also had no problems in step 2.

I then went to step 3 "Windows XP cleaning" and had no problems downloading the tools to a thumb drive from my laptop. I then started my PC in safe mode and tried to run SAS and kept getting an error message saying "SUPERAntiSPyware Application has encountered a problem and needs to close".

I then tried to install Spybot - Search & Destroy, but when I clicked install, I got a file download error "Error sending request. The server name or address could not be resolved." Of course, at this point, I was pretty dismayed but kept pushing forward with the "Windows XP cleaning" instructions.

Well, I then went to try to install Malwarebytes Anti-Malware and it got hung up and never fully installed. This is when I decided to finally give up. So where do I go from here? Please help.


Here are my main ques... Read more

Answer:Problems with Malware Removal Guide Read & Run First

Hello, YOYOADRIAN

These instructions should help.

First:
Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.
Scroll down to ?Non-plug and Play Drivers? and click the plus icon to open those drivers.
Then search for TDSSserv.sys
Let me know if you find this or not.
If you do find it, right click on it, and select Disable. Do not try to uninstall it.
Also if this is found and you disable it, then reboot and see if you can run the other scans that would not run.

Secondly:
Important Notice: A new version of SUPERAntiSpyware is out that should help with this problem from Vundo.

Please uninstall your current version (this is necessary).
Then download this SUPERAntiSpyware
Install this new version. It may tell you that you need to reboot to complete the installation. You must reboot at this time.
After the reboot, run SUPERAntiSpyware and immediately click the Check for Updates button to get more updates for the database.
Now run a new full scan of your system. And attach this first log later.
Since this infection has been reappearing after a reboot, you will have to reboot again and then run an additional scan to make sure it comes back clean. Attach this second log too.

*If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run the steps in safe boot mode but make sure you tell us what you did later when you post logs.

Links are given in ... Read more

1 more replies
Relevance 76.85%

Hi I was following "READ & RUN ME FIRST. Malware Removal Guide"
Completed till "... locate the DisableUAC.reg file in the C:\MGtools folder and double click on it."
When double clicked Spybot ? Search & Destroy poped and scaned "DisableUAC.reg" said nothing found and asked to close.
How do I go about now.
 

Answer:Help Needed with READ & RUN ME FIRST. Malware Removal Guide

XP-96943172.EXE hoping somebody would notice and help

Unable to log into safe mode when tried to do so i was asked to Press Esc to to stop loading of Sptd.sys watever i do system reboots.
Scaned with Malwarebytes there were 67 instances of malware removed them but still could not log into Safe mode.
Found the following in Startup of MsConfig
Startup Item-----Command ---------------------------------------Location
XP-96943172 ----C:\windows\system32\XP-96943172.EXE----SOFTWARE\Microsoft\Windows\CurrentVersion\Run
iiiiii --------------- C:\windows\system32\XP-969~1.EXE -------SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Unchecked them but when ever i reboot i find them checked.
Searched the Net and found its 278.EXE Trojan/malware....
There is another Thread of mine here
" Help Needed with READ & RUN ME FIRST. Malware Removal Guide " in Forum: Malware Removal
I am struck at the Step 3 don't know how to go about, hoping somebody would notice and help
I know i cant post a new thread but I am desperate :cry please help me
 

21 more replies
Relevance 76.85%

While using the Google Chrome internet browser, moments ago, the page I was attempting to open turned bright red and was overtaken by what appears to be a Security Essentials message. There are various smaller windows with messages telling me that my personal logins and bank information was targeted so I need to freeze my accounts and contact 1(888) 944-5964 for the urgent help needed.

Because I have had a Security Essentials message in the recent past that turned out to be nothing, I am not panicking. Last time, I did call the phone number but found that it was just a company trying to get me to pay for their clean-up services. I declined their services and, instead, went to the Major Geeks Malware Removal Guide and had an expert confirm that all was well.

Consequently, I think it is possible this alert (although it has a much more elaborate screen presentation) may also be a fake so I am back again to follow the removal protocol. I am now at the prep-step of using the CCleaner, but the supposed Security Update will not allow me to close the Google Chrome window. It just makes a dinging sound. Should I tell the CCleaner to force it to shut down?

Thanks, in advance, for any guidance that can be provided. I would like to get through the protocol ASAP in case the alert is valid!
 

Answer:Question About Following Read & Run Me First Malware Removal Guide

I am sure it is a fake alert. Go ahead and force the closure then do the requested scans and we will look at your system.
 

2 more replies
Relevance 76.85%

Hello I am new to the forum.
My daughter downloaded what she claimed was an active-X add-on that ended up putting about 8 different virus/spyware/malware on my computer including cycberlog-x, worm_nucrp??, icthis.exe etc.
Following some of the reccomendations on this site and utilizing some of the online scans I was able to find and kill all of them but I have one lingering problem. One of those programs seems to have shut down all my access to the control panel, internet options and the security center. The link to the control panel is completely gone from my start/settings table. I had placed shortcuts to the control panel, securtiy center and internet options on my desktop but now when I click them I get the following error "This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator"
It's like the malware has setup some kind of network and locked me out.
I went to the MSN help site and it told me to login as the administrator and click Start, Run, and then enter gpsedit.msc. When I did that that i get a "file not found" error.:cry
I know I can load programs because I was able to load Hijackthis, Spyware Doctor and a couple others but I can't uninstall anything.
Does anyone have any idea how to fix this?
Thanks in advance,
Marc
 

Answer:Tried to run the READ & RUN ME FIRST. Malware Removal Guide/ can't even do 1st step.

Re: Tried to run the READ & RUN ME FIRST. Malware Removal Guide/ can't even do 1st st

OK I was actually able to find a way to do everything but the "Add or Remove" programs.
Still have the same issue.
 

11 more replies
Relevance 76.85%

Hey guys, recently my computer started behaving strangely and I believe I have some sort of a virus. Two icons, with the names of "Live Safety Center" and "Online Security Guide," downloaded themselves onto my desktop. Also I would receive random pop-ups in IE imploring me to "find true love," among other things. Also I would receive a flashing exclamation point on my desktop toolbar stating that I had some sort of a virus and that I should go to a certain site to download software to remove it. There were a few other notifications that would pop up that would say other things, but at the moment I can't remember exactly what they said (although I think it also had to do with a virus on the computer and asking me to click on something to get rid of it). Any ideas on what's happening here? Thank you in advance for taking a look for me.

Here's my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:06 AM, on 11/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system... Read more

Answer:Malware/Virus Problem ("Live Safety Center/Online Security Guide")

Please do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your thread in the HijackThis Log Help Forum.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.

What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------

9 more replies
Relevance 76.85%

Hello, i have followed the 5 steps and have the reports which you will need, we have the online security guide pop-up on the computer asking us to buy it to ensure protection. Upon doing a Panda ActiveScan, it has shown 3 Spyware files, and also 3 hacking tools, i have saved the report from panda scan and i can post it in this thread if required along with the attached extra.txt. Below is the main.txt copied from the Deckard System Scanner.

