Computer Support Forum

Can't run any malware/virus scans on PC

Question: Can't run any malware/virus scans on PC

Hey Everyone

I am looking for a little direction. I am helping out a friend who was complaining that when he used IE 7 he had problems going to the sites after doing a search. I.e he would search on google see the hits and when he would click on the links it would take him to another site.

I ran Vundofix with no results. I have since tried SpyBot, Combofix, SuperAntiSpyWare, and Malwarebytes and none of them will run. Spybot and MalwareBytes install but will not come up. Combofix and Super will not even install.

The only things I can run are CCleaner and Windows Live Oncenter which did remove some trojans.

Any ideas on what to do? I have tried it in safe mode and have turned off the firewall just to make sure.

Thanks this has been very frustrating.

P

Relevance 100%
Preferred Solution: Can't run any malware/virus scans on PC

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Can't run any malware/virus scans on PC

Welcome to Major Geeks!

Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:
If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
Don't Bump! It Only Hurts You!!!

Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.

1 more replies
Relevance 71.34%

When I try to run a scan from usind AVG anti-virus, Avira, Windows Defender, or SuperAntiSpyware; when the scan gets to a certain point, Windows shuts computer down with a blue window. It says Kernel_Stack_ Inpage_ Error plus some standard verbage about if you recently installed sortware/hardware,see administrator, etc. At bottom it says: STOP: 0x00000077 (0x00000001, 0x00000000, 0x00000000, 0xF79B1D24). I could sometimes run AVG scan in "select drives/folders" mode but recently it quit allowing that after I upgrade to AVG 9 (free). I uninstalled AVG and went to Avira but with same results. Scanning with Windows defender did the same. I recently installed and ran SuperAntiSpyware and was able to pinpoint problem to " System Volume Information" directory. I am unable to open to see contents as Windows shows no files in it. When I ask Ariva to scan it, Ariva says no files also but if I use AntiSpyware to scan, it shows many files during it's scan but will get to a certain point and computer will shut down. I can almost see file that shuts it down but it happens too fast to catch it. I was able to run "RootRepeal" and log is below. I was not able to run "DDS.scr".

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/30 13:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepe... Read more

Answer:Unknown malware/virus won't let any anti-virus/windows defender/malware removal progran to complete scans

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

23 more replies
Relevance 67.24%

I have scanned with AVG with the latest updates. On top of that insidious google redirect I get random pop ups even when I don't already have IE or Firefox running. Also getting sounds in the background like I'm clicking on a link, surfing the net when I'm not. And SYSTEM in task manager is hogging a ton of memory.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:52:42 PM, on 8/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeC:\... Read more

Answer:persistent malware undetected by virus scans and malware removal tools

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

2 more replies
Relevance 64.37%

There's something fishy going on with my computer-the "shut down" button is gone from the "Start" menu and the task manager has been disabled.  After doing all the steps listed in the Malware Removal Post by evilfantasy, the task manager is now available, but the "shut down" button is still missing from the "Start" menu.  Attached are the logs from SUPER Antispy, Malwarebytes' Anti-Malware, and HJT.  Thanks for everything, please advise if I need to do anything else!!  [attachment deleted by admin]

Answer:Virus/Malware Scans

You have Viewpoint installed.Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".More information: ViewMgr.exe - UselessViewpoint To Track Browsing, Serve AdsViewpoint to Plunge Into AdwareIt is suggested to remove the program now.Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present. Viewpoint Viewpoint Manager Viewpoint Media Player Viewpoint Toolbar Viewpoint Experience Technology.----------Before you begin the SDFix instructions you should copy these instructions in a Notepad file and save them to your desktop or print them for easy reference. Much of SDFix will be done in Safe mode and you will be unable to access this web page after booting into Safe mode.Download SDFix by AndyManchesta and save it to your desktop.When using this tool, you must use the Administrator's account or an account with Administrative rightsNow, double-click on the SDFix icon that should now be residing on your      desktop. If a Open File - Security Warning box opens, click      on the Run button.A window will now open showing SDFix being extracted into the C:\SDFix folder.      Once the installation program has finished extracting SDFix, it will open      a Notepad with further instructions.DO NOT use it just yet.Reboot your computer in Safe ... Read more

1 more replies
Relevance 64.37%

There is a virus on my computer. A new icon appeared in my taskbar (looks white with a vivid green dot in the middle). It calls itself 'Antivirus software' but its definitely fishy. it tries to run scans of my pc without asking me. when i click on the icon, it opens something called antivirus software, but on the taskbar it's called 'antivirus software demo'. a windows security alert bubble appears every 5 seconds telling me i.e my wuautlc.exe is infected (amongst many others). It wont let me turn on a scan from my antivirus (PandaCloud) or antimalware scan (Malwarebytes). It opens Internet explorer pages every 10minutes (eventhough i always use Firefox). Theres a small window opening on the bottom right of my screen every 5 minutes telling me my pc is infected, and then asks me to purchase this 'Antivirus software'. and Every 10minutes a main window opens in the middle of my screen telling the same.

I tried opening my pc on SafeMode with Networking. I cant use PandaCloud from there. I can use Malwarebytes but on SafeMode my computer turns off by itself after a few minutes.

I hope you know what I am referring to and you will be able to help! Thanks!
 

More replies
Relevance 63.55%

Hello,

Thank you in advance for your help. My name is Chris. I am attempting to fix and clean my friends computer, however it is giving me some problems. The hijack, dds, and attach logs are posted below. This is a 64bit system so I didn't do the other scan. And by the way, If all you want to view is the logs just scroll to the part where you see a row of smiley's and thumbs up. The Hijack log starts immediately after. You may see a log before the row of smileys but thats a malwarebytes log that I posted during the explanation of the steps I have taken so far. The first few paragraph's is me rambling on about what I've done so far, and you probably don't even need to know hence is why you ask people to copy the 3-4 logs in their postings, but it makes me feel better that I explained it lol.

I would consider myself to be above average when it comes to removing viruses, malware, etc..When I first got the laptop in my possession it booted right up and the first error message I got, after windows had already started, was something like this:

error: c:/users/jameson/appdata/local/easybits/hjpasmpe.dll missing entry: register change callback

I'm not sure if this has something to do with the virus or if my friend ran a spyware program that deleted a necessary registry file by accident. I first established a network connection which said I was connected to the Internet but could not access the web with any browser installed on the pc. I checked to s... Read more

Answer:FBI Virus / other malware - ALL SCANS POSTED

51 views but no replys must mean this laptop is all jacked up lol. Here is an update.....

I was finally able to download AVG 2013 Free and installed the complete protection trial for 30 days to make sure it would catch everything possible. I ran the scan overnight and this morning I checked it and saw something I've never seen before. This pc has to be bad off ....

The AVG detected 40 something trogjans and multiple corrupted executable files which it says it fixed. However, it couldn't fix an infected rootkit that reads - Rootkit.TDSS.TDL4 (Master Boot Record) and it couldn't fix multiple anti-rootkits that read - IRP hook, \Driver\iaStor IRP_MJ_CLOSE-> 0xFFFFFA800529274C. The other ones like that all start the same but instead of where it says "CLOSE" in the one above the others say "SET_SECURITY" "SHUTDOWN" "SYSTEM_CONTROL" "WRITE"

I'm assuming this pc is infected with multiple viruses and has been for some time now. The guy who owned this pc lives on campus at a large university and he said many people used his computer for the last few years. I would like to post the log but I don't want to do anything right now with the AVG because I don't want to remove all the TROJANS it found for a good reason. (PLEASE READ THIS PART IF YOU ARE THE VOLUNTEER THAT IS GOING TO HELP ME.)

In the 40 something Trojans AVG found some of them seem like ok files associated with ok programs. One of the fil... Read more

2 more replies
Relevance 63.55%

Hey, I?m really stuck on a problem and I hope someone can help me.

A few days ago, my AVG Free informed me that a virus had been found, so I performed a full system scan. Unfortunately, the scan froze a few minutes after it began, and I had to terminate the program because it wasn?t responding. Then I ran Spybot and AdAware. AdAware ran for about 5 minutes, picking up 2 critical objects, and then also decided to freeze. With Spybot, the scan was ridiculously slow, but was still scanning at least. Then, after 5 hours, it too decided to freeze. I ran these programs again, thinking I could pause or stop the scan after an infection was found and try and remove it there and then, but I couldn?t, because it would just freeze as soon as I hit pause and/or stop. They don?t all freeze at the same point either, in case that matters (though both AVG, McAfee Stinger and McAfee Online froze at "activeskin.ocx").

Then I ran Trend Micro Housecall, Ewido, Panda, and a-squared online scanners. All these programs, after scanning through a few files, would freeze and become unresponsive. No error messages or anything. I downloaded the Ewido Anti-Spyware software, which did the same thing. There was definitely some sort of pattern emerging here.

I thought perhaps there were inconsistencies in my hard drive that were causing problems in the scan, so I ran chkdsk, which told me everything was fine.

Now before some of these programs froze, they picked up a few things. Trend Micro pi... Read more

Answer:Have Virus But All Malware Scans Freeze

Hi,with these problems i think your best bet is to submit a Hjt log to the forum and let one of the experts look over it and working together you can sort this out.If you need a link as to what to do.... click this....Preparation Guide if you scroll down this link it will tell you exactly what to do.Please remember..... once you submit a Hjt log...... please do not alter anything or try to change anything on your computer. (as this could well change your log)Good luck.

1 more replies
Relevance 63.55%

What are the best scans I can preform to make sure my computer is virus/malaware free?Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum.~ Animal

Answer:Best free virus/malware scans?

Just like with anti-virus programs...there is no universal "one size fits all" solution that works for everyone and there is no single best anti-malware solution to supplement your existing security protection. You may need to experiment and find the most suitable combination for your needs.
Please see: Supplementing your Anti-Virus Program with Anti-Malware Tools
 
List of Free Scan & Disinfection Tools which can be used to supplement your anti-virus and anti-spyware or get a second opinion:
Malwarebytes Anti-Malware
SUPERAntiSypware Free
Kaspersky Virus Removal Tool
Sophos Virus Removal Tool
ESET Rogue Applications (ERA) Remover - How do I use the ESET Rogue Application Remover (ERAR)
Panda Cloud Cleaner - How to disinfect computer with Panda Cloud Cleaner
Dr.Web CureIt
Hitman Pro
HitmanPro.Kickstart
SecureAPlus Freemium <- comes with a one-year free user license
MicroWorld eScan AntiVirus Toolkit (MWAV)
Microsoft Safety Scanner
Norman Malware Cleaner
Windows Defender Offline
McAfee Labs Stinger Tool
Trend Micro Fake Antivirus (FakeAV) Removal Tool
Trend Micro System Cleaner
VIPRE Rescue
Note: Many of these tools are stand-alone applications contained within zipped files...meaning they require no installation so after extraction, they can be copied to and run from usb drives.
You can always supplement your anti-virus or get a second opinion by performing an Online Virus Scan. ESET is one of the more effective online scanners.Not so Free malware scanning/removal ... Read more

1 more replies
Relevance 63.55%

New to this but anyway, I have successfully removed stuff and junk from the old box but this one has me stumped. I have scanned with Malwarebytes, Spybot, Adware and Avast and nothing is recognizing that I have something going on. Hit a site yesterday that wanted to "scan" my computer. Avast caught it right way but when I hit "Abort Connection" it started to do it's little trick anyway, defeating my Avast and disabling the resident Scanner. Before writing down any info (like a rookie) I panicked and Xed out of Firefox. This morning when I went to take it out of Stand By it was froze. So I reluctantly rebooted and went strait to the Scanners above. All four of them said "No Prob" "0" infected files.

