Computer Support Forum

Trying to follow malware removal procedure, but malware is preventing me?

Question: Trying to follow malware removal procedure, but malware is preventing me?

Dell m1330 Vista home premium. I have malware isses, frequent memory dumps, google redirection and something is preventing me from running or installing anti-malware programs. I had to install malwarebytes using the rename method, but the program will not run in safe mode or normal. I had spybot previously installed but I was also prevented from opening, so I tried reinstalling, but before it can complete the installation I get the blue screen of death memory dump! Before reading the procedure I ran coolweb, kill2me, windows defender and windows malicious software tool. None of the programs found anything. I also perfomed a couple system restores, but both failed.

Should I continue with the cleaning procedure (combofix), or does anyone know how I can get malwarebytes and spybot to run?

Relevance 100%
Preferred Solution: Trying to follow malware removal procedure, but malware is preventing me?

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Trying to follow malware removal procedure, but malware is preventing me?

Here's my MGtools log, it was the only program that worked.

4 more replies
Relevance 99.63%

Hi. I am trying to diagnose a problematic laptop for a friend. I don't know the details of what happened to cause the problems. The main problem I can detect is that the laptop is EXTREMELY slow. It seems like anything I try has a delayed response (even a simple mouse click). I followed the Malware Removal Guide, but was only able to run two of the five suggested tools as follows:

1) SUPERAntiSpyware - I ran this after manually updating the definition files on the version already installed and the scan found nothing.

2) Malwarebytes Anti-Malware - I was not able to update the definition files for the current version installed. After several attempts to uninstall this (via the Control Panel), I was able to do it via CCleaner. However, I was not able to re-install a more recent version due to problems with the Windows Installer service. After uninstalling an outdated version of Java (Update 14) via the Control Panel, I have not been able to install/uninstall any more programs.

2) combofix.exe - not compatible with 64-bit OS

3) RootRepeal - did not run on 64-bit OS

4) MGtools - did run; kept getting errors, but continued to completion

Attached are the SUPERAntiSpyware and MGTools logs:
 

Answer:Possible Malware preventing me from running malware removal tools

I am not seeing any malware in those logs. I do not know why MalwareBytes would not run, are you able to run it in safe mode? How does the PC behave when you use safe mode?

More than likely I think I will be sending you off to the software forum.

We can do this:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:



O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsM... Read more

5 more replies
Relevance 93.48%

Hi,I have another laptop that seems to have gone all wonky.  It is a Toshiba Laptop that was originally for Vista but the company wanted it to run XP Professional so they rigged it for XP.  It has up to Service Pack 3 installed.I'm able to follow the removal steps up until SAS and Malware.  Both programs can be downloaded but they won't execute from the desktop.  I've even tried to rename Malware to just mbam and still didn't work.  I can't even seem to install Hijack this either.

Answer:Can't follow the Malware removal steps :(

HijackThis doesn't need installing - it should just run from the route of the main drive.Try putting in the C:\ directory then reboot and access safe mode (F8 on boot up). Try running what scans you can there. You most likely won't be able to install anything in safe mode though.

5 more replies
Relevance 93.48%

Good evening,

Earlier today I clicked on a website link after searching for lyrics to a particular song. Immediately, a large, full-page pop-up alerted me to the fact that I had some sort of infection and that my computer was at risk. No matter how many times I attempted to click the red X and remove the box, it just reappeared and prevented me from returning to the IE browser tab to close it. The warning box gave a phone number to call to get help with the situation.

At first, I thought that the message was from Microsoft and called the toll-free number. When some other company answered, I told them I did not want their help and hung up. I, instead, manually opened the Microsoft Security Essentials control box and started a full scan. At the end of the scan, I was told that the scan found no issues which surprised me since I thought that the warning box was still inhibiting my access to my IE browser.

Looking around in an attempt to find more information, I selected the MSE History tab and found two items previously quarantined. I selected them and removed them. Afterward, I was able to close the IE tab associated with the warning box by hovering over the IE icon in my taskbar, but I don't know if that timing was simply a coincidence since the quarantined items were not from today's scan.

I provided all of the information because I am not sure whether I need to do anything else, at this point. Everything appears to be back to normal, but I don�... Read more

More replies
Relevance 91.43%

Hi: I have something wrong with my Sony VAIO series F laptop. This runs a Windows 7. I noticed first that I had a problem using a "share screen" feature from the GoToMeeting application. The screen of the person showing the screen showed up as a transparent frame.Then, I noticed the next day that a computer game I play, "Kitchen Scramble" was acting slowly.  But until then everything else was normal so I thought maybe it was a problem with the graphics card or something.   The next day my whole computer seemed gummed up, working very slowly, and then hanging.  I was unable to even do a reset.  I just let it alone for a few hours and started up again. Now, I'm trying to follow your instructions, but it's nearly impossible. Sometimes my mouse won't move at all. Sometimes it moves, but when I click, it has not effect. Othertimes, after I click the thing that I want to happen, finally happens after about 5 minutes or so. Right now, I'm writing to you on my notebook. What do you suggest I do to save my laptop?Thanks!