Deckard's System Scanner v20071014.68
Run by brian lee on 2008-02-25 2028
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
13: 2008-02-25 2032 UTC - RP155 - Deckard's System Scanner Restore Point
12: 2008-02-25 20:01:07 UTC - RP154 - Software Distribution Service 3.0
11: 2008-02-24 21:25:01 UTC - RP153 - System Checkpoint
10: 2008-02-17 20:05:19 UTC - RP152 - System Checkpoint
9: 2008-02-16 19:51:49 UTC - RP151 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-12-04 14:27:11 UTC - RP143 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as brian lee.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
... Read more

More replies
Relevance 75.98%

Original problems before following the removal guide
1. bprotector
2. Ngnix (chrome, IE)
3. Yontoo
4. Babylon (Chrome, IE)

i also had firefox but removed before running the steps.

Please see the logs attached.

After running the steps:
1. bprotector - STILL AN ISSUE
2. Ngnix (chrome, IE) - Resolved
3. Yontoo - STILL AN ISSUE
4. Babylon (Chrome, IE) - seems to be Resolved

Note: bprotector also spread to my external hard disk.
 

Answer:LOGS - after completing the READ & RUN ME FIRST Malware removal guide

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




O4 - HKCU\..\Run: [MSIDLL] C:\Windows\SysWOW64\rundll32.exe msihez32.dll,pvnWkKAGtClick to expand...

After clicking Fix, exit HJT.

Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.




REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSIDLL"=-

[HKEY_USERS\S-1-5-21-3441783611-3546664065-2954317798-1000\Software\Microsoft\Windows\CurrentVersion\run]
"MSIDLL"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Expl... Read more

9 more replies
Relevance 75.98%

I have a laptop that is having various issues. It started out when my browser was hijacked and continued on to not being able to get on the internet at all and to not being able to update any programs....virus/spyware or other wise.

Many times these programs would run and then error out with Dr. Watson errors when trying to delete any found issues.

After various iterations of Safe Mode/Regular Mode, I finally got some of the programs to run. The one thing that I must do to get to the Windows GUI is to start explorer via Task Manager after every reboot. Sometimes, I must start explorer more than once before the GUI shows up.

1. SUPERAntiSpyware - ran ok. Log attached
2. Spybot S&D - never could install the latest version. Ran an older version and finally got it to update the definitions. Log attached.
3. Malwarebytes Anti-Malware - Scans ok, but fails when trying to remove found issues.
4. ComboFix - ran ok, rebooted the machine and hung. I killed the ComboFix window and started the GUI. Then I saw the ComboFix window flash by. There is no c:\combofix.txt , but did find one in C:\cf\combofix.txt that gives a warning about not having the Recovery Console installed. Log attached.
5.
 

Answer:Issues with various parts of READ & RUN ME FIRST. Malware Removal Guide

Last log file.
 

16 more replies
Relevance 75.98%

A couple of days ago I was searching a torrent site and got attacked by about 8 Trojans in the space of a couple of minutes AVG picked all of these up and quarrantined them, but ever since I have not been able to run any antivirus software, AVG opens but will not let me scan, Spybot won`t open at all ( I get an error message saying " windows cannot access the specified device,path or file, you may not have the appropriate permissions to access the item and it was the same story with a few other antivirus/spyware programs ( malwarebytes anti-malware, Avast ) I have run the Read Me, Run Me First malware removal guide and when I ran superantispyware it removed 4 trojans and 2 rootkits and then rebooted my system, at which point I got the same error message as before, preventing me from getting a log for the scan. Tried downloading Malwarebytes anti - malware running it again and had the same issue as before, it installed fine, started running and then quit a few seconds later. So after running the read me run me procedure I have the RootRepeal log, the combofix log and the MGtools log. Hopefully you guys can help because I am stumped!!!
 

Answer:Have run the Read Me, Run Me First Malware Removal Guide and I stll have problems

Re: Have run the Read Me, Run Me First Malware Removal Guide and I stll have problem

Welcome to Major Geeks!


Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)

After clicking Fix, exit HJT.



Now we need to use ComboFix

Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.

Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
Open Notepad and copy/paste the text in the below quote box into it:


... Read more

9 more replies
Relevance 106.19%

Please help. I'm such a newbie and I have no idea what to do.:-o

AVG detected Trojans (a lot) so I tried to do "READ & RUN ME FIRST. Malware Removal Guide." I had no problems up until the part where you have to run RootRepeal.exe, and then Explorer crashed and I can't fix it. The moment I restart explorer it crashes again. :cry I can't do anything on my PC anymore...

What went wrong? What should I do? I attached some of the reports I managed to get. Hope they help.
 

Answer:Windows Explorer crash during READ & RUN ME FIRST. Malware Removal Guide

This is the AVG report and the RootRepeal error log just in case you need it too. thanks!
 

15 more replies
Relevance 105.37%

The How to Protect yourself from malware! Guide is good very useful information but it lacks information on other tools that have actually been found more effective at stopping Malware than just using realtime Antivirus/antispyware engines, that can stop unknown malware like Host-based Intrusion Prevention (HIPS), the D+ in Comodo, or spyshelter, ECT or Virtualization software which also is not covered that can isolate a threat so it doesn't even affect your Original OS files, like Sandboxie which isolates browsers and other files, or the sandbox in comodo that Isolates unknown files, or Bufferzone Pro Free, Returnil or Wondershare TimeFreeze which isolates everything in a virtual OS ECT

Also I don't remember their being an option to install ASK toolbar in any current comodo set up, they removed it in 2009.

Comodo has changed allot and none of the important Comodo IS features are covered?

Sorry if I sound like a Bug but Computer security is advancing and their are better and more effective ways to protect yourself than just using a realtime antivirus engine. and by the looks of it the Tutorial needs more updating anyways.

A Combo I like to use is
Comodo Internet Security, in Proactive mode with sandbox, antivirus, Defense +, and Firewall Enabled.

MalwareBytes Pro Antimalware in Realtime.

SpyBot SD Resident, Immunized.

SandBoxie for browsing the unknown ect.

PeerBlock to block malicious servers/ip's.

ThreatFire, Helps protect against known and unk... Read more

Answer:The "How to Protect yourself from malware!" Guide.

Welcome to Major Geeks!

Thanks for your comments.

There are quite a few tools that we don't list. That does not make them bad nor does it mean they are good. Comodo is listed in the How to protect thread in the antivirus and also in the firewall area. We do not go into some of the other areas of protection in detail for a couple reasons. One, the thread is meant to be as useful to ALL people with all computers ( old and new ) as possible. The newer forms of protection can be problematic for older/slower PCs with smaller amounts of memory. The second reason is that experience as shown that if all of the instructions in that thread are properly followed, you don't need sandboxes or HIPS anyway and you will not suffer from the effects that they have on PCs. Many many people of complained to us about how slow their PCs were after using tools like Threatfire and sandbox type software. In addition, use of these tools caused many PC novices to intermediate users all kinds of other grief and loss of information and loss of settings that they did not realize they were losing due to the sandbox affects.