Still can execute in Safe Mode but the system completely freezes up after about 2 min of use in normal mode causing me to reboot. So what the hell do I do now. Hopefully you say, "Back up all your stuff and Buy another computer "

I run my own business and don't have a lot of time to mess with this and if it's going to cost $100+ to send it in, then I may as well just spend the few extra $100 to get a new tower. I know that is a little dramatic but as you can see I'm a little worried.

"Give me, give me. I need, I need" Bill Murray, What about Bob

Thanks

Bob

Answer:virus/malware not showing up on scans

It ended up being my registry. I downloaded "Free Windows Registry Repair" and it did the trick. I also went to Window Safety Check and did a scan

1 more replies
Relevance 63.55%

...should you always be in safe mode?
...how about an online scan...possible to do so in safe-mode and go online?
thanks...
 

Answer:when doing scans for virus' and spyware, malware, etc..

answered my own question...safe mode + networking = yes.

 

1 more replies
Relevance 63.14%

I noticed yesterday that my computer was running slow and a huge % of the processor was being used when nothing much was happening. When I tried running my audio program (cubase) the computer really struggled and the sound was breaking up. I closed the program and did a few searches to identify the problem. The first response was to do a virus/malware check, so I did, but my computer just started shutting down about 1/3 of the way through the check. It will start up again OK, but if I try another scan it closes down.
 
Firstly, I restored my system to point around 10 days ago when everything was running OK, but the scan problem still prevailed.
 
I then did a disk cleanup, and deleted temp files, temp internet files, program downloads, and the recycle bin. Problem was still there.
 
I then attempted a disk error check, however the computer shut down half way through this process as well.
 
I am really stuck as to what to try next. I have no idea if this is a hardware or software/virus issue. My computer will start up and run for a while, but then the Processor use gets very high again, and it's impossible to run most programs. It will then automatically power down.
 
Any help or advice would be much appreciated.
 
James
 
I have included some specs below:
 
Intel i3 processor
4GB RAM
1TB HDD C: 320GB with OS E: file storage
Windows 7 Ultimate
Avast Free Home antivirus
 
 

Answer:PC shutting down when running virus or malware scans

I then attempted a disk error check, however the computer shut down half way through this process as well.
Use this method, and if it fails
 Run a Disk Check on your C: drive in Windows Vista or Windws 7:
 •Click the Start ORB and select Computer
•Right-click on C:(or your main HDD letter) and select Properties
•Click on the Tools tab
•Under Error-checking click the Check Now... button and click Continue at the User Account Control prompt
•Mark the 2 boxes next to Automatically fix file system errors and Scan for and attempt recovery of bad sectors
•Click on the Start button
•When the message box pops up, click the Schedule disk check button and Restart your computer
•Once your computer restarts it will check the drive, don't press any keys so that it is allowed to do so
This will take (on average) 1 to 2 hours, so please let it finish.
Do not force a reboot while the check is running, as this may damage data -
 
Thank You -

18 more replies
Relevance 63.14%

May be a lost cause fellas... my main symptom is I'm getting Google redirects

DL'd Malwarebytes, wont run even after renaming
AVG wont scan
Mcaffe Stinger wont run
I think I'm hosed here nothing works in safe mode either.


The last time AVG ran succesfuly it found a few things and deleted them.. thats the last issue I had. I'm at work right now if someone can throw out some suggestions I'll try when I get home. Thanks in advance
 

Answer:Google redirects and cannot run virus/malware scans!

Guys, close this thread out.. I ended up having to do a fresh install of Windows as computer stopped booting up

Sorry to bug you looks pretty busy here LOL
 

2 more replies
Relevance 63.14%

Recently, my computer ran its automatic scan and froze about 30% through the McAfee scan. I've tried Malwarebytes and others as well, all of which freeze on the same file. It is a long string file in the sandbox folder and is allegedly a windows file (looked up online seems to verify this).

My computer has generally run fine despite the antivirus freeze, but I'm concerned that my computer may be infected. Java has ceased automatic updates and also, the CPU usage has been through the roof. Does anyone have any ideas?

Thanks,
SDRTR

Answer:Virus/Malware Scans freezing on same file

Hello,I will be helping you with your problemsSome points for you to keep in mind while I am helping you to make things go easier and faster for both of us Please do NOT run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post. Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process. Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send ... Read more

1 more replies
Relevance 63.14%

I recently had an update notice from Microsoft. Once uodated I had IE8 . Before updateing I had run an MBAM scan due to a false anti-virus I think it was Anti-Virus PRO. I have the scan log if need to verify what was detected. I have tried to run MBAM & SAS in both normal & safe mode, recevied the error on the subject line for MBAM. SAS just says will report error & asks for my email. I can not stay on IE without encountering a problem and shutting down. Not even wmp stays on always encounters error & shuts down. Was able to run BitDefender Antivirus 2008 nothing detected.PC details:HP 873nXP Media Center Edition Ver. 2002 Service Pack 3Pentium 4 2.53GHz1.50GB RAMTask Manager shows 40 processes running have noticed multipule duplicate processesName User Countsvchost.exe System 4svchost.exe Network Service 2svchost.exe Local Service 2Here is the HJT logAny help is greatly appreciated.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:09:54 PM, on 6/6/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\... Read more

Answer:Unknown virus can not run any Anti-Malware scans

Hello, plox3.My name is aommaster and I will be helping you with your log.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.ThanksAlso, you may want to consider tracking this topic by either adding it to your favourites or clicking the Options button at the top of this thread.Please note that I am in the process of my training so it may take a while for me to get back to you, as each of my fixes need to be checked by a coach first.Download random's system information tool (RSIT) by random/random and save it to your desktop.Double click on RSIT.exe.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)In your next reply, please include the following:RSIT Log

29 more replies
Relevance 63.14%

Hey there,

My computer is older than dirt, so I don't expect great performance from it. However, it is running much, much slower than it should. I am also now getting popups that read similar to "System alert! Stop! Windows REQUIRES IMMEDIATE ATTENTION. CRITICAL ERRORS. Go to www.fix64.com" I get these pop ups when I do not have IE open. (No, I am not using Mozilla because my computer doesn't seem to like it.) Because my computer is old and a new on is one the way, I do not intend to put any more money into this one for the high dollar spyware protection that you can buy at the store. I have to make do with the quick fixes that I can. I have run Asquared malware removal, and the most it found was some tracking cookies. AVG anti virus comes up with nothing. I ran a registry cleaner and got rid of some stuff, but none of it looked threatening.
Is it possible that a virus or malware is hiding somewhere that the scans can't see? I am afraid to shop online or do online banking for fear some other eyes are watching.
I am running WinXP on IE6 with a DSL connection.

Here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 11:18:48 PM, on 9/8/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System3... Read more

Answer:Virus/Malware hiding from scans? Log included...HELP

16 more replies
Relevance 63.14%

Hi, I've been having some problems with my computer ever since I got some alerts from Norton internet security that intrusion attempts had been made.
 
For example when I go to the hotmail log in page in IE8 there is just a blank white screen, and youtube videos just show as a black box. Other web sites have similar problems. My broadband speed has also become very slow, at only 0.19 mbps when it should be at least 2 mbps (although this might not be related, could be a separate fault on the phone line). I have also noticed that software I've installed recently is not listed in the add/remove programs list in the control panel, so I can't uninstall it.
 
I have Norton internet security running with live update, I have Spywareblaster installed, and I have run scans with AdAware, Malwarebytes Anti-Malware, Super Antispyware, Windows Defender, and online virus scanners from Panda, trend micro housecall, ESET, Kaspersky and probably some others I've forgotten now!
 
None of the scans have found anything except some tracking cookies, so what can I do now? Should I do a Hijack this log or some other advanced stuff? Could someone guide me through what to do?
 
The computer is an old desktop with Intel pentium 4 3.06Ghz CPU, 512mb RAM and Windows XP with SP3. 
 
Thanks for your help 

Answer:Think I'm infected, but virus/malware scans not finding anything

Did you tried TDSSKiller?
 
 Running TDSSKiller to obtain log
 
Note: Don't cure or delete a threat, but choose skip for all instead.
Please download TDSSKiller from here and save it to your Desktop
Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

In the Additional options: Check Detect TDLFS file system
Click Start Scan and allow the scan process to run

Choose for all threats to Skip for all of them.
Click Continue
Please post the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)
===================================================

7 more replies
Relevance 62.32%

Hi, as the title state, i would like to request help as i feel i might have some kind of malware or virus recently because i noticed 2 changes :
* My PC is of course slower than usual (i didn't install any new programs and i still have sufficient space so those shouldn't be the problem)
* During gaming, my ping has weird spikes and is usually stable at a much higher value than the usual so i tried to check which device might be taking up bandwidth , even after blocking every single MAC address besides this PC i still had those ping spikes so i thought its most likely this PC itself which is running internet consuming programs.
Here are the logs and thanks in advance.
 

Answer:Not Sure If My Computer Has Some Virus Or Malware ( Did Scans And Logs Are Attached )

According to your RKlog, you have a keylogger on your system. Did you put it on?
 

11 more replies
Relevance 62.32%

i recently obtained a virus from idk where so i run avg many times but it cloeses half way through and the same with many other anti virus programs, i feel that its the malware defense virus, i ran a Hijack this log so i was hoping someone will interpurt it for me and tell me what to do...my computer is an HP pavilions desktop a1253w
 

More replies
Relevance 62.32%

Ran all suggested scans:
Adaware
Spybot
CCcleaner
WindowsAntiSpyware
Trendonline scan
All in safe mode with system restore disabled and connection unplugged.
Found and fixed many problems and viruses.
Still getting popups!!!!!!!!!
Heres my hijack this log:
Any help appreciated!


Edit by bjgarrick: Unrequested, Inline HJT log removed!

 

Answer:ran all suggested malware, spyware, virus scans - Still getting popups!!

Please download Spy Sweeper
Click the link above to download the program.
Install it. Once the program is installed, it will open.
It will prompt you to update to the latest definitions, click Yes.
Once the definitions are installed, click Options on the left side.
Click the Sweep Options tab.
Under What to Sweep please put a check next to the following:

Sweep Memory
Sweep Registry
Sweep Cookies
Sweep All User Accounts
Enable Direct Disk Sweeping
Sweep Contents of Compressed Files
Sweep for Rootkits
Please UNCHECK Do not Sweep System Restore Folder.

Click Sweep Now on the left side.
Click the Start button.
When it's done scanning, click the Next button.
Make sure everything has a check next to it, then click the Next button.
It will remove all of the items found.
Click Session Log in the upper right corner, copy everything in that window.
Click the Summary tab and click Finish.
Paste the contents of the session log you copied into notepad and save it as spysweeper.txt and attach it to your next post along with a fresh HJT log.

 

11 more replies
Relevance 62.32%

I obviously have a deep infection. After numerous attempts at scans and fixes by numerous programs, still no luck. I have a thread going in one of the other forums here, and I was advised by one of the techs to move it to this forum for more in depth assistance. To save typing, I will post the link to that thread, so you can see my symptoms and everything that has been tried as well as log files. http://www.bleepingcomputer.com/forums/topic364026.html

I have also attached a copy of the DDS log here in this current post.
 DDS.txt   9.79KB
  0 downloads

I hope I've given you all the info you need to help. If not, I will do my best to get you what you need. Thank you for your help.

**NOTE** while typing this post, using the infected PC, I received the blue screen of death 5 times. Wasnt doing anything but typing this. And then each time I obviously had to reboot, as soon as it got to my desktop, the blue screen shut me down again. Each blue screen mentioned the ldqgakb.sys file. You will see the full technical info in my thread posting. I had to finally boot into safe mode just to be able to type this.