Answer:computer hangs when trying to follow directions for malware removal

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. *************************************************************************You will need to start the computer in Safe Mode. Install MBAM and run it in Safe Mode. If it runs successfully, you can ... Read more

14 more replies
Relevance 91.43%

I can't follow Malware Removal Guide as everything I try says there is no disk space. Whatever had happened, it has appeared to hide or remove both MalwareBytes and SuperAntiSpyware. I try just removing a program and I get a "Disk is Full" error. Where do I even start, or is it just a matter of reformatting the whole thing?
 

Answer:I can't follow Malware Removal Guide as everything I try says there is no disk space

Re: I can't follow Malware Removal Guide as everything I try says there is no disk sp

And did you check your hard disk to see how much free space there is?
 

5 more replies
Relevance 90.2%

May I begin by saying I have made progress and been helped however indirectly by the posts here on your fine forum. I respect and appreciate your help in solving my and other users' problems. Thank you very much!

I am in Kenya and have been trying to solve some of the malware problems at a computer lab at a college. Much of the software has been corrupted or infected with whatever and I am beginning by working on this machine. After reinstalling a copy of windows given to me by the school, I have noticed that the task manager and regedit have been "disabled by administrator".

I have followed the full process listed at the Windows XP Cleaning Procedure topic and have also tried to use Spybot to no avail and have used Ad-Aware to some minor success.

After renaming a copy of regedit.exe I was able to gain partial access to the task manager - that is, it closes right after it opens - and regedit.exe - same problem.

I have run all of the malware detection and deletion programs multiple times and keep getting detected problems, which I (theoretically) delete, to find that more are to come next time I run SAS or Ad-Aware or Malwarebytes. I have posted the logs requested plus the log of Ad-Aware, AVP, and exehelper in an attempt to find some benevolent soul on majorgeeks to help.

I will try to answer back in a timely manner, but I may not be able to due to network outages that happen here every other day. Sorry about that, you can't ask much for rur... Read more

Answer:Malware problem after removal procedure - Win XP SP1

And the other logs I did not include:

Thank you once more!
 

4 more replies
Relevance 90.2%

Hello,

I have Windows 7 on my HP laptop. One or two times every week Windows freeze completely, and I have to reboot my laptop by pressing power button.

I have run Malware Removal/Cleaning Procedure. SuperaAntiSpyware detected and removed Trojan and Browser Hihacker Tubby. I rerun SAS and it shows, that everything was clean.

This is my two logs.
 

Answer:Malware Removal/Cleaning Procedure

I have run Malware Removal/Cleaning Procedure. SuperaAntiSpyware detected and removed Trojan and Browser Hihacker Tubby. I rerun SAS and it shows, that everything was clean.Click to expand...

Would still like to see the logs from those if you don't mind. Thanks.
 

29 more replies
Relevance 89.38%

*i had some problems with my avira antivirus interfering with the first scans directed by the MG malware removal procedure. i had disabled all the avira measures including firewall, but the next time i checked they were all enabled again; i noticed it when doing the malwarebytes removal, and it wanted to remove registry things but avira stopped it. only after this did i uninstall avira, and then i ran malware bytes again (i only remembered after i reran it i did that the instructions say not to repeat steps), but this time no detections were found. so even though i thought i had disabled the antivirus, it may have been active up until after the malwarebytes scan step, ie during the roguekiller and malwarebytes scans
**i am missing the txt logs of the mbytes scans and only have the xmls, could not upload them, i am not sure where they went but i did search for them

So here are my logs, i followed all the instructions. The problems i am having are 1) very intrusive adware is in my chrome browser on search engine results pages (google/yahoo) and also on ebay. at one point my chrome browser was prevented from installing an adblock extension, and after speaking to some techs i believe it was the malware causing a problem, though i have been able to install it since.

i also had trouble copying files to a usb flash drive. files copied to the drive from my computer were inaccessible, and the folder and file icons were replaced with blank ones, and all files and folders were the sa... Read more

Answer:i did the malware removal procedure need help, have logs and info

Rerun Hitman and have it remove all it finds.

Now do this to reset Chrome:

Reset Chrome to Defaults

Reboot and rescan with Hitman and attach the new log. Tell me how things are running.
 

9 more replies
Relevance 89.38%

Greetings from England!