Also we have had many, many, many cases where people have had all this kind of protection you mention installed, and still have gotten severely infected. And all this protection just made it harder to manually clean the PC. It did not stop the infections. The educated end user ( which is what that sticky is pushing ) is the most important piece of protecti... Read more

1 more replies
Relevance 105.37%

Hi, I am using an Acer Aspire 5740g Windows 7 laptop (details in txt in another thread as noted below).

Thankyou chaslang and majorgeeks team for your malware removal guide- it has helped me remove some nasty malware. However, I have since noticed a problem with running audio in web browsers. I have written a more detailed post in the drivers thread under "Audio stopped working in browsers after running malware removal".

If you have time I would really appreciate someone having a look.

Thanks
 

Answer:ran READ AND RUN ME FIRST malware removal guide and audio no longer works in browsers

Re: ran READ AND RUN ME FIRST malware removal guide and audio no longer works in brow

Welcome to Major Geeks!

You're welcome.





albertpancakes said:





If you have time I would really appreciate someone having a look.Click to expand...

Unless you attach the 5 logs we requested, we have no idea what was found, deleted, or changed and we don't know where to begin in helping you. You need to attach the original logs, not new logs which would not show what was done the first time thru.
 

7 more replies
Relevance 104.55%

can someone please help me with this? Her are my logs:http://www.filedropper.com/superantispywarescanlog-06-01-2009-18-45-28_1http://www.filedropper.com/mbam-log-2009-06-0120-19-35_1http://www.filedropper.com/hijackthis_3[attachment deleted by admin]

More replies
Relevance 104.14%

I have followed your instructions as per thread: READ & RUN ME FIRST Malware Removal Guide (incl. spyware, virus, trojan, hijacker) by chaslang. Last edited by chaslang; 09-23-11 at 22:56

http://forums.majorgeeks.com/showthread.php?t=35407

Let me congratulate with the clarity of expression and the methodical approach to problem solving showed by chaslang. I found the guideline very useful and easy to read.

This is what I have done. I have followed step 1 to 7 (however I missed out step 6 by mistake), so I had to start all over again from scratch after I ran Combofix.

For the records:
1. SUPERAntiSpyware took a staggering 3hrs to run first time. Second time it took only just over 40minutes;
2. Malware Anti-malware took nearly 2hrs the first time. just over 30 minutes the second time.
3. Combofix deleted some .dll the first time. Unfortunately I have no log file as I had realised i DID NOT DISBALED CD emulator then...so I started all over again.

Results:
Nothing was found by the various removal tools. I have attached log files to this thread for your consideration.

Current status:
- apparently cleaned laptop (windows xp sp3)
- AVG 2012 re-installed with firewall.
- Defogger still disabled
- Settings.dat file has appeared on my desktop (I think this was created by Combofix)
- When rebooting system the screen shows black screen with three option
- Normal
- safe mode
- (cant remember the third option). Sorry. The system reboot OK. Normal mode.
- Malware Anti-malware ... Read more

Answer:READ & RUN ME FIRST Malware Removal Guide (incl. spyware, virus, trojan, hijacker)

Re: READ & RUN ME FIRST Malware Removal Guide (incl. spyware, virus, trojan, hijacker

Welcome to Major Geeks!

Please do no make your own ZIP files. Attach the logs as requested. Please attach the original C:\MGlogs.zip file as is. What you attach does not have the MGlogs.zip file required.
 

5 more replies
Relevance 104.14%

See new READ ME PROCESS dated 10-09-05 below or above depending on how you chose to display threads ( oldest first or newest first ).
 

Answer:READ & RUN ME FIRST Malware Removal Guide (incl. spyware, virus, trojan, hijacker)

READ & RUN ME FIRST. Malware Removal Guide

Please Read These Important Notes for the Malware Removal Guide: Yes we know they are long but they are important!

NOTICES:

Backup Important Data First - While in most cases, we do not have problems, we cannot guarantee that there will not be any. Thus it would be a very good idea for you to begin by backing up all important personal information before undertaking the act of malware removal. You can bypass this step at your own risk, but remember that we cannot guarantee what the result will be from trying to remove malware from your PC.
After the automatic cleaning procedures/instructions in this guide, additional manual removal steps will almost always be required. So do not be surprised if you still have problems when you finish the instructions.
Do not make the false assumption that this thread is old or out of date based on the date the thread was started ( 10-09-05 02:49 ). Look at the Last Edited date at the bottom of this message as this procedures does evolve with time.
Please do not create any new threads ( even at different websites ) on this same topic while we are working on your system as it wastes another volunteer's time. If you are being helped elsewhere or have solved the issue or no longer wish to continue, please post a message in your thread and it will be closed.
Please do not try to fix anything without being asked.
Please attach all requested logs. Do not post them inline with your messages or ... Read more

1 more replies
Relevance 103.32%

Hello all, I'd like to start off by saying that I just can't tell you how helpful your site has been to me. I called myself safe before for just virus scanning and using AdAware, but there was so much I was (obviously) missing. I have completed all the steps and I have found a lot of things I didn't even know I had.

I'll start off with what led me to your site. A few days ago, I booted up my computer, instantly my SpyBot resident scanner went off saying that there has been a registry change. I did not recognize it, so instantly I punched in my query into google, and there you were.

Now, after looking up the file, I saw that it could possibly be the sign of my computer being infected by a rootkit. I panicked, but luckily, your sticky thread on what to do first helped tremendously.

The problem lies here: I did not notice any signs of a virus or rootkit on my own, so I do not know if my problem has been truly fixed. Yes, the scans did find things, and yes, I did repair and fix as needed. This is for my peace of mind on the safety of my system. Attached are my HijackThis log, my CounterSpy log and my Panda: Active scan log.

If you could, just check them and see if I still have any problems, please.

Once again, I am TREMENDOUSLY grateful for this website and all of your help, present and future. Thanks so much!

//t3hCyborg
 

Answer:Malware Help:All steps completed, Just making sure...

My computer also seems to be running a little slower than usual... What do you think this could be?

Some of the new Anti-Malware programs run on start-up, but I don't think they would consume that much memory...
 

7 more replies
Relevance 103.32%

Hi, I followed the instructions to remove malware from this forum, but I'm not sure if it's all gone or not. I had the windows security alerts virus thing, and I've managed to stop it popping up all the time and blocking my access to the internet and other programs, but the internet is running more slowly than usual still. I'll attach my logs that I could figure out how to find, I might need help.
 