Answer:Malware or virus infection preventing scans or fixes

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resu... Read more

3 more replies
Relevance 62.32%

Ok my Windows Server 2008 x64 the browser has been compromised every time i time to search for a page or if i directly type in a URL I get the following attachment named IE1.jpg
I have ran malwarebytes, NOD32 and Windows Defender to no avail. Please help below is also attached the HiJack this log.

Thank you in advance,

Brandon

Answer:Please Help, Browser Hijacked, Cannot pickup by virus malware scans

So I have ran just about every scan i could. I installed Firefox to see if it was just IE based but it is not Firefox is displaying the same thing. I cannot get to any online scanner because it redirects me.Hello brandonb138,We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.Thank you for understanding.Regards,The weatherman (Moderator)

3 more replies
Relevance 62.32%

I have been having problems with my computer for over a week. Everything works fine for about ten minutes, after that I will be bombarded with multiple google chrome windows opening constantly. When I try to type something in the search bar everything will start to flicker like I am constantly pressing the space bar and enter. This happens with my entire computer, If I click the windows start button random programs will start opening like skype. It renders my computer completely useless and I will be forced to restart, after the computer has restarted everything works fine again for a short period of time.
 
I have ran a multitude of malware scans with such programs as: Microsoft Security Essentials, Malwarebytes, Adware Cleaner, JRT. Everything will always show up clean.
 
I do not know what to do at this point. I NEED HELP!!! 

Answer:Cannot get rid of virus. Malware software scans show up clean.

Hello fadunka, my name is Jo and I will help you with your computer problems.Please follow these guidelines:Logs can take a while to research, so please be patient.Read and follow the instructions in the sequence they are posted.print or copy & save instructions.back up all your private data / important files on another (external) drive before using our tools.Do not install / uninstall any applications, unless otherwise instructed.Use only that tools you have been instructed to use.Copy and Paste the log files inside your post, unless otherwise instructed.Ask for clarification, if you have any questions. Stay with this topic til you get the all clean post.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.***1. Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.Vista / Windows 7/8 users right-click and select Run As Administrator.A Notepad document should open automatically called checkup.txt; please post the contents of that document.***2. Please download Farbar Recovery Scan Tool and save it to your Desktop.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.Right-click FRST / FSRT64... Read more

2 more replies
Relevance 62.32%

Good morning, I have run multiple virus scans and malware scans both in regular and safe mode and they run clean each time now after they found a couple of trojan viruses two days ago. The issue is that I am noticing a huge amount of web traffic even when I am not running anything on my end. When I run TCPView it shows many "hits" of ip's from Russia and other countries as well. What can I do to delete or change whatever is causing this and is not found by the antivirus/malware programs?Any help would be greatly appreciated!Thanks in advance, TimeBanditgfile of Trend Micro HijackThis v2.0.2Scan saved at 8:31:56 AM, on 8/29/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Apple\Mobile Device S... Read more

Answer:Hijack this file below: Virus scans and malware find nothing

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTL ReportPlease download OTL from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the sc... Read more

3 more replies
Relevance 61.5%

Hi guys and gals. I'm getting redirected on google and other search engines, to google then (or) to other websites. I tried malwarebytes, superanti-virus, and hijackthis but it will either not run at all, or it will only run for short time then it stops. I renamed those before downloading and it still wont run for long. After it stops and I click the icon it will then get something like "file not found, path way to ..." I even tried it in safe-mode, but it doesn't work.

Not sure if this helps, but rootrepeal ran:

ROOTREPEAL ? AD, 2007-2009
==================================================
Scan Start Time: 2009/08/25 21:14
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xF7560000 Size: 57344 File Visible: - Signed: -
Status: -

Name: Aavmker4.SYS
Image Path: C:\WINDOWS\System32\Drivers\Aavmker4.SYS
Address: 0xF7910000 Size: 19072 File Visible: No Signed: -
Status: -

Name: ABP480N5.SYS
Image Path: ABP480N5.SYS
Address: 0xF7808000 Size: 23552 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF7411000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: ACPIEC.sy... Read more

Answer:Google Redirect - virus scans and malware removals wont run

Try running the RootRepeal Files scan.

7 more replies
Relevance 61.5%

Hello! Thanks in advance for taking the time to listen to my proble.This all started when I received an email from my ISP giving a 1st Abuse warning that one of our devices was "...sending out spam attached emails.." so I began ensuring all PCs were up-to-date with windows updates and virus scans. When I attempted a Windows Update on this PC I received the error "Cannot display the page" after hitting either the "Express" or "Custom" button on the update site.AVG and Spybot S&D did not find anything during scans. I then downloaded and attempted to run Malwarebytes Anti-Malware which was going fine untill the system self rebooted half way throught. I now get a "Run-time error '0'" when I attempt to run Malware Bytes. I have followed the instructions on your site and unfortunately not been able to get RootRepeal to run. When it starts a screen saying "Initializing please wait.." comes up and stays up (I have tried overnight and for an hour). Task Manger reveals RootRepeal is using a constant 50% of CPU.Thanks for your help I look forward to hearing from you -larry __________________________________________________________________DDS (Ver_09-07-30.01) - NTFSx86 Run by Owner at 0:24:01.39 on Sun 20/09/2009Internet Explorer: 6.0.2900.2180Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1149 [GMT 10:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D... Read more

Answer:Infected with unknown virus/malware blocking scans and updates

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

20 more replies
Relevance 61.09%

Hi,I have been having problems with my web browser (firefox) crashing randomly and displaying some sites as a 1x1 pixellled jpeg. I'm not sure if it is related or not, but commonly this results in my laptop freezing and having to re-start.I was using Kaspersky as my antivirus but this showed nothing when performing full scans. I have since uninstalled this and am now using Trend Micro. Spybot found 2 trojans and removed them (I can't remember what they were called) but the problem still persists.My system restore points have mysteriously dissapeared too.I have tried using ESET online scanner but this crashes after getting around 3/4 of the way through and causes my system to restart.Following your sites advice before posting I downloaded and attempted to run the DDS tool, which after 5 mins or so told me the batch files could not be found.I had previously posted this in "am i infected, what should I do" and thanks to a prompt response from Garmanma I have now downloaded and run RSIT by random/random. I have pasted the log at the end of this message.I think I have covered all the problems that I have been having.Please contact me should you need further information.Eagerly awaiting your response.Mark Here is my RSIT log file;Logfile of random's system information tool 1.06 (written by random/random)Run by Mark at 2009-04-07 13:50:28Microsoft? Windows Vista? Home Premium Service Pack 1System drive C: has 13 GB (23%) free of 57 GBTotal RAM: 2037 MB (55% free)Logfile o... Read more

Answer:Vista crashes when performing virus scans/online virus scans

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

7 more replies
Relevance 61.09%

Hello ancient gods of computer wizardry, 
 
I your humble and lowly servant come to you with a problem. 
 
I've noticed my computer has been doing some erratic things lately. When in the login screen after starting up, the computer makes the login sound before I actually type anything in. That's my first indicator that something is wrong. 
 
Also, I recently downloaded the start.qon8 PUP and was able to get through step 1 of removing it. however, when I go to step 2 using the Junkware removal tool, I noticed that a few minutes into the scan, my computer freezes up. The whole thing. I can't move the mouse, CTRL ALT DEL doesnt work and I have to do a hard restart to get it working again. 
 
Crazy thing is, it's happening with other programs that scan my computer. Adaware, Malware bytes, AVG, Microsoft security essentials... They all freeze after a few minutes. I've noticed that it freezes when I get to C:\Windows\System32\drivers\ataport.sys
 
I think that having 3 different scanners freeze at this file indicates that this file may be corrupt, but I leave this up to you gentlemen (or ladies) to help me.  
This is beyond my capabilities. Please help. 
 
V/R, 
A Lost LT

Answer:Windows 7 freezes when running any anti spyware/virus/malware scans

Welcome aboard
 
You surely can't be running two AV programs (MSE and AVG) so you must uninstall one of them.
If AVG use AVG Remover: http://www.avg.com/us-en/utilities
 
When done try another scan.

14 more replies
Relevance 61.09%

Logfile of HijackThis v1.99.1Scan saved at 12:47:25 AM, on 12/16/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Common Files\Command Software\dvpapi.exeC:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exeC:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtr... Read more

Answer:Maintain Updates, Spy/virus/malware Scans, Defrag, Errors Still Keep Popping Up

You have Norton and Command Software AV's - only one active AV should be running - remove one

Explain in better details the problem you have

Have you checked spysweeper for updates and run?

16 more replies
Relevance 59.04%

Hi folks, apologies for probably talking in computer nonsense and thanks in advance for your time:

I have put the belarc report on my computer below. Hope this is in a readable format.

I thought for a long time that this was a virus but I'm not so sure now. I have two hard drives. The problem occurred when I was wiping the C: drive with ace utilities, something I do regularly. I stopped on 70 percent by mistake. After which the computer began to play up. Any scans apparently keep running after they hit a certain point but they no longer scan. The programmes then freeze while they still sound like they are running. My hard drive claims its full but I moved loads of files and programmes to the E: drive without making any dent in the disk space.

Can anyone spot where I blundered?

Thanks again



Operating System System Model
Windows XP Home Edition Service Pack 3 (build 2600) No details available
Processor a Main Circuit Board b
1.80 gigahertz AMD Sempron
128 kilobyte primary memory cache
128 kilobyte secondary memory cache Board: K8Upgrade-NF3 1.00
Bus Clock: 200 megahertz
BIOS: American Megatrends Inc. P1.60 11/30/2005
Drives Memory Modules c,d
483.98 Gigabytes Usable Hard Drive Capacity
319.98 Gigabytes Hard Drive Free Space

HL-DT-ST DVDRAM GSA-4167B [CD-ROM drive]
3.5" format removeable media [Floppy drive]

Maxtor 6L160P0 [Hard drive] (163.93 GB) -- drive 0, s/n L317VPYG, rev BAJ41G20, SMART Status: Healthy
SAMSUNG... Read more

Answer:[SOLVED] all scans, spybot search and destroy, ace utlities, virus scans, fail

Hello Tarzanlordofthe, Welcome to TSF!


Quote:




The problem occurred when I was wiping the C: drive with ace utilities, something I do regularly. I stopped on 70 percent by mistake.




This is the root of your problem....The fact that you stopped the wiping process before it had time to finish means that the C: Drive is more than likely corrupt now, due to the incompletion of the task.

The only way to rectify this situation now is to restart the wiping process again, and allow it to finish in its own time.

To help you with this process, please follow the guidelines in this checklist...

The Windows? XP Installation Check List.
1. The Windows? XP SP2-CD (naturally)

2. Darik's Boot N Nuke?..A Disc wiping Utility; or alternatively... Killdisk?. (Click the coloured Links).

3. Please read this guide...A Step-by-Step Installation Guide with explanations for each step of the installation.

4. The Motherboard CD that contains all the necessary Drivers etc.

A few tips:
a. Darik's Boot N Nuke will take about 4? hours to completely wipe the Drive; however, this will vary depending on how big the Drive is. (That estimate is for a 80Gb HDD). Wiping the HDD this way will give you the best chance of a 'clean' uninterrupted installation.

b. When you get to Figure 7 in 'The Guide', you can create more than one... Read more

18 more replies
Relevance 58.63%

Sorry but I'm not sure if this is even pasted in a sensible way. Hope its readable
The general consensus is that my computer is failing because of a registry problem. This is just a last ditch effort to see if you agree.