I have a problem with my P.C in that sometimes It begins to just start acting as though it is loading something, however I have not instructed it to do so, and on the face of it, nothing actually seems to be happening apart from a huge slowing down of the entire system. For instance, I can be searching the web and my hard drive will begin to act as though it is loading up a programme in the back ground, and at its worst, can take up to ten minutes to sort itself out!!

Also, on average, from surfing the web for five minutes, I can have 5 different pop ups appear!!

I followed the README procedure and it seemed to get rid of alot of crap, however the problems still persist. I have attached my logs as requested.

Many thanks in advance!!:wave
 

Answer:Malware removal procedure followed..However problems persist:(

and the last attachment
 

4 more replies
Relevance 89.38%

I see that this is a somewhat common problem on the forums here. I ran the programs in the Windows 7 Malware Removal/Cleaning procedures and still have my Firefox address bar hijacked by searchqu. Before finding your forums I tried on my own with CCleaner and Spybot Search and Destroy. I know enough to be dangerous on a pc and that is about it. I can follow directions though and would appreciate any help. I have enclosed the logs from the Windows 7 Malware Removal/Cleaning procedures.
 

Answer:searchqu still around after Malware Removal/Cleaning Procedure

Here are the other 3 logs that were on the forum section sticky
 

8 more replies
Relevance 89.38%

Hi!

I hope you can help me, I completed the cleaning process but I am still having some problems.

Friday September 7, 2012 I was watching a movie on Netflix in full screen mode when the screen minimized and I saw that my Norton Anti virus icon had a red x on it.

I clicked on the icon and it said my virus and spyware definitions are not up to date, and that my computer was at risk. I ran an update, and it said the problem was not fixed. I clicked on the support icon expecting to be taken to the Symantec website for support, but an error window came up saying this was not a trusted site. I have copied and pasted the error message here:

The site's security certificate has expired!
You attempted to reach www-secure.symantec.com, but the server presented an expired certificate. No information is available to indicate whether that certificate has been compromised since its expiration. This means Google Chrome cannot guarantee that you are communicating with www-secure.symantec.com and not an attacker. Your computer's clock is currently set to Monday, December 10, 2012 11:15:42 AM. Does that look right? If not, you should correct the error and refresh this page.
You should not proceed, especially if you have never seen this warning before for this site.

The date is September 10th not December 10th as stated above!

I did not proceed, but instead got a support number from Symantec by a Google search and called them. After 90 minutes of remote access to... Read more

Answer:Windows XP Malware Removal/Cleaning Procedure

Welcome to Major Geeks!



MizVic said:





The site's security certificate has expired!
You attempted to reach www-secure.symantec.com, but the server presented an expired certificate. No information is available to indicate whether that certificate has been compromised since its expiration. This means Google Chrome cannot guarantee that you are communicating with www-secure.symantec.com and not an attacker. Your computer's clock is currently set to Monday, December 10, 2012 11:15:42 AM. Does that look right? If not, you should correct the error and refresh this page.
You should not proceed, especially if you have never seen this warning before for this site.

The date is September 10th not December 10th as stated above!Click to expand...

It may be September 10th, but your computer clock is set to Dec 10th which is why you got that message. You logs all show you clock to be set to Dec 10th. Fix your clock and then see what happens.
 

8 more replies
Relevance 88.56%

I was hearing ads play in the background of my computer.. even when nothing was open. I tried several other things before I came across this site. I followed all of the steps that were given and ran all of the programs that I was asked to download one at a time. I really hope that this solves my problem.

I do have one question though. When I ran hitman, it found 6 threats.. I ignored them as requested. Is someone going to let me know what needs to be deleted out of there?

I appreciate the help.
 

Answer:attatching log files from MG Malware Removal/Cleaning Procedure

Hello A.R.Cloud,

- Rescan with HitmanPro and allow HitmanPro to repair all the items it found. The repairs should require a reboot. Go ahead and reboot and then attach a NEW HitmanPro scan log when finished.
 

1 more replies
Relevance 88.56%

I had the FBI virus and it was deleted or disabled by a friend.

Now however, I have an "Encryption" virus that is encrypting some of my files and telling me to download a fix. I have not done this of course.

Also, before I started your procedure, I tried to run Restore but found that all restore points were deleted except for the current day.

I have followed all of the steps and instructions on your Windows XP Malware Removal/Cleaning Procedure.

My logs are attached
 

Answer:Logs from Windows XP Malware Removal/Cleaning Procedure

Can you attach the log from running Hitman please?

By the way, I cannot open your MGlogs.zip, it appears to be corrupted.
Can you run MGTools.exe again and attach the new log please?
 