Answer:Need help removing malware-have completed steps

You only attched a Combofix log. You also need to be attaching logs from:


SUPERantispyware
Malware Bytes
Root Repeal (If it ran successfully)
MGTools

 

1 more replies
Relevance 102.91%

I was infected spyaxe and usually, I can do things myself as soon as I get into safemode. However, this time, I'm unable to get into safemode. I've downloaded the following programs:

-Ad-Aware SE
-CCleaner
-Microsoft® Windows AntiSpyware .Install it and update it (this can only be used with Windows 2000/XP/2003)
-Microsoft Windows Malicious Software Removal Tool (this can only be used with Windows 2000/XP/2003)
-SpyBot - Search & Destroy
-Hijack This!
-CWShredder
-Kill2me
-SmitRem

And I've also ran BitDefender and PandaActiveScan which took me almost 8 hours. At first, I had that little bubble in the bottom righthand corner of the screen that tells me I'm infected. That's spyaxe I'm guessing and now that I've ran all of those programs, it's gone. However, my mainpage is still getting hijacked and I'm unable to send e-mails through outlook. I'm running out of options. When I try to boot in safe mode, it gets to a certain file that it tries to load and then it reboots and does this infinitely. The two files that I believe it tries to load before rebooting is vax347h.sys and d347bus.sys.
I've attached my activescan log and my hijackthis log and was wondering if you guys could assist me. Please advise. Thank you very much.
 

Answer:safe mode hijacked - tried everything in "read me first" - spyware/malware

Start by Manually deleting all the files that you can that are listed in the ActiveScan log. Keep track of what deletes and what does not.

Attach the BitDefender log and also smitfiles.txt from SmitRem!
 

7 more replies
Relevance 102.5%

Ok, first off, I'm running XP service pack 2. I visited www.rajahwwf.com the other day (a wrestling site) where I believe I received the malware that is on my machine. There was an executable on my desktop that I mistook for another .exe that I normally use. I wasn't even looking when I clicked it. I believe it installed a series of different malware programs such as SurfSidekick 3 and Zeno Search assistant among others. Having used HJT before, I used the normal process of deleting the bad programs from Add/Remove programs, then I ran HJT and deleted the files associated with the malware (got them from various message boards such as this one). That did not help though, so I ended up here because I absolutely want to be rid of these popups (heck, I even get a popup every 30 or so seconds as I type this). I get a series of popups every 5 minutes with others that popup when I visit websites (geeks.com shows up when I visit here). I have gone through the read and run section here and only ran into a few problems. Here they are:

I couldn't run Ccleaner in safe mode because I kept getting the message "Runtime error '0'"
Ad-Aware SE couldn't remove the file "k0nola53.dll"
Spybost Search & Destroy couldn't fix the entry "Command Service"
I had a Look 2 Me parasite, but I ran Kill2Me and it claims it removed it.
I also couldn't download Windows Defender. It said something like I didn't have a verifi... Read more

Answer:I followed "Read & Run First" directions...NOW LETS TOAST THIS MALWARE!!!

PLEAAAAAASE!!!! Anybody? I'm about to pull my hair out. This is the worst I've ever had malware.
 

18 more replies
Relevance 102.09%

Good Morning ,

I have successfully completed all steps. I started to notice a difference in my computer the last month or so. Incredibly slow and programs not running the way they should (windows wants to reinstall, missing files etc)

Please find attached my logs.
 

Answer:Malware Detected - successfully completed all steps ...

Pleaae also find my mglogs
 

4 more replies
Relevance 102.09%

Hello and this is my first post.. I'm using an account a friend let me use.

Earlier this week I was viewing a page in Internet Explorer(Mind that I don't prefer IE, I mainly use Firefox) and something attacked my system and started bringing up popups about a "free spyware remover" program, telling me my computer was infected. Knowing this was a hoax, I closed them, only to find that they'd uploaded something to my system. It seemed like adware. There was an icon in the taskbar that would not go away, saying the same thing as the popups- "Your computer is infected! Click here to download spyware remover!" On top of that, the files or whatever have disabled most administrative capabilities I once had, like the Control Panel, Add/Remove programs, and even the Desktop Properties menu.

Now I've tried at least 4 programs to rid myself of this annoying problem- Norton, SpyBot S&D, and none have fixed it.

A friend recommended me to you guys and it looks like you really know what you're doing. I've completed steps 1-5 to the best of my abilities as of now. I couldn't even do step 1 due to the fact that the malicious stuff has disabled my Control Panel. Step 2 concerning the Panda ActiveScan was unsuccessful, as the popup window doing the scan mysteriously closed part-way through the scan.

Anyway, here's the DSS and HijackThis reports. Any help is greatly appreciated. I want my computer back! And REVENGE!

Deckard's System Scanner v20070826.66
R... Read more

Answer:Spyware/Malware/SOMETHING Steps 1-5 completed(kind of)

Sorry for the double post, there doesn't seem to be an edit button.

Also try to keep it in layman's terms, I'm not that much of a computer wizard- just a gamer.

16 more replies
Relevance 101.68%

I'm pretty sure my laptop had something going on (Windows XP 32-bit). It says 70GB of data is used, but I've deleted every file off the computer, except the Programs. It would freeze before I could even open the Programs list...

I somehow managed to run DDS and have attached the logs, but as I was running gmer, maybe 2 minutes in, the screen went blue then the computer restarted. However, this is the text that I'm getting upon start up:
Yukon PXE v4.17.8.1 (alpha) (20060116)
(C)Copyright 2003-2006 Marvell(R). All rights reserved.
Pre-boot eXecution Environment (PXE) v2.1
(C)Copyright 1997-2000 Intel Corporation.
PXE-E61: MEdia test failure, check cable
PXE-M0F: Exiting PXE ROM.
Operating System not found

....I don't know what to do now... Any help would be great, thanks :\ I figured it was a dead laptop anyway, but thought maybe I could revive it... I think it's even more dead now *lol*


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000
Run by Juhua Zhou at 0:20:25 on 2011-09-20
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.957.277 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k ... Read more

Answer:My laptop got killed during the "Preparing for the Malware Removal" process :\

Ooh, I just started it and it worked. But can you still help me? A couple weeks ago my little sister downloaded a lot of stuff that I'm not sure of. I thought I got rid of it all, but the laptop is VERY slow now.

2 more replies
Relevance 101.68%

I have a virus from virus protector which shuts down desktop and the administrator account. I can get access into the other user account but it needs an administrator account which i cannot access. Is there a way to get access to the administator account or to download a virus removal that does not need approval. Any help would be greatly appreciated. many thanks

Celeste
 

More replies
Relevance 101.68%

As my title suggests, I followed all of the steps in malware removal for XP but the "Shop to Win 2" is still showing in the Start\Programs. Can you help me remove it please. I don't know how to attach the logs from Malwarebytes or Spybot but I've attached other logs which you've asked for.

Thanks in advance.
 

Answer:I followed the XP malware removal but I still have "Shop toWin 2" showing in my Progr

Re: I followed the XP malware removal but I still have "Shop toWin 2" showing in my P

I can have you attach logs from SUPERantispyware and Malware Bytes soon, for now just attach the log from running MGTools ---> C:\MGLogs.zip.
 

21 more replies
Relevance 101.68%

I inadvertenly downloaded the wrong site. I meant to get on the FedEx tracking site but ended up with "PackageTracking by myway". This myway Malware has taken over and the problems worsen. Rather than having Google Chrome as my web browser it is now "myway". Also I am on the home page and click Chrome and MicroSost Word pops up instead ? I have tried everything I know to kill it Search/Programs and Features/ etc but there is no trace of it anywhere that I can find ?
I don't have the $ to go thru MicroSoft so I'm hoping this site will prove useful.