I couldn't do all of the steps because my computer would not uninstall any programmes. The list could not be recovered

Steps one and two worked

I couldn't download the restricted sites because I use Mozilla

I couldn't disinfect using Panad becasue the option wasn't available
Thanks in advance for your time








;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-10-14 20:03:39
PROTECTIONS: 4
MALWARE: 8
SUSPECTS: 21
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Avira AntiVir PersonalEdition Classic 0.0.0.0 Yes Yes
Avira AntiVir PersonalEdition Classic 6.38.1.29
Yes Yes
Avira AntiVir PersonalEdition Cla... Read more

Answer:from all scans, spybot search and destroy, ace utlities, virus scans, fail

Hello and welcome to TSF.

Apologies for the long delay in response. We have a large number of HijackThis logs to handle and it?s taking us longer to catch up. If you haven?t received help elsewhere already and still require assistance please perform the following:Download RSIT by random/random and save it to your desktop.
Double click RSIT.exe to start the tool and click Continue at the disclaimer.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of both here.

Please note that the forum is very busy and if I don?t hear from you in three days this thread will be closed.

19 more replies
Relevance 56.17%

I recently started using the various bootable anti-virus/malware scanners, like the Kaspersky's Rescue Disk.

However i am really interested in how do these bootable scans compare to the "normal" Windows run scans.

For example, would a maximum scan from Kaspersky Rescue Disk find as many malware/viruses as a max scan from Kaspersky Total Security?

Assuming both anti-virus/malware scanners are up to date (latest versions and databases), which is expected to reliably find and clean more viruses/malware?

Thank you for helping out
 

Answer:Are bootable anti-virus/malware scans as good as the "normal" ones?

These should be using the same databases and the same engines (especially if the bootable scan does an online update to get the latest), so the results should be similar. A bootable scan should also catch some viruses that may be detectable, but can hook into the system and prevent detection. A runtime scan may catch viruses that can only be detected while running (not sure if those exist).
 

1 more replies
Relevance 55.35%

Listing requested logs for this issue. Thanks in advance for your assistance.
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Philip at 2015-06-01 11:10:33
Running from C:\Users\Philip\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================

Administrator (S-1-5-21-733529448-3193121913-2867107617-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-733529448-3193121913-2867107617-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-733529448-3193121913-2867107617-1003 - Limited - Enabled)
Philip (S-1-5-21-733529448-3193121913-2867107617-1001 - Administrator - Enabled) => C:\Users\Philip

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {5FD6C936-849B-5CE2-14BA-709E1D6FD1DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {E4B728D2-A2A1-536C-2E0A-4BEC66E89B67}
FW: Panda Firewall (Disabled) {67ED4813-CEF4-5DBA-3FE5-D9ABE3BC96A1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled man... Read more

Answer:Side bar "crazy score" and browser re-directs immediately after mbam-malware scans removing virus

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Philip at 2015-06-01 11:10:33
Running from C:\Users\Philip\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================

Administrator (S-1-5-21-733529448-3193121913-2867107617-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-733529448-3193121913-2867107617-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-733529448-3193121913-2867107617-1003 - Limited - Enabled)
Philip (S-1-5-21-733529448-3193121913-2867107617-1001 - Administrator - Enabled) => C:\Users\Philip

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {5FD6C936-849B-5CE2-14BA-709E1D6FD1DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {E4B728D2-A2A1-536C-2E0A-4BEC66E89B67}
FW: Panda Firewall (Disabled) {67ED4813-CEF4-5DBA-3FE5-D9ABE3BC96A1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version:... Read more

5 more replies
Relevance 53.71%

My Windows 8 computer has been infected with malware/adware. When I browse the internet there are ads displayed by edeals. I've followed many guides to removing it, but none have worked. I've scanned my pc with malwarebytes, adwcleaner, and junkware remover.
Here is the result of the scan with Adwcleaner: 
# Updated 21/05/2015 by Xplode
# Database : 2015-05-21.2 [Local]
# Operating system : Windows 8.1  (x64)
# Username : Jed - JEDPC
# Running from : C:\Users\Jed\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;*origin.com;*ea.com;*akamaihd.net
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:12289
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [2109 bytes] - [24/05/2015 11:15:26]
AdwCleaner[R1].txt - ... Read more

More replies
Relevance 50.02%

First post on this board.

I have a Window Security Alert that has shown up in my start up tool bar. It has disabled Mcafee and even when I attempt to remove it with malware removal tools (emisoft, kasperick, rkill, malwarebytes, ccleaner) it keeps coming back. What do I need to do?

UPDATE: Just updated emisoft program that is still running and it blocked the malware to the internet with the following message:

Anti-Malware has detected a connection attempt to the suspicious host:

speed.pointroll.com

The connection has been blocked automatically.
Anti-Malware has detected a connection attempt to the suspicious host:

www.lynxtrack.com

The connection has been blocked automatically.

Anti-Malware has detected a connection attempt to the suspicious host:

leadback.advertising.com

The connection has been blocked automatically.

Answer:ran several scans and still have malware

Hello,lets do this and see how it is after. Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill... Read more

1 more replies
Relevance 50.02%

After scanning with Spybot S&D, Ewido and Ad-Aware with clean results, I was surprised to find that a reported 371 infected files! On investigation of the log, two files were minor things whilst the other 369 were all Incredimail related. I updated all of the scanners before running them and I have not had Incredimail flagged up like this before...so I can only assume that it is the latest a update which is the culprit. For those of you who use a and Incredimail on the same machine, be sure to check your log prior to deleting any 'infected' files!!!

Answer:Just Ran Several Malware Scans...

After having many past problems with incredimail,i uninstalled it a long time ago.Could it be possible that a2 has scanned and found infected files within your email For example,known spam ?Just an idea,as ive not used Incredimail for a while.

4 more replies
Relevance 50.02%
Question: malware scans

When I perform a malware scan is it enough to limit the scan to the registry and cookie file? Often I find malware software seaching all of the files on my C drive.
 

Answer:malware scans

Let me add to my previous post. Is malware ever found in text and picture files in My Documents or My Pictures? I once heard about a virus in jpegs. How about in Program files? Most of what my ad aware and spybot find are in the registry and cookie file.
 

2 more replies
Relevance 50.02%
Question: malware scans

havent done a scan in a while, just doing it to play it safe, ill post logs
 

Answer:malware scans

Logs look ok to me, one thing I was curious about. Are you familiar with "VstPlugins"?
 

7 more replies
Relevance 50.02%

Okay, I ran all of the programs, I still get redirected if I try to access MG support forums directly, but I can get here if I go through the main portal. I got the BSOD when I ran MG Tools but I'll attach the MGzip.logs with what ever came though. Avast is not happy, it keeps telling me it is blocking malicious sites on Windows explorer and Firefox.
 

Answer:Ran scans still have malware

And here is the MGlogs.zip
 

22 more replies
Relevance 50.02%
Question: Malware scans

Here are malware scans one one of our comp. This computor works online,the other two do not.One other runs Vista of which if i may will post logs when i can find them.Thanks in advance.
Wild.
 

Answer:Malware scans

Hi there. Your Mglogs.zip is very incomplete, and I don't have enough to work off there.

Please run MGTools.exe again making sure that you don't interrupt it, and also note down any error messages you may/ may have received. Referring to this if need be:

Using MGtools (scroll about half way down to possible error messages section.

Then once finished simply attach the new Mglogs.zip into your next reply here. Thanks

Kestrel13!
 

18 more replies
Relevance 49.2%

Here are my scan logs. I'm not sure what, if any, problems I still have but I wanted to have them looked over just to be sure. I could not run RootRepeal so I do not have a scan log from it. I got a message saying virtual memory was too low and that it would be increased, however it didn't help and my computer eventually froze and I had to reboot it. Thanks for your help!
 

Answer:Malware Removal Scans

Hi and welcome. I am currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Thanks for your patience during this time.

Kestrel13!
 

6 more replies
Relevance 49.2%

Hi.XP sp2 here. I always run my AV and malware scans while logged in as Administrator or an admin-level user. But I was wondering, will this catch problems that reside in the registries / setings folders of other user profiles? In other words, do I need to scan from within each user profile separately to be sure, or will scanning as Admin take care of everything on the machine??Thanks,-WWModerator Edit: Moved topic to more appropriate forum. ~ Animal

Answer:Malware Scans: Which User To Log In As

this same question was asked about a month ago, and nobody had a concrete answer. i thought that a scan would cover all users but another poster disagreed and said each user needed to run a separate scan. i always use the owner account, but once a week scan with administrator, just in case.

1 more replies
Relevance 49.2%

3 days ago I began getting a pop up on steam and my browser saying its from my ISP it has my name spelled wrong and is showing up occasionally and not every time I open my browser and steam. I have done multiple scans and it never pops up I need to get rid of this its very annoying and I dont want to have to reset to default. If anyone can help me get rid of this it would be really awesome.
 

Answer:Malware not showing up on scans

Hiya and welcome to Tech Support Guy

Are you still having this problem? If so, can you run the following and we'll go from there:

Download OTL to your Desktop
(Vista or Win 7 => right click and Run As Administrator)
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Standard Output.
At the top, check the box entitled Scan All Users
Toward the bottom, check:
All Users
LOP Check
Purity Check
Under the Standard Registry box change it to All
Do not change any settings unless otherwise told to do so.
Please copy the text in the code box below and paste it in the Custom Scans/Fixes box in OTL:
Code:

DRIVES
netsvcs
activex
msconfig
drivers32
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%windir%\Installer\*.*
%windir%\system32\tasks\*.*
%windir%\system32\tasks\*.* /64
%systemroot%\Fonts\*.exe
%systemroot%\*. /mp /s
/md5start
pnrpnsp.dll
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
consrv.dll
explorer.exe
winlogon.exe
regedit.exe
Userinit.exe
svchost.exe
services.exe
user32.dll
atapi.sys
csrss.exe
PRINTISOLATIONHOST.EXE
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\s... Read more

1 more replies
Relevance 49.2%

Does Nero interfere with the GMER scan? I have attempted the GMER scan (using the randomly named GMER.exe filename) and it keeps stopping after about 5 minutes to tell me that there is no disc in one of the drives... and in order to continue I have to put a disc in that drive.

That's why I'm wondering if Nero is causing this because I do not want to uninstall it as I no longer have the disc and I may lose it.

Thank for any replies.
 

Answer:Question regarding malware scans

As this is GMER related, I'm going to move this to general security....may get bounced up to malware removal, but for now Gen Sec will do.

thanks,

v
 

1 more replies
Relevance 49.2%

Hi,

Recently i received an email from head of my IT department which contained an attachment called "CIS Advices on Self-Protection.pptx". Turns out the header was false and it want actually from my IT department. Anyway i clicked on the attachment, then reported it after i realized what i had done.

I then performed all of the procedural steps outlined in the read me first post.
Attached are my logs. nothing appeared as a threat in any of the scans and my main antivirus program didnt detect anything.

thanks in advance to anyone who looks into this
 

Answer:malware removal scans

What malware issues are you having ?
 

6 more replies
Relevance 49.2%

Hi all! I have run most/all scans, but I'm still having problems with malware/trojans. I'm n hot a big expert with HijackThis logs, but any help would be most appreciated:

Edit by chaslang: Unrequested inline log removed. Please read and perform sticky thread steps.
 

Answer:Have tried most/all scans, but still problems with malware. Please help

Please read the announcement and sticky threads. HJT logs should only be posted when requested and then they must be attachments to your message. HJT must also be installed and run properly. You are currently running it directly from the ZIP file by using WinRAR. Don't do that.

Please run the steps below.