18 more replies
Relevance 88.56%

I keep hearing random ads in the background even when nothing is open on my computer. I tried Vista & Windows 7 Malware Removal/cleaning Procedure and followed every step but I keep having the same problem.

I have these attachements below.

RKreport[1].txt from RogueKiller
Malwarebytes' Anti-Malware log
HitmanPro
MGlogs.zip - normally it is C:\MGlogs.zip


Please help. Thanks.
 

Answer:Audio Ads Virus - tried Malware removal/cleaning procedure

Welcome to MajorGeeks, jinejlee

I want you to read and follow these instructions: TDSSKiller - How to run
Please download aswMBR to your desktop.

Double-click aswMBR.exe to run (Vista/7 right-click and select Run as Administrator)
Select Yes when asked "Would you like to download latest Avast! virus definitions?"
Click the [Scan] button.
On completion of the scan click [Save log], save it to your desktop and attach this log to your next message. (How to attach)

Let me know if you are still experiencing the same problems after completing the above steps.
 

7 more replies
Relevance 88.56%

Hello all, let me thank you in advance for your time on this.
I am working on my mother's computer (Aspire 6gig ram, 1T HD, Pentium)
She has been unable to access her email for a while now, and I took an initial run at the issue with HighjackThis. (I'll attach the logs)
HJT recommended a series of fixes, which I checked, only to find that they didn't go away.
I then turned to this faithful site.
I have run the Vista, Win 7 and Win 8 Malware Removal/Cleaning Procedure.
Attached are those logs.
As always, all advice and attention is greatly appreciated.
Thanks.
-Dave.
 

Answer:Working through Vista, Win 7 and Win 8 Malware Removal/Cleaning Procedure

Added the log files.
Thanks.
-Dave.
 

2 more replies
Relevance 87.74%

I've followed the Prep Guide but have been unable to get DDS to run despite repeated attempts. I've also tried to run Root Repeal several times without success. I then downloaded RSIT. Here's the log file:
"Logfile of random's system information tool 1.06 (written by random/random)
Run by GREG GOODFELLOW at 2010-01-04 15:32:45
Microsoft Windows XP Professional Service Pack 3
System drive C: has 52 GB (34%) free of 153 GB
Total RAM: 1015 MB (28% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\OGADaily.job
C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\... Read more

Answer:Infection Preventing Malware Removal Tools from Running

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

15 more replies
Relevance 87.33%

Hello my log files, sending, according to your instructions.
I appreciate your comments.
Thank you.
 

Answer:Vista & Windows 7 Malware Removal/Cleaning Procedure - My Logs

Welcome to Major Geeks!

Please attach the logs from the below scans which were also requested:

Hitman Pro
TDSSkiller
MGtools
 

3 more replies
Relevance 87.33%

Hi, reading this forum has been so helpful and I wanted some advice on getting rid of malware. Two nights ago I got the ctfmona.exe trojan (bugs on the screen/blue desktop/dialog box saying I was infected). I ran a Norton scan which found it and partially removed it than had me manually delete it from the registry. I then I followed the instructions on http://forums.majorgeeks.com/showthread.php?t=35407 and http://forums.majorgeeks.com/showthread.php?t=139313. My computer seems to be working fine, but I'm just really worried there is a key logger hiding somewhere. Other websites have talked about needing to reformat you computer and still not knowing for sure if you've gotten rid of it. I was just wondering if there is any way to know for sure if I'm in the clear? I'm attaching my logs. This may not be important but I thought I should also mention I went through the whole process once and realized I hadn't deleted all old forms of Java so I did deleted them and went through the 5 scans again. For this reason virtually all the scans were clear this second time, when the first they had indeed found malware. Thanks in advance for the help.
 

Answer:Ran malware removal procedure but still question about key loggers (logs included)

Re: Ran malware removal procedure but still question about key loggers (logs included

last log
 

5 more replies
Relevance 79.95%

Hello
 
I recently did a fresh install of Windows 7 on my PC. I guess I forgot to install any AV until I was prompted to by Windows Update, which if I remember correctly, did install OK originally. Normally I would have installed AVG and MB, but I've had quite a few PC problems recently and so was a little haphazard, I can't remember whether I actually got MB installed prior to these problems or after. Anyhow, recently I started up my PC and upon starting got a message that MSE couldn't start because of error occurring during initialization, Error 0x80073b01.
 
I found a similar topic here and have run a few of the programs, most optimistically Hitman Pro, which found a couple trojans and malware items and deleted them. But I still have this issue with MSE that it can't load, can't be reinstalled and can't be uninstalled.
 