Thanks,
Kevin in Boston

Not sure if my email was posted with my question so here it is:

<[email protected]>
 

More replies
Relevance 101.27%

I am not sure what the current issue is, but I am thinking there is still some remnants of the FBI ransomware. I would like to use your expertise to help solve/resolve this problem.

There are no logs attached as I canot even boot up.
 

Answer:Malware Removal Attempted: Kaspersky Database Update Failure - "Databases Corrupted"

Hi, what is the version of your system?
 

11 more replies
Relevance 101.27%

Hello,
I have been removing malware from my friend's computer. I think I have removed most of it except for "US Tech Support Framework". It shows up in Control Panel and wants to run a program when I want to uninstall it. So I searched the internet and found this thread at MajorGeeks.com.

Before I begin to delete more things. I thought it might be a good idea to have someone with more knowledge take a look at the log files. I went through all the steps at the READ & RUN ME FIRST thread and generated the following log files.

Will someone please take a look at these files and recommend the next step?

Thanks!
 

Answer:Malware removal and "US Tech Support Framework"

Update: "Extension 1.0"

uuuuugh!

OK, Chrome is now redirecting when I do a search. It was here before, but I had removed all the extensions in Chrome and all was good.

But now it seems like it is back. After I had removed all the extensions there were none. Now there is one called "Extension 1.0"

Would someone please provide some suggestions on how to approach this problem too?

Thanks!

Should this be it's own thread, or is it OK to leave it here?
 

6 more replies
Relevance 101.27%

OK, so last week I got a really nasty virus/malware. A program called "defender" got installed onto my computer, ever since my computers hasn't been the same. Whenever I turned the computer on this fake virus scanner called "defender" would come on and not let me do anything on my computer, wouldn't let me open task manager to kill the program. Some how I managed to take it off using msconfig on safe mode. Ever since my registry is all messed up, Windows hasn't been updating, programs won't load sometimes, High cpu usage, and computer won't shut down, random site open up while I'm on the browser. I did virus scan with ESET and Spyboy search and destroy, and my computer seem's clean but I'm still having problems.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:09:11 AM, on 8/29/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17099)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Progra... Read more

Answer:"DEFENDER" Virus, Spyware, Malware Removal! HELP

helpp??!
 

1 more replies
Relevance 101.27%

I'm helping a friend with a computer that got infected when she opened an email attachment. I've used your tools many times before, but this is a tough one. The screens that pop up show "Virus Protector." I have your tools on a flash drive, but I cannot access them. Even in Safe Mode the pop-ups are fast and furious, and I cannot get to Start or anything else. Task Manager is also disabled, so I can't use it to stop processes and perhaps get past the pop-up windows.

Where should I begin? Thanks in advance for your help.
 

Answer:"Virus Protector" is preventing malware removal

If you can't access anything ( start menu / run / task manager / command prompt / cd drive ) in either normal or safe mode, there isn't much we can do to help you. All we can suggest is this:





[*]Take the hard disk out and scan it in another well protected PC
[*]Use another PC to make a special CD which you can boot from to try and run virus and spyware scans or to at least backup data. CDs like the below:

http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html
UBCD4Win
http://www.sysresccd.org/Main_Page
http://trinityhome.org/Home/index.php?wpid=1&front_id=12
[*]reinstall
Click to expand...


 

3 more replies
Relevance 101.27%

A customer picked up the Windows Vista Recovery virus and I could use some help with the removal procedure. I'm currently scanning with a newly created Norton Internet Security bootable CD. The scan takes a while and I don't know yet if it will fully detect and remove the problem. In case you're not familiar with it the virus blocks access to anti-malware apps, hides user data files and is active in SAFE mode. I can't find a way to get to the usual load points, such as "appdata" etc, to see find the virus EXE. I have booted with a rescue CD, but access to folders in the user profile is denied. Is there a removal FAQ for this one? TIA.

Answer:"Windows Vista Recovery" malware removal

See if the manual removal instructions here, will help Windows Vista Recovery and Windows 7 Recovery - Virus Solution and Removal

3 more replies
Relevance 101.27%

This morning i got on my computer and i saw 15 webpages, and everything was slow
I closed all them out and then noticed a big red screen with biohazard sign and the privacy thing, and when i clicked on it my wallpaper it would take me to a site and download something, but my nortan antivirus detected it and denied access to it.
So i went to the folder and deleted it, the red screen went away.
my desktop wallpaper turned white and i couldnt find a way to get rid of it.
i then turned off my computer and left my home.
i got home and turned on my computer and the red screen came up again so then my friend told me to get spybot and i deleleted some items including the privacy danger thing. but my wallpaper is still messed up and im afraid the malware would come back. help???

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:32 AM, on 11/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\... Read more

Answer:Solved: incomplete removal of "privacy_danger" malware

Multiple request threads - see here. This thread needs closing.
 

2 more replies
Relevance 101.27%

The issue is a Malware/Virus Program that is on my Wife's laptop. At startup, the virus shuts down all other programs except the Operating System. The Virus program says the computer is infected, The Virus Program sends the user to a screen to put in Payment information to buy the fake program. This Virus makes the background turn blue and also there are 1's and 0's in the background too.

Scans and attachments are included. I do have a recovery/reboot disk available if needed.








.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Ashley at 17:21:19.86 on Sat 03/05/2011
Internet Explorer: 8.0.6001.19019
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1917.1459 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system3... Read more

Answer:"System Tool Virus" Malware Removal

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

A number of steps are required to remove this infection.

You will find the instructions here:

Remove System Tool and SystemTool (Uninstall Guide)

If at any time you need advice before proceeding please ask for help here.

p.s.
The <random>.exe file mentioned in the article is this one.
uRunOnce: [jNnOkKb06310] c:\programdata\jnnokkb06310\jNnOkKb06310.exe

At any time when you can disable the process via the Task Manager.

CTRL+ALT+DEL KEY should give you the way to the Task Manager.
===

When you ... Read more

2 more replies
Relevance 100.86%

Hi guys,

Hopefully you will bear with me - i'll keep it short.

I've had a problem with an AV8 redirect - usual story, a fake 'scan' of files appears in an IE window, a pop up to download a 'remedy' appears.

I hope this won't annoy anyone - but i did ALL the readme malware removal instructions two weeks ago. None of the programs found anything (but i found that i did not have privileges to open some of my own folders afterwards? - i thought because of the settings the anti-malware programs tweaked?). Anyway, i found nothing after following the malware removal guide from start to finish. I also restored my system to an earlier time then. And i've been sailing along since, thinking that it must have been something very simple that was deleted by CCleaner (which i use daily) or Spybot (which i use regularly) or one of the programs recommended in the readme (which i then removed, because they didn't find anything anyway and i had similar products). Anyway, as i result i don't have any logs from the recmmened programs (as they didn't find anything, and i removed them shortly afterwards, thinking, as i say, everything was fine...)