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem, boot into normal mode and make sure you follow these directions:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
... Read more

7 more replies
Relevance 49.2%

I have been working on a fix for my system lock-ups.
At first I thought maybe my PSU was dieing. The lock-ups did not get worse as I suspected they would, and even became less frequent.
I can get locked when I'm on the web with 5 pages running. But not all the time. I could have no web pages open, but lock-up with just the e-mail running. or with just one web page open. Or i could start the system, log in, walk away, only to come back to find it locked-up. As I am typing this the system is running fine. It never locks up when I am playing Battlefield 2142.
AVG finds nothing when it runs all the way though. Malwarebytes, and SuperAntiSpyware locks up on complete scan in the same file. (C:\Windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lang\chtskf.dll). Quick scan with same programs only finds tracking cookies. I ran MalWareBytes with rrkill several time to the same lock-up outcome.
Spy-Bot S&D runs all the way though but finds nothing.
I ran Check Disc in repair mode. Ran the System File Checker. and am still having same problem.
When I had enough..I slaved the disc onto another machine and externally scanned with AVG9. Nothing found.
My system :
I built 5 years ago.
AMD Athlon 64 2800+ ASUS K8N Mobo
2.5 Gigs Kingston DDR400 PC3200 RAM
Maxtor Diamond9 80 Gig drive
Original MGE PSU 480 Watts that came with case.
Windows XP Professional Service pack 2
I was hoping someone might have an idea that might... Read more

Answer:Locks up during malware scans

Hello , I feel this may be a soft or hardware issue. I am moving this to XP. If they deem it necessary we can come back.

21 more replies
Relevance 49.2%

I came back from a vacation a few weeks ago and my computer has slowed down dramatically. My browser is now full of adds and I've also recently noticed that a lot of space on my Solid State hard drive has become occupied. I'm not necessarily sure how this happened. No one should have been using my computer while on vacation and I doubt anyone had access to it.

I've included the logs requested in the READ & RUN ME FIRST Malware Removal Guide. Thanks as always in advance.
 

Answer:Malware Scans and Logs

The only malware showing up in your logs is the PUP's in Hitman. Rerun it and have it delete those items. I suggest you post in the software forum for additional assistance.

Since you are not having any malware problems, it is time to do our final steps:

We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

 

3 more replies
Relevance 49.2%

When running a computer with multiple users, does a malware scan search all files and folders? When logged in as one user, one does not generally see the My Documents folder for other users. Are these files included in the scan?
 

Answer:malware scans and my documents

Hi,,
The best way with multiple accounts is to scan when logged in to one account, then scan the next account, etc.

I don't think all the spyware or antivirus programs could be trusted to scan everything, probably some do, but who can say?

An online scanner is a good tool to use, they can be very thorough.

Bit Defender, Kaspersky, Panda and quite a few more very good ones.....antispyware, rootkits, most everything is looked for in these today...not just for a virus.
 

1 more replies
Relevance 49.2%

WinXP Pro v. 2002, SP3, x86, 34bit

Hello, I've run all the suggested Malware tools and have attached the logs here. Please have a look - I'm sensing that there's still some probs but, what do I know!

In addition, perhaps caused by the virus found, or another not yet found...maybe something in my settings, My keys are typing alternate symbols, i.e.,

Shift+colon= @ (should be ")
[email protected]= " (should be @)
Shift+ key before number 1 key (elipse key?)= (should be ?)
Shift plus number pound symbol = (should be pound/number symbol)

I checked the regional language settings which were set to U.S. I changed them to Canada but, no change. I suspect the keys are a British English setting but other than in the Regional and Language settings I don't know how to change this. I'm asking this question here in the event it might be related to a virus. Prior to sensind virus activity, the keys were not doing this.

What I first noticed wrong was the WinPatrol caught notepad trying to access the keyboard directly and I wasn't running any keylogging software.

Many thanks in advance

Blu
 

Answer:Malware Scans Run - Please Have a Look at Reports

Your logs are clean. This is not a malware issue. You should pursue this in the software forum.

In the meantime, go to msconfig and disable this startup item:
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe

If that solves the issue, then you can re-enable it and run this script:

Copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.




REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"HotKeysCmds"=-

Click to expand...

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

I assume that both the SAS and MBAM logs were empty and that is why you didn't attach them.

If you are not having any other malware problems, it is time to do our final steps:
We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you in... Read more

1 more replies
Relevance 49.2%

Hi, I originally posted the details of my problem in the other forum: http://www.bleepingcomputer.com/forums/t/59525/have-virus-but-all-malware-scans-freeze/Please let me know if I need to reiterate the details here. Here is my HJT log, as requested. Any help is greatly appreciated. Logfile of HijackThis v1.99.1Scan saved at 20:47:17, on 21/07/2006Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\alg.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\system32\slserv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Files\ewido anti-spyware 4.0\ewido.exeC:\Program Files\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.262.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.o2.co.uk/O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6... Read more

Answer:Malware On Pc But All Scans Freeze

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download FixWareout from one of these sites:http://downloads.subratam.org/Fixwareout.exehttp://www.bleepingcomputer.com/files/lonny/Fixwareout.exeSave it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log into this topic.

7 more replies
Relevance 49.2%

Hi and thanks for reading.

I just came from the Malware forum - my helper told me the problem did not appear to be malware related and to post here.

All antivirus and antispyware scans have started shutting down my laptop. It isn't instant or related to a BSOD it just seems to shut itself down toward the end of any scan.

Things that I know crash it:
ESET nod32 antivirus
defraggler
mbam
super antispyware

These scans run just fine in safe mode.

Thank you.
 

Answer:All Scans Crash PC - Not Malware

Too late to edit.. sorry.

I should also note that when the system restarts I get a message that asks me to "Reboot and select proper Boot device or insert Boot media in selected Boot device and press a key". I have to hard reset at this point and after it boots fine (start Windows normally).
 

1 more replies
Relevance 49.2%

Hi and thanks for reading.

My laptop crashes during all scans (not in safe mode) and during defrag. I managed to get the text of the BSOD using a video camera and will transcribe it; there is no dump file as the BSOD will show.

---

A process or thread critical to system operation has unexpectedly exited or been terminated.

...

STOP: 0x000000F4 (0x0000000000000003,0xFFFFFA800D081B30,0xFFFFFA800D081E10,0XFFFFF800033D9350)

Collecting data for crash dump ...
Initializing data for crash dump ...
Physical memory dump FAILED with status 0xC0000010.

---

This is a ASUS U56E-1AXX laptop. Please help.
 

Answer:All Scans BSOD - not malware - please help!

STOP codes are often hard to trace. If I had to make an educated guess, the most likely causes would be either an extremely bad virus/malware infection or a failing hard drive.

First - if you have files you haven't backed up and need to attempt to save - I'd remove the drive from the PC and hook it to a working PC. First, scan the entire drive with Malware Bytes free edition. If it shows infected files, use the program to attempt to remove them. (Note: This step by itself may not fix all infections. If it shows infections, repost in the Malware forum for more detailed advice.)

Next, download Advanced System Care on the working PC and use the "Disc Doctor" utility in the Toolbox to scan the drive in question. If it comes up with errors, allow it to attempt a fix, reboot the PC and run Disc Doctor again. If it now shows "no errors", put the drive back in the ASUS PC and retry it.

The final possible solution is to buy a replacement hard drive and reload Windows on it. Disk Doctor and other drive utilities sometimes miss hard drive issues.

If all of these fail, post a reply and other members may have other ideas.

Hope this helps.
 

3 more replies
Relevance 49.2%

I am helping someone with their XP based system. They have CA Security Suite.

The problem is, after a system scan is performed the system becomes infected with severe malware. Specifically, after a full system scan is performed, a popup appears from "Microsoft Security Essentials Alert" which is Trojan installer that installs "ThinkPoint Security". I run Malware Bytes, it finds the crap and removes it. System is ok. Run CA av scan and it reappears again. 4 times as of this newest infestation. But it ONLY happens after CA is ran.

So, is CA infected or what? I ran Malware Bytes and Sybot S&D, and let them remove what they find. Reboot. Run them again and verify removal. I have manually checked the registry for the keys and all is good. I suspected CA after the third time, so intentially waited a couple days to run the AV scan. And immediatly after the scan it was back, so I am very certain CA is the cause. How, I don't know. Any suggestions??
Thanks!
 

Answer:CA AV scans cause malware infection!

Anyone have ideas?
 

1 more replies
Relevance 49.2%

I'm running Win XP, SP2. I've followed 'Read & Run Me First' but I'm unable to run the following scans:

SUPERAntiSpyware
SpyBot - Search & Destroy
Malwarebytes Anti-Malware
combofix.exe

In each case, trying to run gives a repeating error message with 'try again', 'continue' and 'cancel' options. After clicking through for a while, nothing happens. I also tried running these scans in safe mode but the same thing happens.

I was only able to run MGtools. I have attached MGlogs.zip.

The malware prevents me accessing certain websites, MajorGeeks included. I'm writing this from a different computer.

Also, my PC now doesn't shut down properly - that is, it shuts down but the fans keep running & the red LED stays lit. It keeps going until I shut the power off at the wall - it doesn't matter how long you leave it. This may be unrelated but, if so, it's a weird coincidence.

Any help would be much appreciated.
 

Answer:Malware prevents scans - please help!

What drive/partition did you install the tools on? I do not see SAS or Combo or MBAM installed on the F drive.

Use windows explorer to find and delete:
F:\WINDOWS\system32\twex.exe
 

6 more replies
Relevance 49.2%

All steps completed - scan logs attached. This is for a second computer I own. Thank you.
 

Answer:MALware - Please review scans (1)

MALware - Please review scans (2)

All steps completed - scan logs attached. This is for a second computer I own. Thank you.
 

6 more replies
Relevance 49.2%

When doing scheduled malware/virus/trojan scans, is it better/more efficient to run scans from an Administration account or a User account?.....or even both?....or doesn't matter?
 

Answer:Scheduled Malware Scans

I don't believe it matters. Most a/v scanners will offer the option between a 'quick' scan and a 'full' scan, that's about the only difference that you can get. Some will advertise registry scanning, others rootkit scanning, etc, but the key things to remember are that no one scanner is the end-all be-all of a/v, and frequently, with some knock-off brands, you will get a plethora of false positives. There is currently a big television campaign for a certain scanner that is guaranteed to speed up your pc, ran it on my test box and it generated, I'd estimate, about 80% false positives.

But no, I've not seen a difference in your average scanner between an admin user and a regular user. Sometimes you will be required to 'run as administrator' on certain apps advanced features, but that is usually dictated by which OS you are using.
 

3 more replies
Relevance 49.2%

Windows XP Machine IE 7
Noticed a few days ago that whenever I was doing google searches I would find my item, click the hyperlink and was supposed to go to the intended website, but instead would hit a variety of Porn, Healthcare, Pharmacy etc website having nothing to do with my search criteria.

I had McAfee installed at the time but found that it had not updated itself in a few days and when I tried to run it for virus scans it wouldnt work. Finally removed the program and tried a number of others: Kasperia, Ad Aware, etc. The same problem exists in all of them.....I install it, I try to start a scan and either it starts scanning and then just disappears from my screen a few seconds later (program stopped and is gone from screen - try to restart and either it crashes instantly or does the same each time) or I cannot even click the scan button (it just doesnt do anything when you press it over and over again).

Have been for last few days reading through website help forums and downloading various programs to ID, fix etc...with little results.

Hijack installs and when I click the .exe file it gives me a popup error saying:

Windows cannot access the specific device, path, or file. You may not have the appropriate permissions to access the item.
I have managed to get Win32kDiag.exe to work with a log.....I currently have Erunt, HijackThis, SysRestorePoint, TFC, MGADiag, and Malware Bytes programs on my desktop.