Other symptoms: Malware Bytes icon on my desktop went from being their logo to a generic .lnk/shortcut image and wouldn't load. I managed to reinstall it after using safe mode and using mbam clean to get rid of the mbamext.dll that wouldn't delete normally. I now have MBAM on my desktop and I can run it, but it won't get the latest updates (it appears to download them, but then says the db is missing or corrupt) and it won't let me do a scan.
 
I have been trying to copy some files to an external HD, but the ones with Security in their name can't be moved.
 
It seems like something is definitely running in the background ... Read more

Answer:Malware preventing MSE and Malware Bytes running?

Try running in Safe Mode and doing a full system scan with your antivirus.  You could also try a System Restore.  

2 more replies
Relevance 78.72%

I'm helping a friend with a computer that got infected when she opened an email attachment. I've used your tools many times before, but this is a tough one. The screens that pop up show "Virus Protector." I have your tools on a flash drive, but I cannot access them. Even in Safe Mode the pop-ups are fast and furious, and I cannot get to Start or anything else. Task Manager is also disabled, so I can't use it to stop processes and perhaps get past the pop-up windows.

Where should I begin? Thanks in advance for your help.
 

Answer:"Virus Protector" is preventing malware removal

If you can't access anything ( start menu / run / task manager / command prompt / cd drive ) in either normal or safe mode, there isn't much we can do to help you. All we can suggest is this:





[*]Take the hard disk out and scan it in another well protected PC
[*]Use another PC to make a special CD which you can boot from to try and run virus and spyware scans or to at least backup data. CDs like the below:

http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html
UBCD4Win
http://www.sysresccd.org/Main_Page
http://trinityhome.org/Home/index.php?wpid=1&front_id=12
[*]reinstall
Click to expand...


 

3 more replies
Relevance 72.98%

Hi,

I am the IT manager in my company.

I have a co-worker, his computer has search redirect issue. That means most likely it has malware.
Then i installed some major malware removal: Spybot Search & Destroy, SUPERAntiSpyware, Malwarebytes

After i installed them, i cannot launch them(That definitely means it has some kind of malwares)
I needed to rename their .exe files, after i can run them and scan my computer.

SUPERAntiSpyware, Malwarebytes found something, but didn't solve the problem, search redirect and
blocking malware removal software are still there. Now i am running Spybot Search & Destroy will see what happened.

By the way, i run them in safe mode because when i logon window to normal mode, it is slow (like it takes a long time to explore hard drive, etc). I suspect the malware slow down my pc. hopefully not registry corrupted or something, but works smoothly in safe mode.

So you guys have any suggestions? or you need a log file from combofix?

Please advise,
Tommy

Answer:malware: google yahoo redirect and can't launch malware removal software

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

5 more replies
Relevance 72.98%

I have scanned with AVG with the latest updates. On top of that insidious google redirect I get random pop ups even when I don't already have IE or Firefox running. Also getting sounds in the background like I'm clicking on a link, surfing the net when I'm not. And SYSTEM in task manager is hogging a ton of memory.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:52:42 PM, on 8/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeC:\... Read more

Answer:persistent malware undetected by virus scans and malware removal tools

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

2 more replies
Relevance 72.57%

I did a hijackthis scan and here's what I got:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:18:17 PM, on 4/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\WINDOWS\System32\00THotkey.exeC:\WINDOWS\system32\TFNF5.exeC:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynT... Read more

Answer:Malware Blocking Acess to Spybot, Microsoft Malicious Removal Tool and other anti-malware programs

Hey guys I solved my own problem. I completely reinstalled windows. (It was about that time anyway)

2 more replies
Relevance 72.57%

Please help me,
I cannot access any internet (wifi & ethernet) after malware removal using GridinSoft Anti Malware. I already updated network drivers, but it's still not working.
 

More replies
Relevance 72.57%

I was surfing the web today and I believe I clicked on a pop up by mistake when I shouldn't have. Avira then blew up with Malware alerts and I knew I had a problem...

I did a virus scan and it removed the detections found but when I did a restart they were back again. Also, the virus seems to move itself around to other .exe files. I found it had infected moviemaker.exe so I manually deleted the file as I don't need it but as soon as I emptied my recycle bin the moviemaker.exe file returned back to its original folder.

I'm afraid something really nasty has infected me. Avira is detecting it as a W32/Infector.Gen2 and Maleware Bytes is detecting 2 Malware.Packer.Gen files.

I went through the Read Me First steps on this site and preformed everything it asked. However, I was unable to uninstall my previous JAVA (ver 19) and was not able to install the newest version of JAVA. Both gave me errors that the installation program wasn't working.

I'm attaching the logs here. Can anyone help me get rid of whatever is infecting my machine? I would really appreciate the help!
 

Answer:HELP-Requested Malware Removal (Infector.Gen2 / Malware Pacger Gen)

Here is the 5th log.
 