And then last night it happened again so i went back to the malware removal guide, and yes, i did cherry pick it this time - i downloaded superantispyware again - which again found nothing. I also installed Window Essentials, which also found nothing.

So now i'm in the predicament - do i have... Read more

Answer:Malware guide completed, but still an AV8 problem

Yes, you need to do the scans all over again. Attach those even if they don't show anything. Be sure you have updated the programs before you use them ( SAS and MBAM ).
 

7 more replies
Relevance 100.86%

I was thrilled when I found MajorGeeks, because of all the excellent help you give. Thanks in advance.

The problem I'm having is that there are random I.E. popups, the virtual memory is always low, and internet explorer is working poorly. And basically, I'm concerned I will lose my data.

I recently noticed that there are 2 links on my desktop that I never placed there. One is called "windows update" and the other on is "help and support center." Both are linked to the website storageprotector.com. Everytime I delete them, they reappear, but now they are reappearing with no icon picture.

I ran AVG Anti Virus Free Edition, before and after the "READ AND RUN ME FIRST" and both times I got the following errors:

AVG Anti-virus Test Result:

OBJECT:
Partition table (MBR)
Boot Sector of disk C:
C:\Windows\system32\Kernel32.dll
C:\Windows\system32\wsock32.dll
C:\Windows\system32\user32.dll
C:\Windows\system32\shell32.dll
C:\Windows\system32\ntoskrnl.exe
C:\Windows\system32\drivers\etc\hosts

For all of the above, the result is a ?reading error?

OBJECT:
C:\

For the above object, the result was ?cannot open; not checked!?

While I was following the directions of "READ AND RUN ME FIRST" I ran into the following issues:
-I couldn't complete the scan with Spybot, because I received multiple errors saying virtual memory was low. I then ran Spybot after AVG Anti-Spyware and received an er... Read more

Answer:Completed "READ AND RUN ME FIRST", but computer is still misbehaving!

Welcome to Major Geeks!





ds11com said:





the virtual memory is always lowClick to expand...

Normally not a malware issue. This would be a topic for the Software Forum but you can try the below first.

When your system is low on virtual memory, allow Windows to automatically manage the virtual memory. In Windows XP, follow the below instructions:

Click Start, then open the Control Panel.
If you have your system set for Category View
then click Performance and Maintenance, and then double click System.

If you were in Classic View just double click System.
Now on the System Properties form, click the Advanced tab.
Under the Performance area, click Settings button.
On the Performance Options form, click the Advanced tab.
Under the Virtual memory area, click the Change button
Now on the Virtual Memory form under Drive [Volume Label], click the drive that contains the Paging File Size (virtual memory) settings that you need to change. In most cases, this will be your C drive. It will also normally be already selected by default.
Click to select the System managed size option, then clickthe Set button.
Click OK three times and restart your computer.




ds11com said:





AVG Anti-virus Test Result:

OBJECT:
Partition table (MBR)
Boot Sector of disk C:
C:\Windows\system32\Kernel32.dll
C:\Windows\system32\wsock32.dll
C:\Windows\system32\user32.dll
C:\Windows\system32\shell32.dll
C:\Windows\system32\nto... Read more

9 more replies
Relevance 100.45%

Additionally the new tab that pops open has a text box that opens:

"Critical Security Warning!

Your PC may have been infected with a malicious virus due to recent internet activities."

etc etc
 

Answer:"ADs by info", Malware Removal Request

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 100.45%

I am trying to clean my mother-in-law's computer of viruses, malware, etc. She has no antivirus program, firewall, etc, running. I found and removed cyber security using Superantispyware. The next day I installed Avast antivirus and ran that scan at the same time as a second SAS scan was running. Avast found a virus but when I tried to quarenteen or remove it, the program would say that it could not remove the virus because the file could not be found. I have no idea what file it is talking about. It does however keep popping up with the virus warning, but always the same results. The SAS scan froze. When I restart the computer get a blue screen that says "A problem has been detected and Windows has been shut down..." I restarted the computer many times and get this same message when trying to start in safe mode, last known good configuration, and start windows normally. So, now that is as far as the computer goes. Cannot get past the blue shut down screen. I could really use help as she is counting on me to fix this!!!

Dell desktop (old one)
Windows XP
 

Answer:"...windows has been shut down..."after malware removal. Help!

It's possible that when running both scans at the same time, some system files were deemed infected/corrupted and removed.....possibly by Avast.

Try doing this:
How to recover from a corrupt registry.
 

4 more replies
Relevance 100.45%

I can connect to my router/modem wirelessly and via ethernet cable, i can connect a go into my router change setting from my router but it wont load any websites, and my msn won't log mi in. its NOT the router/modem. other computers including this one can connect without any problems. And my computer that cant connect also cant go online connected to other wireless connections.

any ideas how i can fix this?
 

Answer:I have no internet after malware removal with "StopZilla!"

Maybe this can Help, http://www.ezlan.net/clean.html#refreshnet
 

1 more replies
Relevance 100.45%

Hey all,
I've been here before and have heeded all warnings and advice but somehow got a program called Disk Repair on my computer. I have no idea how or when but it pops up windows that say disk space full or disconnected or no ram or a number of other messages that are constant. From what I can find, it is a trojan and also keylogger!!!! Bad news!
I am not typing this from that computer as I have disconnected it from the internet.
I was going to just run the Read & Run Me First stuff but believe someone said to not do that without contacting someone here first.
Doing so in the past has always turned out favorably and hopefully will again.

Thanks. Awaiting any and all help
Paul
 

Answer:"Disk Repair" malware removal help

Hello!

Yes, do go ahead and run the procedures which I will link to below for reference.

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.


After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and inf... Read more

1 more replies
Relevance 100.45%

Hi,

I have a dialer pop up regularly when I am using the browser (both Firefox and IE). The dialer is called "ENTER".

I have followed the instructions and I have all the logs.

If I can get some help that would be much appreciated.

jordi
 

Answer:Malware removal help "Enter" dialer

and here is the HJT log
 

7 more replies
Relevance 100.45%

Hope I dont offend anyone with the subject title of this post. I firmly believe the best resources on the internet are websites just like this one and the people that communicate through these forums.

But for anyone else who works in a corporate setting I'm sure you understand how important accountability is.

What im looking for, are resources from credible sites (is, us-cert, microsoft, eset, etc) that specify a 'best practises' for malware removal. I'm looking specifically for something that mentions the value of scanning a system either in Safe Mode, or a PE environment. This is something I almost always do and have done for years. I have friends who basically make a living cleaning this crap out (guys who own Nerds On Site franchises, local shops etc) and there advice is the same.

Again the reason I ask, is you can't really point to forums or newsgroups because ultimately there really is no 'accountability' and its too easy for someone who doesnt know any better to totally discredit them as a legit resource.

Any help greatly appreciated.

TIA...
 

Answer:Looking for "official" best practises on malware removal

The below is what we consider the best practice. If companies like McAfee and Symantec wrote up a procedure you would be using their tools and procedures to try and remove malware which they do not properly do. That is the reason this forum and others like it exist. Much of the malware that exists now requires special tools and frequently additional manual steps to fully remove. While scanning in safe mode is sometimes helpful and use a PE environment can also be useful in some cases, but they will very frequently not be as effective as the below and the manual steps that follow.





Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the sc... Read more

2 more replies
Relevance 100.45%

I've gone through all the steps as instructed. Before coming to the forum, an Avast scan found 2-3 Trojans which were all sent to the chest and then subsequently deleted per the instructions in this forum.

I'm Running XP Pro with the latest updates and SP's.

I've attached the SuperAntiSpyware log which I believe found false positives. I don't believe those two files mentioned in the log are trojans but I deleted them anyway.

MBAM & Spybot found nothing. Mbam log is attached.

Combo Fix log attached.

With a max of 3 attachments, I uploaded MGlog.zip Here.

If I got everything, I still have a few problems. The main problem is my Start>All Programs Directory is empty. The programs are installed. Is there a way to rebuild this beyond manually adding shortcuts for all my programs? And I'm not even sure how to do that for things like the Accessories and the programs that come with XP.

Beyond that, I've got a Skype Error that pops up when I reboot. "Exception EFCreatedError in module SkypePM.exe at 00021cf9". When I try updating Skype, it finds a new version but it won't install saying it can't write to disk which may be full. Actually, there are 20gb on the disk and it's not giving me the option to choose another disk (I've got three on the machine). I'm sure I can sort this out with Skype but am mentioning this since this only started happening with this malware incident.

Thanks in advance ... Read more

Answer:"All Programs" empty after malware removal

Re: "All Programs" found now - But is my system clean?

Ok, found all the programs. They were hidden and now I've restored them.

Please let me know if my logs indicate I'm malware free.

All the best,

Bill
 

2 more replies
Relevance 100.04%

Hi,

Originally posted in the software form and they said to do this first.

Have Vista 64Bit and friend logged on and d/led a file from a friend which turned out to be Koobface..... Ran some standard removals which clearly didn't work and computer loves to shut down at around 10am every day.

Have completed the SAS, MBam and MGLogs but not other two as 64 Bit.

I have posted SAS as small and just attached the other two logs.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/17/2010 at 04:06 PM

Application Version : 4.41.1000

Core Rules Database Version : 5365
Trace Rules Database Version: 3177

Scan type : Complete Scan
Total Scan Time : 03:56:33

Memory items scanned : 595
Memory threats detected : 0
Registry items scanned : 16887
Registry threats detected : 0
File items scanned : 92069
File threats detected : 1

Trojan.Vundo-Variant/F
C:\WINDOWS\SYSWOW64\AVSREDIRECT.DLL

Thanks for any help.
 

Answer:Malware Guide completed - Logs attached

AVG Free 8.5 <--- This is outdated, after we have finished here you can upgrade if you like to the latest version, or opt for something else instead, but first let's finish here first.

You have Teatimer running, which could block any fixes we try to implement.

How to disable Spybot's TeaTimer

Please go to Add/Remove programs and uninstall the following software:


J2SE Runtime Environment 5.0 Update 11
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Spyware Doctor 7.0 <--- If this is just a trial which is useless and won't fix anything anyway then please uninstall it.


Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:





O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - (no file)
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)Click to expand...

After clicking Fix exit HJT.

Download and run OT... Read more

6 more replies
Relevance 99.63%

I'm trying to help a friend out. It first started with the fake DHL tracking number e-mail that installed a trojan rootkit. After that the computer would only boot into safe mode. After running the SAS and Anty-Malware I could get the computer to run into normal mode, but continued anyway just to make sure the computer was free from all malware. Right now it won't boot into normal mode, and when I try to boot into safe mode I have to kill the explorer and run it again to get the computer to work.

I'm attaching the logs hoping someone can help me out.

Thanks in advance
 

Answer:Problem with malware after going thru "READ & RUN ME FIRST"

Please also download MBRCheck to your desktop

Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
It will show a Black screen with some information that will contain either the below line if no problem is found:
Done! Press ENTER to exit...

Or you will see more information like below if a problem is found:
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )

 

6 more replies
Relevance 99.63%

hello,I am following instructions as I think I am infected. So I downloaded free avg.after this, the directions say, "Do a full system scan and remove or quarantine everything found."Can you pls explain this-how to do it?And also how I check that avg is installed, and that I only have one.[I did check and I have windows pack 3.]thank youadded: to give more info:I did go to add/remove programs and did not find any programs on the malware list, did not see anything that doesn't seem to belong.I have what seems to be a "windows Security alert" says I have viruses.

Answer:? re "read this before removing malware"

Hi there.  I am assuming you have avg 9.0.  Look for the system tray icon of avg.  [if you can't find it start>all programs> avg 9.0> user interface] Right-click and "open AVG user interface".On the left click on update now.When the updates are download, on the left click on computer scanner, and then click on scan whole computer.Then continue with the instructions by EvilFantasy.Hope your computer gets fixed soonTwo-Eyes %

6 more replies
Relevance 99.63%

my wall paper is white and right clicking on it and selecting properties comes up with "Internet Explorer Properties"

my intial problems started with clicking an active-x add on.

issues included:

- malwarrior 2008 pop ups

- blue wallpaper with msg: "Warning Spyware detected on your computer: Install an antivirus or Spyware remover to clean computer"

- "adware.W32.Spyshredder was detected" msg

- task manager disabled

- roches eating screensaver

- "Not found: c:/windows?privacy_danger/index.htm Make sure path or internet address is correct" msg

- Windows script host msg: Could not find c:\Documents & Settings\local settings\temp\ttF.tmp.Vbs



my logs are attached.

any help will be much appreciated.
 

Answer:Done "Read & Run Me First" to remove Malware... all seems better except

here's the combo fix log
 

11 more replies
Relevance 99.63%

I've run all the steps that I could, though I've run into a few problems. Malwarebytes, for example, every time it says it removed the virus, if you run the scan again after the restart, the same viruses are still detected. Also, I was unable to run RootRepeal after getting an odd error that said: "FOPS-DeviceIoControlError." I also wasn't able to download ComboFix since I wasn't even able to visit the site. Whatever virus I have blocks me from visiting several computer-help sites such as "geekstogo.com" etc. So I'll upload the logs that I've gotten from the other scanners. Hopefully, you guys can find a way to help me rid my laptop of my viruses. It's getting very annoying. Thanks. Let me know if you need me to post any more information.

I also have personal information on this computer; I've been sort of worried that these viruses can steal my personal information... Any help would be greatly appreciated. Thanks
 

Answer:Followed "READ ME FIRST" Thread and still Malware

Welcome to Major Geeks!

Why are you running this PC with NO protection? And why haven't you updated Vista? You are running original Vista with no Service Pack Updates. The above two items are major security issues. Is it because your copy of Vista is illegal as indicated by this "Vista x86 OneClick Activator" that you have installed? You need to read the below:

Warning about Porn, Keygens, Cracks, and other Illegal Software

And you need to get a valid legal license for Vista if you wish to continue using it and to get any further support. You have a rootkit malware infection which has easily been able to infect your outdate copy of Windows that is running with no protection. Please post back after you have spoken to Microsoft and obtain a valid license and removed the above illegal activator.
 