Maleware is doing same as all other scanners....Either star... Read more

More replies
Relevance 49.2%

I'm running windows xp sp2. adaware, spybot and virus scans haven't helped. I deleted MSAgentXP, but there is another trojan downloader that I couldn't fix. when I start up I get a "data excecution prevention" message that says windows has closed this program: and the program is windows explorer. I can still stay on for a while before it reboots itself, but I'm not sure what to do now. hijackthis log:Logfile of HijackThis v1.99.1Scan saved at 9:34:38 PM, on 11/1/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Valve\Steam\Steam.exeC:\WINDOWS\system32\esent97.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\wpd_ci.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\syste... Read more

Answer:Virus, Hijackthis Log Included, Neither Adaware, Spybot Nor Virus Scans Have Fixed It

Hi and Welcome to bleeping computer!! My name is David Please do both of the following before we start if possible!:1) Please print off these intructions - they will be needed later when internet access is not available.2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.There is a bit to do on the log - i can almost guaruntee ewido will remove something - it's also a good free tool to keep in your arsenal! Please download ewido security suite it is a free version of the program.Install ewido security suiteWhen installing, under "Additional Options" uncheck.Install background guardInstall scan via context menuLaunch ewido, there should be an icon on your desktop, double-click it.The program will now open to the main screen.When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
You will need to update ewido to the latest definition files.On the left hand side of the main screen click update.Then click on Start Update.The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful") If you are having problems with the updater, you can use this link to manually update ewido.ewido manual updatesOnce the updates are installed do the following:Click on scannerClick on Complete System Scan and the scan wil... Read more

3 more replies
Relevance 49.2%

(I use a Lenovo y460 laptop on Windows 7 64-bit.)

Currently my computer is not infected because I reinstalled the OS from backup discs, but I'd like to figure out what is wrong with the files or which ones are infected instead of losing my whole library.

When I just copy the files (mostly .mp3s with some .mp4s and .flacs) from my iPod classic or external HDD to my computer, my computer runs fine. But when I import them into iTunes or another media player my computer starts to occasionally lock up and become unresponsive. This becomes worse over time until the computer can't be used in anything but safe mode and I have to restore from my backup discs.

I've run Microsoft Security Essentials, Malwarebytes, and boot-time Avast scans on my computer and these files and none of them pick up anything.

Does anyone know what the problem is and if I can resolve it without losing all my files?

More replies
Relevance 48.79%

Hi, I'm pretty sure someone clicked on a virus link on facebook because when I viewed my profile on another computer I've somehow started conversations with everyone on my contact list along with a link of the virus. Please help me. Thank you.Edit: Moved topic from XP to the more appropriate forum. ~ Animal

Answer:Virus Preventing connection to Facebook and anti virus scans

Hi, I'm pretty sure someone clicked on a virus link on facebook because when I viewed my profile on another computer I've somehow started conversations with everyone on my contact list along with a link of the virus. Also, on the infected PC facebook never loads up. So far I've done nothing as I was getting ready to format my PC. Somehow I stumbled upon this forum while browsing the internet so I was hoping my comp could be saved. Please help me. Thank you.

7 more replies
Relevance 48.79%

So I've been saving up for a new computer for ages and, has befits my luck, I now have and within two months there's a problem. Obviously, I really want help with this and this is the best place to go after being shunned by PC World imo. Anyway, on with some details.

Computer: Sony VAIO
Stuff it has: 6GB Hardrive (I think), 2GB separate memory card thing, i5 Processor. Can't remember anything else
Operator: Windows 8
Browser: Internet Explorer, fairly sure it'll be the latest one, so that's 10
Security: Norton 360 (again, a fairly new version I think).

So, the problem started gradually. A couple of weeks ago, I started having the odd problem with internet explorer. I'd load up a page and an error message (can't remember exact wording) would come up saying can't access site blah blah. No problem. Hit F5 to refresh. There's the website, as usual. The problem gradually got worse with this occuring more frequently and a more worrying version occuring too: I'd load up IE and be faced with a white screen. Completely blank. No error messages or anything like that. Again, not much of a problem. Close it down, occassionally have to wait a but, and then re-load.

Now obviously these problems were really rather annoying so I looked to download another browser. I'd been reliably informed that Firefox was a no-go since it was full of cookies and lots of data that clogged up the system, so I ruled that out (something I kinda regret now). I do... Read more

Answer:Clever Virus? - Internet, Virus Scans and Restarts Disabled!

Hello, I would like to do these.MiniToolBoxPlease download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Please Download TDSSkiller Launch it. Click on change parameters-Select TDLFS file system Click on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan results.I'd like us to scan your machine with ESET OnlineScanHold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.Double click on the
icon on your desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under scan settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted app... Read more

3 more replies
Relevance 48.79%

Ugg. Outlook keeps saying something is trying to access my e-mail or address book. This has never happened before.

Logfile of HijackThis v1.97.7
Scan saved at 12:27:46 PM, on 3/27/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PowerArchiver\POWERARC.EXE
C:\DOCUME~1\Josh\LOCALS~1\Temp\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.o... Read more

Answer:Pretty sure I have a virus.. 2 virus scans find nothing. Highjack this log inside.

6 more replies
Relevance 48.79%

Hi
I hope that someone can help me out. My computer has been extremely slow the last 6-9 months with a high CPU usage for no apparent reason. It shuts down randomly and I have issues using internet explorer with some pages not able to open. I have completed the malware removal/cleaning process for Vista 64 bit and have attached the associated logs. TDSS killer came up clean.

Thanks.
Jim
 

Answer:found potential malware after scans

Rerun RogueKiller and have it fix these items:
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-2808877515-2031380678-1226575635-1000\$18e104d47a188dbdfccb6b946966e6b7\n. [x]) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$18e104d47a188dbdfccb6b946966e6b7\n. [x]) -> FOUND
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$18e104d47a188dbdfccb6b946966e6b7\n. [x]) -> FOUND
Then run Hitman and have it fix everything it found!

Reboot and rescan with both RogueKiller and Hitman and attach the new logs.
 

7 more replies
Relevance 48.79%

updated all my antivirus and booted into safe mode

did a malwarebyte's antimalware scan and vondu came up all over it

removed it with the program

also did a combofix and a hijack this

i have posted the log

it seems fine at first and then in about 10 minutes it's going slow again and i do the same scans in safe mode and get the return of the vondu

here's my hijack this log after the scans

Answer:PC going slow, Vondu on malware scans

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to di... Read more

2 more replies
Relevance 48.79%

A long-running issue with my computer is the general slowness and difficulty it faces in doing simultaneous tasks like playing music and web browsing, or videogames... i plan to take it to a repair store (or the school IT technicians) to open up the case (its a laptop) and make sure everything is connected correctly and not all choked up with dust but i though it would be better to run some virus scans first so here are, in order, malwarebytes anti-malware, combofix, and hijackthis logs.

Let me know if anything that might cause the slowdowns is found, and if someone could recommend a free program to scan the registry for corruption that would be handy.

Malwarebytes' Anti-Malware 1.18
Database version: 881
9:24:41 PM 23/06/2008
mbam-log-6-23-2008 (21-24-35).txt
Scan type: Quick Scan
Objects scanned: 39641
Time elapsed: 20 minute(s), 38 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing (Trojan.Zlob) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data... Read more

Answer:Sluggish computer, did some scans to see if malware was the cause

8 more replies
Relevance 48.79%

Yesterday my font in Chrome suddenly looked different, so I did a virus scan just to be safe, and the BitDefender free online scan detected Gen.Variant.Kazy. (In retrospect, I'm pretty sure the changed font was actually because of a Chrome update, not the virus.) I originally had Avast AV on my computer, and after finding the virus I purchased Kaspersky to replace it, but neither scanner could detect the virus, and neither could Spybot S&D or Malwarebytes. I wondered if it was just a false positive, but eventually I just deleted the file that was flagged by BitDefender and the next scan showed my system was clean.

I noticed that my wireless connection kept turning off for no reason while I was working on getting rid of the virus. I also found that AdBlocker was destroyed--it still showed as a Chrome extension, but it wasn't working and had apparently been gutted.

I reinstalled AdBlocker after I got rid of the virus, and everything else seemed normal. However, I just tried to log in to two of my online banking sites and was warned by Chrome that "You attempted to reach www.[mybank].com, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications." As I said, this happened with two different banks. I tri... Read more

Answer:Tricky malware not showing up on scans

13 more replies
Relevance 48.79%

Dell Inspiron ONE
Windows 7
 
SUPERAntispyware fails
ESEST Online Scanner Fails
(Have Screnshots for ESET but unable to figure out how to include them in post)
 
SAS:
Run scan, it starts & then disappears
ESET:
Completes 95% scan & stalls
Task Manager says it's running
Input fields on SAS window turn black
SAS window turns blank

More replies
Relevance 48.79%

I started getting popups yesterday, and when I ran a virus scan, it popped up several things. I tried removing them, but that didn't work. (Avast wouldn't move them to chest or delete them, claiming they were being used, etc etc.)

I immediately came here and ran through all the "READ THIS FIRST" procedures. After the 2 programs (I have 64x Win 7, so I couldn't use the other 2), there were a total of 8 files & registry entries they cleaned. I figured that was it.

Last night, Avast ran another scan, and when I got on the computer this morning, it had found another file and my computer was frozen. I had to turn it off with the power button and then turn it back on.

So... I came here again and am posting. Attaching my logs. TIA for any help! *cry*
 

Answer:Malware infection - Scans run & attached

Darnit, forgot to add an attachment. Sorry!
 

9 more replies
Relevance 48.79%

I downloaded Hijackthis and am trying to figure out how to send the log to you. I went thru the introduction and did everything it asked, like rootrepeal and the dds thing and all that..I don't know what any of this means though. I hopefully am sending you everything, but my real need was to find out if the hijack file has things that can be removed. I have no idea what is necessary and safe to keep and what can be removed. And since I am sending the other files too, might as well see what you can do with those too. My problems I am having with the computer are it getting slower and the toolbar changes back to winamp, which I have removed and it shows up again. Thanks so much! I appreciate this service very much. Robin

Answer:First Time running these scans for Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

19 more replies
Relevance 48.79%

I will preface this by saying that I don't know if there are steps I should be taking before posting this question, but I am fairly computer savvy and need a starting point to diagnose my issue.

AMD Athlon 64 processor 3500+ 2.2GHz
2 GB Ram
Windows XP Pro Service Pack 3

My main HD is a SATA RAID 0 SCSI (2 HDs which total 160 GB)
And I have an additional 500 GB Western Digital HD

I also have an ATI Radeon 9800 Pro video card and a second ATI 9000 for a dual monitor setup.

PROBLEM: My PC works normally unless I run a virus scan. When I do this it runs for a while, then I get the blue screen of death and the PC shuts down. I'd been using AVG Free for a couple years with no problems. I thought the problem was with AVG so I tried 2 other Anti Virus programs and when they scanned for viruses I got the same result. I currently have no antivirus installed.

Also: I recently ran Malwarebytes and the same thing happened. It scanned for a while then I got the BSOD and my PC shut down.

I am able to run CCleaner and Spybot Search & Destroy with no problems.

I just ran Check Disk on my C: drive and it reported no problems.

I am assuming this is a hardware issue, but can't be sure. Can you suggest what to do to get started fixing this problem so I can once again run antivirus software?
 

Answer:Antivirus/Malware Scans Shut Down My PC

Hi

Strange one as I'd have bet on checkdisk finding something like an error block, but as you have run this, it doesnt seem this is the case.

Can you run defrag ok?