6 more replies
Relevance 72.57%

Hi, I'm suddenly having a lot of trouble with malware. My computer seemed to be running okay but I ran Malwarebytes as I occasionally do, and it picked up a fair amount of malware on my system. I deleted it and rebooted, but that's when my problems really began. Upon restarting, my internet connection has become almost unusable. It's extremely slow and generally I can't even open a page that I want after trying to refresh several times. Oddly though, google is working perfectly and a few other sites seem to work too, including this one. I've tried running MBAM again and again, each time it picks up more malware and I remove it, then reboot and the cycle renews. I can't seem to get rid of all of it, every time I scan my system there's just more of it. I've tried ComboFix but it doesn't seem to have done anything. One persistent thing seems to be photo_id.exe, I've got a few messages from MBAM saying it can't be removed and I need to reboot. Also, I've noticed that if I'm trying to reach a webpage, although it won't load there seems to be some redirecting, for example I just tried to reach a wikipedia page and it says &quot;The server at topsearchfeed.com is taking too long to respond&quot; For some reason I can't bloody format this properly no matter how hard I try, so here's an attached HJT log:
 

Answer:Malware removal attempt led to unusable internet, still can't remove all malware

problem has become more serious, now my mother has told me that the internet on her laptop is also extremely slow and essentially unusable, I'm worried that something from my computer has got on to hers via the wireless network we're both connected to. Somebody please help me
 

2 more replies
Relevance 72.57%

Gud day to everyone,

My computer having some malware activity, i have used adware 2008, spyware removal tool, norton anti-virus and other removal tool, but still those malware cannot be deleted.. My Computer icon could not display its properties, instead it appears like a file when you see its properties. It also disabled TCP/IP that why until now i cannot connect to the internet.. I don't have WindowsXP SP2 cd for repair..

Please help me as soon as possible, because it is a server..

Answer:Urgent! My XP SP2 have malware activity!.. cannot remove using malware removal tool

Hello frozenfire03, Welcome to TSF!

I recommend that you read this article… "Having problems with spyware and pop-ups? - First Steps"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.

When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Good Luck with it.

Kind Regards,

7 more replies
Relevance 71.75%

Please find attached the logs from the scans in the Windows XP Cleaning Procedures. I followed the Cleaning Procedures but still have a problem. The problems can be pinpointed to yesterday when I surfed to a web site without having an up-to-date Anti-Virus definition files. Before I knew it, I had an infected machine.
There seems to be 2 problems.

(1) After restarting the computer, Windows File Protection gives following message.

Windows File Protection
Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. Insert your Windows XP Profession CD2 now.

I have Dell OEM Windows XP Media Center 2005 installed on my Dell Dimension 5150/E510. Problem is, Dell has a Windows XP re-installation CD but Dell states there is no 'CD2'.

(2) I keep getting pop ups every time Internet Explorer is open. The pop ups occur on their own.

Hopeful you can help me to fix the problem. :confused
Thanks,
Ankur

p.s. Please note, the AVG Anti-spyware log is not attached because it was not generated by the tool. I scanned my computer using Trend Micro (after updating virus definition files) and I can provide the logs if you need.
 

Answer:Malware problem not fixed with Malware Removal instructions

Welcome to Major Geeks!

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
Java 2 Runtime Environment, SE v1.4.2_03

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F3 - REG:win.ini: load=C:\WINDOWS\system32\mlljg.exe
O2 - BHO: (no name) - {3F7BDD0B-0462-4F19-8B87-54D83601B87C} - C:\WINDOWS\system32\mlljg.dll
O2 - BHO: (no name) - {B8AFD866-6B8B-490E-DA2E-39E671810F96} - C:\WINDOWS\system32\mknamps.dll (file missing)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime

After clicking Fix, exit HJT.


Now download The Avenger by Swandog46, and save it to your Desktop.

Extract avenger.exe from the Zip file and save it to your desktop
Run avenger.exe by double-clicking on it.
Check the 'Input script manually' box.
Click on the magnifying glass icon.
Copy everything in the Quote box below, and paste it in the box that opens:




Files to delete:
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\mlljg.exe
C:\WINDOWS\system3... Read more

9 more replies
Relevance 71.75%

Had a machine in riddle with viruses which we duly cleaned up and removed without incident. Uninstalled the applications one at a time, restarting each time it was required and all was good.

After removing the last app (dont ask me which one it was I cant rememebr) the machine no longer starts.

It's boot cycling but once we disable automatic restart on system failure it brings up a STOP 24 error.

Have booted to puppy linux and examined the hard drive (which is SATA btw) and the data seems intact so we can assume, physically at least, that the drive is good.