3 more replies
Relevance 98.81%

all steps gone through but the Avast still said that my pc infected... so frustrated..

here is the Avast log:
16/2/2009 2:35:20 Owner 3428 Sign of "Win32:Lnkget [Trj]" has been found in "C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{B64601B3-EDEF-4BA5-A996-3378C60F1B41}\Microsoft\Outlook Express\???.dbx\--75-----s------.---------n---p------ .eml#75206768\Maple0024.lnk#299109066" file.
16/2/2009 6:48:36 Owner 3428 Sign of "Win32:Lnkget [Trj]" has been found in "C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{B64601B3-EDEF-4BA5-A996-3378C60F1B41}\Microsoft\Outlook Express\???.dbx\2--3--9-L---------A-----X---------- -L-------L--.eml#96719264\?€?????lnk#1195204900" file.
17/2/2009 0:15:57 Owner 3452 Sign of "Win32:Lnkget [Trj]" has been found in "C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{B64601B3-EDEF-4BA5-A996-3378C60F1B41}\Microsoft\Outlook Express\???.dbx\2--3--9-L---------A-----X---------- -L-------L--.eml#96719264\?€?????lnk#1195204900" file.
21/2/2009 19:05:39 Administrator 1904 Sign of "Win32:Lnkget [Trj]" has been found in "C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{B64601B3-EDEF-4BA5-A996-3378C60F1B41}\Microsoft\Outlook Express\???.dbx\2--3--9-L---------A-----X---------- -L-------L--.eml#96719264\?€?????lnk#1195204900"... Read more

Answer:I have completed "READ & RUN ME FIRST Before Asking for Support"

You need to attach the logs from Malwarebytes and MGtools; however read the below notes:
The C:\Qoobox\Quarantine folder is a quarantine folder for ComboFix and is not a problem.
The SYSTEM VOLUME INFORMATION folder is System Restore and can only be removed by toggling System Restore off and then back on which we do not do until all malware has been fixed.
Things in your Outlook Express email databases have to be fixed by you by cleaning up the junk in your email folders.

 

10 more replies
Relevance 98.81%

Hello

It started a week ago when a friend wondered why I had sent him an email about Viagra... I didn't..

Now, randomly, when I open my firefox I get redirected, almost all the time when I close the "hacked" webpage, my browser crashes and I have to restart it.

I do have Facebook and if I only use it for my friend list and "farmville", I have read that malware like "Zango" had been uploaded from their website without consent.. (found during my scan, see attached log).

Now, when I was doing the "noobie" steps before I could post, I ran into a problem, I cannot disable or deinstall my AVG (version9), it won't let me, I am going to attach the detail message it gives me to this message "avg.txt".

ALSO! I wasn't able to run Combofix because of the above problem, I can't turn my antivirus off or deinstall it, it said it was not wise to run Combofix with the AV running so I didn't.

I get redirected to website like "questbooster.com", will add more websites as I remember them or see them.

MSconfig was already set to Normal Startup mode.
I did the house cleaning (didn't find anything weird, did get rid of a bunch of old programs I don't use though).
First scan did find something in the registry.


Thank you in advance for giving me a hand here.
 

Answer:Browser Redirection - "read me" post steps done

Thats what I get when I try to deinstall or reinstall AVG

Local machine: installation failed
Installation:
Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....
Access is denied.
 

6 more replies
Relevance 98.4%

This program called "Save! on" has showed up on my computer. It creates an extension in my Google Chrome browser that places ads on every website that I visit. Disabling/deleting the extension doesn't solve the problem. I've also tried uninstalling the "Save! on" software from my computer, but the problem still persists. I ran a FRST scan on my computer and have attached the logs. Someone please help! Thanks sooo much.
 

Answer:"Save! on" malware removal

Hi,

Before we begin, I want you to have this in mind:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like ever... Read more

3 more replies
Relevance 98.4%

Hi all,

I've been a member of this forum for a month or so, and you guys have really helped me. I wanted to give something back and improve my computing knowledge.

The sticky was a bit vague - contact a moderator.

1) How do i contact a mod?
2) How long does the 'training' take?
3) Are there any requirements to becoming authorised, and if so, do I meet them?
4) Is the 'training' a straight course you follow, or do you spend sessions with other people, or what?

Thanks,

Nappymonster
 

Answer:How do I "Get trained up?" in malware removal?

bump
 

1 more replies
Relevance 98.4%

I have completed the steps in the Malware Removal Guide. I believe everything is running normal. I just need some confirmation from someone with more expertise.

This is not my computer so I do not know what allowed this attack. My guess is user error and that is why I was called in. The computer system is Windows Vista Business edition i386 with McAfee. Obviously McAfee failed to stop the intrusion.

Please see the attached logs.
 

Answer:"Fun Web Products" Malware Removal

more logs
 

5 more replies
Relevance 97.58%

Hi everyone,
I ran all the steps for read and run me first and computer still crahing. I have a dell latitude d620 and running windows xp pro.
Any help would be so greatly appreciated.
Please see set of attached logs...
Thanks for your time,
-Kevin
 

Answer:Read and completed "read run me first" and still having issues, please help

Sorry forgot the sas log... please see attached
 

2 more replies
Relevance 97.58%

Hi there!
I diligently followed all the steps in "Read me First" but have come to an impasse when doing the final cleaning steps. I was able to run the SuperAntispyware scan, but can go no further. Even after renaming the .exe file for Malwarebytes, the program gets hung up when installing. The combofix will not run either.

I am pretty sure I have malware defense infection, as when I tried to update my AVG it told me to uninstall the malware defense first, but I cannot find it to uninstall it. My Spybot will not run, nor will the above programs. Any advice would be greatly appreciated!
Thanks in advance!
 

Answer:Unable to complete "Read me First" steps

Assistance please with malware. Logs attached.

I have attached logs from MGTools, ExeHelper, SAS, and AVPfind. I am unable to execute the cleaner files mentioned in "Read me First." Any help would greatly be appreciated!
Thank you,
Miki
 

17 more replies
Relevance 97.58%

Hello folks. Thank you in advance for any help you can provide.

About two days ago, I noticed that Firefox had significantly slowed down. Page loading is stalling, and scrolling down through pages is laggy for the first fifteen or so seconds after the page loads.

Searching through the search toolbar (via Google) up top ends up taking about 10 seconds to load, and when I click the results, I am either erroneously redirected to "google.com", or to what I assume to be dangerous sites ending in .org

This morning, as I began initiating all the scanning involved with the "Read Me" steps, my Spyware Doctor program had 2 popups which stated that it had blocked system events: RogueAntiSpyware.XpInternetSecurity2010, and RogueAntiSpyware.XPAntiSpyware.


I have run through all of the cleaning procedures, but still find that the trojan problems remain.

Thanks again for your help, and please let me know if you need further information.

-Trixie
 

Answer:Trojan remains after "Read Me" steps

Here is the mglogs file as well.
 

8 more replies