Can you boot into Safe Mode ok and run a scan with a AV? (dont know if AVGs GUI works in safe mode, it used to only run via commandline, Microsoft Security Essentials (MSE) works in Safe Mode)

Have you uninstalled all AV and security apps fully and then just installed one, say MSE and try.

Just a thought, what are the temps of your PC as in CPU etc just thinking as scans do use a fair bit of CPU at times, that the PC was overheating during a scan, hence the thought of defrag scan earlier.
 

10 more replies
Relevance 48.79%

Hi there,

I've already posted a thread in Software - No 'click' sound when navigate browser in window explorer/ internet explorer http://forums.majorgeeks.com/showthread.php?p=1630470&posted=1#post1630470

I thought this is a simple sound setting issue so I make a thread there but I've tried many thing to get it back, still couldn't. Just come across the READ & RUN ME FIRST Malware Removal Guide and I follow it to see whether my issue can be solved. It is not solved yet until now.

I got an advice from plodr that scan logs should be placed here for malware fighters read. Please help reading my logs and advice whether it's a malware problem or sound setting problem.

Please advice me what to do. Need help. Thank you.
 

Answer:Malware scans and logs for checking

Hello, happyfeet




I got an advice from plodr that scan logs should be placed here for malware fighters read.Click to expand...

You haven't attach the requested logs yet.

dr.m
 

4 more replies
Relevance 48.79%

I am trying to do all the scans in the 'read me first' section, and I can't. I can download them, and once super antispyware begins, it shuts down.

I need help!
 

Answer:Can't run any anti spyware/malware scans

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Administrator

You only need to get one of them to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif
Once you've gotten one of them to run then try to immediately run the following.


Download and save the below to your PC (save it anywhere you can find it. The Desktop is fine). Then double click on it to run it.

AVPFind.bat

It should take a couple minutes to run. You will see a black command prompt window while it is running and it should close when it is finished. Once it finishes, attach the c:\avplog.txt file that is will hopefully create as long as the malware does not block the batch file from running. (See: HOW TO: Attach Items To Your Post )


Now download and Run exeHelper

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
A log file named log.txt will be created in the directory where you ran exeHelper.com
Attach the log.txt file to your next message.
Note: If the window shows a message that says "Error deleting fil... Read more

1 more replies
Relevance 48.79%

Hello. My laptop is majorly sick. It will completely freeze soon after starting up. I run it in safe mode and can operate freely among my files but as soon as I run malware scan, it will freeze. I got about 30 minutes into ESET scan before it froze, but I did have Trojan infections. Help please seems to be getting worse and this is my lifeblood. Thank you!!

Answer:Laptop keeps freezing, especially during malware scans

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/560174 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 48.79%

Hi guys,
I am certain that i have malware on my system but a few of the malware programs are not able to find anything.
 
Some of the recent symptoms...
 
Windows has been getting repeated blue screen crashes (very regularly...perhaps as often as ever 10 minutes at times)
System is taking an unusually lengthy period of time to startup to windows login screen,
Windows login is taking  a couple of minutes to get to desktop (and this is very unusual for this computer system)
when system is logged in but not actually being used directly, the hdd light activity is almost continuous...except when i hit ctl  alt delete to go to task manger the activity almost immediately ceases and returns to normal prior to the task manager window appearing 
When the system is logged off, i notice that the hdd light is running almost continuously...if i unplug the ethernet cable, it stops
i get app crashes repeatedly, however not the same one...after a restart a different application will crash (sometimes its IE, google chrome, firefox, windows explorer, norton antivirus, etc etc)
After startup, sometimes the antivirus software is disabled in the task manager even though its set to auto load when windows starts.
Windows defender is currently disabled (which may be as result of having norton 360 installed im not sure)
I have had an infection on one of the drives that is in this system before (only a month or so ago) and cannot be sure it was completely removed last time.
... Read more

Answer:Im sure i am infected but scans are not finding the malware

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkma... Read more

18 more replies
Relevance 48.79%

Yesterday my font in Chrome suddenly looked different, so I did a virus scan just to be safe, and the BitDefender free online scan detected Gen.Variant.Kazy. (In retrospect, I'm pretty sure the changed font was actually because of a Chrome update, not the virus.) I originally had Avast AV on my computer, and after finding the virus I purchased Kaspersky to replace it, but neither scanner could detect the virus, and neither could Spybot S&D or Malwarebytes. I wondered if it was just a false positive, but eventually I just deleted the file that was flagged by BitDefender and the next scan showed my system was clean. 
 
I noticed that my wireless connection kept turning off for no reason while I was working on getting rid of the virus. I also found that AdBlocker was destroyed--it still showed as a Chrome extension, but it wasn't working and had apparently been gutted. 
 
I reinstalled AdBlocker after I got rid of the virus, and everything else seemed normal. However, I just tried to log in to two of my online banking sites and was warned by Chrome that "You attempted to reach www.[mybank].com, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications." As I said, this happened with two different banks. I tried ... Read more

Answer:Tricky malware not showing up on scans

Hello davidcv. It has been brought to my attention that you have also posted a topic about this same issue at http://forums.techguy.org/virus-other-malware-removal/1133114-tricky-malware-not-showing-up.html and are receiving help there by a malware removal specialist.You should only seek malware removal help at one forum.We ask that you select one forum from those where you sought help and ask the others to close your topics.Although we understand you wish your problems to be addressed as soon as possible, there are reasons why multi-posting causes problems.By Multi Posting you are utilizing the time of two (or more) trained helpers. Helpers take a long time to train. They need a great deal of expertise and knowledge to be able to safely remove Malware from your computer and because of this are in short supply. We wish to use them to help the maximum number of people, and if they are researching the log of someone who is already being helped, then their time and effort is going to waste.Understandably this causes a certain amount of bad feeling and frustrationFrom the helper who has needlessly spent time researching your log and compiling and posting instructions.From others who have to wait longer for their problems to be addressed.Advice from two separate helpers can cause problems.A helper at one place has no idea what a helper somewhere else is doing. Different helpers may use different methods to combat your infection. While each one is safe to use, p... Read more

3 more replies
Relevance 48.79%

I am operating Windows XP, SP1. For the past couple of weeks I have been unable to scan my computer for viruses, and malware because the scans always stall. NAV stalls while "scanning active programs and start up files". I contacted tech support at Symantec and no one there could solve the problem. I tried downloading Microsofts Malicious Software Removal Tool, and although it appeared to download, it stalled during the scanning process. I left the scan on for over an hour but there was no progess. I can sucessfully operate Microsoft Spyware, and it has not detected any problems, but the Antispyware program contained in Internet Security will not complete the scan as it is tied in with the NAV scan. Can anyone suggest what can be done to allow NAV to complete the scanning process? I am running Norton Internet Security 2005 AntiSpyware Edition and for a couple of months it worked perfectly well. As I said earlier, Symantec was not able to provide a solution.
 

Answer:Solved: NAV & Malware Scans Stall

16 more replies
Relevance 48.79%

Hi,

I Just went through the "Read and Run Me First" procedures and there are things on my computer that need to be removed. I would appreciate help removing them if possible.

Thanks in advance!
 

Answer:Removing malware found on scans

Not too much to do.

Re run Hitman and have it delete Potential Unwanted Programs.


Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:


O2 - BHO: (no name) - {04A1B386-D2DA-4361-8A4B-0F3F42863BB0} - C:\Users\Dad\AppData\Local\TCPIPx86_x64.dll (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

After clicking Fix exit HJT.



Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.


Right-click OTM.exe And select " Run as administrator " to run it.
Paste the following code under the area. Do not include the word Code.


Code:

:Files
C:\Users\Dad\AppData\Local\TCPIPx86_x64.dll
C:\Program Files (x86)\MyPC Backup

:reg
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{17FFC4B4-7026-4E2E-A1C4-18941B6CCCA7}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}]

:Commands
[emptyt... Read more

9 more replies
Relevance 48.79%

3 weeks ago my XP Pro sp3 machine became infected with Trojan Backdoor Generic12.BOWL. Within a few minutes it had turned off my firewall and installed a couple of others as well, including Generic17, Generic18 and Cryptic.ZPF

I turned off system restore, entered safe mode and ran AVG command line scanner, then Malwarebytes, then Superantispyware, then Trojan Remover, rebooting into safe mode after each application was run.

All found something to complain about and remove successfully, after which I rebooted into safe mode, and ran each consecutively - all came up clean, however a couple of times the computer just suddenly cycled through a complete shut down - correctly, as though I had gone start>shut down rather than just a sudden turn off. All applications closed correctly and power down. Rerunning all scans turned up no problems, re running in safe mode again all reported clean

Then yesterday upon start up it suddenly has the AV security suite virus on there, so again... off with restore, into safe mode, run all the above AGAIN only to find 8 more trojans / virus etc. Ran them all several times, plus this time ran an AVG linux recovery CD to give an extra little something. All are now reporting the system is clean... but it's just randomly shut down again, so I just don't trust it!!

What else can I do?

Answer:AV and malware scans say PC is clean... I dont think it is!

Scanning with Malwarebytes Anti-Malware in safe or normal mode will work but removal functions are not as powerful in safe mode. Why? MBAM is designed to be at full power when malware is running so safe mode is not necessary when using it. In fact, MBAM loses some effectiveness for detection & removal when used in safe mode because the program includes a special driver which does not work in safe mode. Further, scanning in safe mode prevents some types of malware from running so it may be missed during the detection process. Additionally, there are various types of malware infections which target the safeboot keyset so booting into safe mode is not always possible. For optimal removal, normal mode is recommended so it does not limit the abilities of MBAM. Doing a safe mode scan should only be done when a regular mode scan fails or you cannot boot up normally. If that is the case, after completing a safe mode scan, reboot normally, update the database definitions through the program's interface (preferable method) and try rescanning again.Crashes (BSOD), unexpected shutdowns, sudden freezing, random restarting, and booting problems could be symptomatic of a variety of things to include hardware/software issues, overheating caused by a failed processor fan, bad memory (RAM), failing or underpowered power supply, CPU overheating, motherboard, video card, faulty or unsigned device drivers, CMOS battery going bad, BIOS and firmware problems, dirty hardware components, prog... Read more

15 more replies
Relevance 48.79%

help me!

i previously had malware and i performed the 'READ & RUN ME FIRST. Malware removal guide', i think it helped abit but my computer isnt functioning as it used to. my desktop image remains white no matter how many times i try to change it and my computer seems to be performing slower. help me!

ill attach the logs from the scans.
thanks!!
 

Answer:help - i performed all the scans and i think i might still have malware or viruses

help - i performed all the scans and i think i might still have malware or viruse

heres the final log. thx again.!
 

10 more replies
Relevance 48.79%

I've ran MBAM, ESET SS, Superantispyware and combofix and I've found dozens to hundreds of problems on each scan. It seems like I'm shooting in the dark and not getting anywhere with something new popping up. Im running XP media center sp3. any ideas where to go from here?

Answer:Finding 100s of malware on scans

Hello would you post the MBam and Eset logs so we can get an idea of what was here and your operating system.