Booting to an XP CD and attempting to access the recovery console to run chkdsk /r and it appears the drive is either not detected or is empty (the latter we know not to be the case)

Boot to an X CD to attempt a repair install and it tells me there is no hard drive present.

Check the BIOS and the drive is detected properly. swap the hard drive for a SATA CD and it detects the CD without issue which makes me thing the SATA controller must be functioning too.

Now it seems that the this single disk system has some kind of RAID configured on it according to the boot screens. My next step would be to remove the RAID but I'm concerned it might format the drive. Is this likely? It has an ASUS A8R-MX/S motherboard but the info I get from their site is a little vague.

Am I on the right track with the RAID thing or way off base, help me folks its driving me nuts.
 

More replies
Relevance 71.75%

Four steps that will keep your PC happy, healthy, and crap-free

Malware sucks. In the best-case scenario, it craps up your system with unwanted files and occasionally makes itself known in the form of a persistent pop-up window or annoying browser-based toolbar. In the worst-case scenario, malware completely takes over your desktop or laptop and ruins your life.

Your system slows to a crawl. You can’t even boot into Windows in the time it takes you to walk to the kitchen and back. Your data gets sent off to a faraway Internet land or, worse, your actual keystrokes are recorded for some unsavory individual to see. Malware locks down your browser, making you unable to actually do any browsing without being carted off to some bogus domain. You can barely run a program in Windows without getting bombarded by fake advertisements, programs, and dancing people on your desktop.

We can’t make this stuff up.

So what’s a computer enthusiast to do? Step zero: Read this guide, because we’re going to walk you through all the key details you need to know to both rid your computer of this junk and keep it free of downloaded nasties forevermore.



Read more at:
Maximum PC | Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Answer:Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Most excellent reading, thanks for posting for all to see, I , myself, use most all of these myself, the only paid program i have is malwarebytes, the rest are free add ons or are free programs . Thanks.

5 more replies
Relevance 71.75%

Hi, i got infected because i was triying to run malwarebytes and it skip the part of analising the files, it ended in arount 1 minute in a full scan, and i tried to download dr web cure it, and it dont allow me, the computer seems fine, but those things are very strange, and when i was running the scan i was in safe mode...
 
thanks for the help

Answer:Malware infected, malware removal tools useless

Greetings samidelcueva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

0 more replies
Relevance 71.34%

When I had trouble reading a PDF file, I tried downloading the latest version of Adobe Reader, and standard Google searches led me to a site with an installation package for something called Adobe Reader X 10.1.6. When I tried installing it, though, it just put out a "this is not a valid patch file" error message. I'd originally gotten this package using Chrome, but I got the same result using IE. When I tried to find an older version of Adobe Reader, though, I found a site with "old" versions that included XI 11.0.2! That version installed with no problems and seemed to work correctly. When I tried to uninstall the X 10.2.6 version, though, it just put out the "this is not a valid patch file" error message. I couldn't find anything by the name Adobe Reader X with disk searches, and my attempt to delete it started some disk activity that DIDN'T STOP when I tried to shut my computer down, so I had to forcibly power down. I used my Vista Repair Disk to try to restore my system, and neither the AVG 2013.0.3272 nor Clamwin 0.97.6 free virus-detection tools found any problems, but I still wasn't able to uninstall Adobe Reader X 10.1.6.

When I tried to follow suggestions on the TSG webpage, I found that I couldn't boot my system in safe mode -- the F8 key doesn't seem to do anything, even when I tried a never-used keyboard I had.

When I tried following the "Everyone MUST read this BEFORE posting for help in this for... Read more

Answer:Probable malware; impossible to follow directions

As a postscript, I used my Neosmart Technologies Vista repair disk again, then tried following the "Everyone MUST read this BEFORE posting for help in this forum" instructions again, but GMER still didn't work. The main differences in the other files seemed to arise because I was running Chrome the first time but not the second. Here are the diff files produced using Cygwin:

For hijackthis.log:

2c2
< Scan saved at 2:07:11 AM, on 4/7/2013
---
> Scan saved at 6:29:06 AM, on 4/7/2013
12a13
> C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
16,17d16
< C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
< C:\Program Files\Windows Media Player\wmpnscfg.exe
24a24
> C:\Program Files\Windows Media Player\wmpnscfg.exe
28,49d27
< C:\Program Files\Google\Chrome\Application\chrome.exe
< C:\Program Files\Google\Chrome\Application\chrome.exe
< C:\Program Files\Google\Chrome\Application\chrome.exe
< C:\Program Files\Google\Chrome\Application\chrome.exe
< C:\Program Files\Google\Chrome\Application\chrome.exe
< C:\Program Files\Google\Chrome\Application\chrome.exe
< C:\Program Files\Google\Chrome\Application\chrome.exe
< C:\Program Files\Google\Chrome\Application\chrome.exe
< C:\Program Files\Google\Chrome\Application\chrome.exe
< C:\Program Files\Google\Chrome\Application\chrome.exe
< C:\Program Files\Google\Chrome\Application\chrome.exe
< C:\Program Files\Google\Chrome\Application\chrome.exe
< C:\Program Files... Read more