15 more replies
Relevance 48.79%

Hello everyone. So my computer has some sort of virus on it. As I am surfing with Firefox, all these popups happen. Even after I close Firefox, it is still open. in the processes with multiple windows. When I go to restart, Firefox pops up asking if I want to save the tabs (no firefox browser is visible).I did all the steps asked in the Preparation guide, with the following results:Scanned with Ad-Aware: Deleted everything that came up, restarted scanned again. The same files were found, so deleted them again and restarted and scanned again. Again the same files were found. I repeated the process ten times and everytime the same things were found and I deleted them.Scanned with Spybot S&D: It found several threats of Virtumonde. It would scan a little bit and then a popup window would say "It is recommnded that you restart your computer and scan again." So I did. But everytime I started the scan (I guess when the first infected file was found) it asked me to reboot. Finally, I said no on the reboot and it kept scanning and found 12 malware (all related to Virtumonde). After the scan, I deleted the found files and restarted and scanned again, and the same files were found.I did a search on Virtumonde and found two help programs: VundoFix.exe and Virtumondobegone.exe. I followed those instructions and ran those programs in safe mode. It looked as if Virtumondobegone got rid of the files, but when I restarted my computer normally, the popups were still there. Ran A... Read more

Answer:Virtumonde Malware - Scans not getting rid of files

Hi

I'm sorry it took so long to get a reply. Forums have been very busy

If you still need help with this post a fresh hjt log, please.

2 more replies
Relevance 48.79%

Hey there,

So I've had my PC for a pretty long time and I've gotten a virus before (I tend to stream/torrent stuff online) so I knew I should do some virus scans to remove them if they popped up again. These past few days I got a virus that tends to pop up often for me. I get ads from "Popshopcoupon" which I just call the devil now. I've asked all my computer savy friends and they all redirect me to renown virus scans. Some of which were promising but when I return to my browser, the same ads pop up, which include a message popping up and a frustrating voice telling me I have malware on my computer, redirecting to another page which tells me the same thing (without the audio), and, most annoyingly, every time I open up a new tab or go to a new page, a little "ad" pops up "from Popshopcoupon." Now I know you will probably all tell me to do a virus scan, but I've tried probably 6-8 different ones (No I don't remember the names but I could find out if I tried). Some say that I don't have any malware on my computer and others say they removed all the malware on my computer, but returning to my browser... same thing.

Sorry for my probably really repetitive summary of it...

Please help me
Thanks,
or my computer gets it
 

Answer:Malware dodged multiple scans

Welcome to Major Geeks!





ConsideringSmashingMyComp said:





Now I know you will probably all tell me to do a virus scan,Click to expand...

No we won't because it isn't a virus. It's junkware. We will point you to our malware cleaning process below and after we get your logs will be able to better determine what else needs to be done to remove the rest of any left overs. It is possible that your browsers may need to be reset to defaults.


Please read ALL of this message including the notes before doing anything.

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide

and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.
After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the prob... Read more

1 more replies
Relevance 48.79%

Everything was fine until about a week ago. Now whenever I try to do a quick scan with either MalwareBytes or Microsoft Security Essentials, the HD light comes on steadily and my system totally freezes. I can't stop it, even by pressing the power button - I have to manually unplug the power cord. I have downloaded nothing except Microsoft updates. What could be the problem and is there an easy fix (assume I'm not very computer savvy).
 

Answer:Freezing whee doing any malware scans

debodun said:





Everything was fine until about a week ago. Now whenever I try to do a quick scan with either MalwareBytes or Microsoft Security Essentials, the HD light comes on steadily and my system totally freezes. I can't stop it, even by pressing the power button - I have to manually unplug the power cord. I have downloaded nothing except Microsoft updates. What could be the problem and is there an easy fix (assume I'm not very computer savvy).Click to expand...

Do the 'read and run' dance man here. This often fixes things but I doubt that's your case. Seek the malware fighters assistance first.
 

5 more replies
Relevance 48.79%

I recently returned from a vacation, during which I connected to my hotel's wireless internet. Upon arrival back home, I noticed that my computer was running noticeably slower, and initially ran a scan using MalwareBytes (free edition). That scan did not find any threats. After a few more days, my computer was still running slowly (noticed through increased boot time, browser hanging, high pings in online games, etc) even though the other computer on my home network had no issues.

I then followed the steps here: http://malwaretips.com/blogs/malware-removal-guide-for-windows/. However, after the reboot after running AdwCleaner, my laptop no longer connects to the internet, I can no longer open MS Office, and my antivirus (BitDefender free edition) will not work. There may be other issues, but these are the ones I have noticed.

I would be very appreciative of any help you can offer!!
 

Answer:can't connect to internet after malware scans

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

7 more replies
Relevance 48.79%

Do conventional virus and malware scanners automatically scan an mSATA SSD device that is configured as a cache with the Lenovo-supplied ExpressCache software?  (Maybe this is not the best forum section for this question?) I have a relatively new W530 that was ordered with Windows 7 SP1 and a 16 GB solid-state cache drive that is enabled by a verified-working copy of ExpressCache (basic, not upgraded).  As you know, the SSD should not be formatted and does not show up as a recognized drive when running under ExpressCache.  Does anybody know whether malware scanners (e.g., MSE, MalwareBytes) effectively scan this memory (prehaps as part of system memory), or if it's a place that malware can hide indefinitely? One reason I'm concerned:  The last day or two my hard drive is working almost continuously (as indicated by the activity light on the front panel), enen though little or no CPU usage is showing up for any process listed under Task Manager/Processes.  I've completed full scans with MSE and MalwareBytes (free), but they don't find anything... -- JCW2













Solved!

Go to Solution.

Answer:SSD Cash Memory and Malware Scans

Why don't you try running TASKMGR, to see what processes are running and consuming CPU?
 
Also, I'd look at the Performance Monitor output of TASKMGR, to see exactly which processes are using disk, etc.?
 

9 more replies
Relevance 48.79%

Hello,

I hope you can help me with a possible malware/rootkit infection. Also, when running your XP cleaning programs, two infections were reported that I believe are false positives, and I would like to report them to the appropriate vendors. I submitted them to VirusTotal.com and both scored 0/35.

The computer is a Thinkpad T60p with XP SP2. In early June (I think June 2), Comodo Firewall reported dangerous behavior from a new program. I shut the program down, but I believe it may have partially (or completely) planted an infection before I did. However, I have not noticed any obvious malware-induced behavior, such as browser hijacking or loss of network connectivity.

I've run the MG cleanup procedure for XP and attached two zip files with all the logs. I also ran Gmer and included its log as well.

Thanks for your help,

Charles
 

Answer:Possible malware/rootkit; also possible fp's from cleanup scans

Welcome to Major Geeks!





CharlesG said:





Also, when running your XP cleaning programs, two infections were reported that I believe are false positives, and I would like to report them to the appropriate vendors.Click to expand...

Which two? I only saw one false positive from Malwarebytes which was the below:




C:\Program Files\Adobe\Acrobat 6.0\Acrobat\PDF417Encoder.dll (Trojan.Downloader) -> No action taken.Click to expand...


I do not see any obvious infections on your system. I do question what the below two files are:
Code:

"C:\WINDOWS\"
zork.dll Jul 7 2008 300544 "zork.dll"

C:\Documents and Settings\Linda\Local Settings\temp\
zsrch.$$$ Jul 25 2008 148 "zsrch.$$$"

The zsrch.$$$ file should just be deleted since it is in a temp folder anyway. Do you know what the zork.dll file is from?
 

19 more replies
Relevance 48.79%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:16:50 PM, on 2/27/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18372)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\Program Files\AVG\AVG8\avgcsrvx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\Google ... Read more

Answer:Scans don't turn up viruses or malware

Hello Caramello,Can you please tell me what problems you're having? I don't see anything malicious in that log. Thanks,tea

5 more replies
Relevance 48.79%

I've run my Win7 computer through a series of scans as directed in the Malware thread, but still have unresolved problems. I was directed by Tim W to post my continuing problems here. Administrators can read the history to date on my thread, Malware/ "Win7 crashes when Anti-Malware Run".

The original symptoms were increasing OS crashes, crashing whenever Malwarebytes was run, and it was not possible to Backup, Restore or access Safe mode via F8 on startup.

Now after the list of scanning procedures detailed in my thread listed above, I can sometimes access Safe Mode on restart and run Malwarebytes, but it crashes when RogueKiller is run.

Would an admin on this Software thread have any suggestions on the next steps to stabilize the OS?
Thanks
 

Answer:Win7 still crashes after Malware scans

Leofitz...

Posting a link to your malware board thread for other Software board posters to access the logs if required:

http://forums.majorgeeks.com/showthread.php?p=1901675#post1901675

Can you access your desktop in normal mode at all? If so, you can run sfc /scannow. To do so:

Start->Accessories->Right click on Command Prompt and select "Run as Administrator"->type sfc /scannow (space after sfc) and press enter

There is plenty else that can be done.
 

16 more replies
Relevance 48.38%

I am trying to remove all viruses on a family members computer. I have a feeling that the entire SysWOW64 folder is a virus. When I do a Full virus scan with either Malwarebytes or Microsoft Security Essentials, the path shown as the current location being scanned is C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\... and the scan stays in that folder for well over 20 hours.
 
I cannot enter that file location, either manually or forcefully with cmd. I get stuck at the systemprofile layer. I get an error message telling me that I do not have permission to enter that folder. I am on an Admin account.
 
you may refer to this post for possible information about this topic http://www.bleepingcomputer.com/forums/t/516838/virusmalware-scan-stuck-in-temp-internet-folder-for-10-hours/
 
Steps I have already taken
 
Installed and Ran a scan with spyhunter 4, this scan took 40 hours and scanned over 8million files. There was a detection of 900+ threats, but all were either adware or cookies. I took no action against them, as Quietman7 instructed me to uninstall spyhunter due to the program being untrustworthy.
 
I have used Malwarebytes and MSE to run quick and full scans. The quick scans take 3-5 minutes and dont find any viruses. The Full scans do pick up some trojans and they are located within the SysWOW64 folder. I have deleted them.
 
I followed Quietman7's suggestions for disk cleanup. I ... Read more

Answer:SysWOW64 virus / Virus scans take 20+ hours to complete

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/517570 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

66 more replies
Relevance 48.38%

My desktop computer contracted a virus, and it's unlike one I've ever dealt with. It seems to be affecting the computer in two ways:

1) When I use Internet Explorer and search Google for something and click on a link, it re-directs to a different website -- usually one about some sort of anti-virus software. It doesn't seem to be affecting Firefox at all, though. Searches and links are just fine there.

2) It prevents any currently installed anti-virus software from running a scan, or any new anti-virus software or anti-spyware software from installing. I had Norton installed, and when I tried to run a scan, it would look like it was running a scan, but nothing happened. I tried installing other anti-virus software (after un-installing Norton) and running anti-virus scans on the internet (like Trendmicro) and nothing worked. It either sat idle like Norton did, or it causes the computer to go to a blue screen and then shut down.

I've perused various forums for a solution, and most of the solutions involve running some sort of anti-virus or anti-spyware program, or programs like HijackThis, and none of these will run on my infected computer.

I also tried to restore the system back to factory settings, but it seems as though the system recovery partition doesn't exist, or has been disabled by the virus. I'm not exactly sure, because I just got the computer recently and I guess I never paid much attention as to whether or not there was a recovery partit... Read more

Answer:Virus Preventing Anti-Virus Software Scans

This sounds exactly like something that took down my work computer last week, all the same symptoms...ended up doing a clean install. Ugh!

Couldn't get anything mBAM or AVG to do anything....

...I am/was running XP...

I am *very* interested in any info anyone may have about this!

16 more replies
Relevance 48.38%

Yeah, my McAfee SecurityCenter and Webroot Spy Sweeper won't delete the items, The McAfee gets stuck on one file and won't move, and the spy sweeper locks up on quarantine and won't do it. And opening things is SLOW AS ANYTHING now..
Heelllp D:

Here's my HijackThis log, and the task manager likes to pop up again and again now.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:16 PM, on 4/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files... Read more

Answer:Solved: Help removing a virus, Virus-scans not working

16 more replies