2 more replies
Relevance 71.34%

I got assistance in the malware forum and cleaned my pc from some suspicious items. I'm still starting up very slow, maybe slower than even before, and still some freezing, particularly when playing youtube or music. The tech suggested I move over to this forum. Can you suggest what I should do next? Your help is appreciated.
 

Answer:Slow at startup - follow up from malware forum

1. What version of windows are you running?
2. How full is your hard drive?
3. How much RAM in the computer?
4. Are you up to date with windows?
5. What av, firewall, anti-malware programs are you running?
 

7 more replies
Relevance 71.34%

I appreciate the guys and gals who help others. I got some nasty virus/malware from something I dl. I have read everything. (I understand its annoying when someone comes in and posts questions without reading) this virus/malware diesnt allow me to run certain programs like spybot etc, and when i try to run gmer it simply copies the application, and doesnt allow me to see or dl the exe file. Thanks in advance for your help.

Answer:the malware virus doent allow me to follow first steps

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so.


Let's see if you can get this tool to run - please follow the instructions carefully.


Please download ComboFix from here - - > http://download.bleepingcomputer.com/sUBs/ComboFix.exe

**Note: It is important that it is saved directly to your desktop**

Referring to the images below



When saving the file, you must rename the file as Combo-Fix.exe



1. Close any open browsers and physically disconnect from the Internet.

2. You MUST disable your Ant... Read more

1 more replies
Relevance 70.52%

Hi all, 
 
Recently on Chrome browsing on a site a received a web site popup saying "Your browser contains MALWARE. You have to install Chrome Malware Removal Tool". Confirming with OK opens an extension page:
 
https://chrome.google.com/webstore/detail/chrome-malware-removal-to/mbdoonnjlifcmakklcaembokjhjikank
 
I have a strong suspect this is a malware!!!
 
What I'm trying to understand if what kind of malware infected the web site I visited. Some technical specs could be useful . The web site is of a my friend and I'd like to help them to identify the malware infected their web site...
 
 

More replies
Relevance 70.52%

Have got a strange one, where have attempted to remove XP antispyware 2009 using malware antimalwarebytes. Looks to have been partly successful - but have got something else interfering. Frequently have pages on IE as "not found".

Have posted HJThis log and Malware Antimalwarebytes log below. Thanks for any assistance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:58, on 08/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdjserv.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologi... Read more

Answer:Malware - blocking removal by malware antimalwarebytes

16 more replies
Relevance 70.52%

Hi. Thanks for this. I need to first tell you that I don't even know how to generate the logs everyone posts here for troubleshooting. I'm sorry. Maybe someone could tell me how, then I will.

Because my laptop wouldn't even boot to the O/S last week, DELL's tech support helped me move files, reformat and reinstall the OS. I reinstalled McAfee. A security tool warning popped up. I knew it was rogue; I came here and got rid of using mbam and process explorer - very easy. Or I thought I did. On my daughter's desktop this morning, there were 3 porn shortcut links ON HER DESKTOP!!!! There was also a link to "Active Security" - trying to figure out wtf this was it turns out it was another rogue. Awesome. It at least had an uninstall on Add/Remove programs... but obviously it is not gone, if that is even the cause of all this... Thinking MBAM would be a logical quick fix, I figured I would try that. My Mbam won't load - I have reinstalled and it - it reinstalls and then when I try to quicksccan it says I don't have permissions and then I can't even open it again. I can reinstall, then it is hijacked when I try to scan. My McAfee won't scan either so both are being hijacked and I also am having the same browser redirects as others when clicking on sites from search results. McAfee can't even fix itself. In safemode, McAfee tells me the truth at least that it is not working (in regular mode it poses like everything is... Read more

Answer:Ugh - Malware Removal Tools Disbled by Malware

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Relevance 70.52%

Hiya

Im running XP, avg detected trojans, the first one it got rid of, the second one Generic13.ATHP it could only remove it partially, apparently located in in c:\windows\system32\svchost.exe

Started the Malware Removal Process as recommended, SuperAntiSpyware wouldnt install, so I changed the filename, and it has installed but when I attempt to run it I get an error message -

SUPERAntiSpyware Free Edition has encountered a problem and needs to close. We are sorry for the inconvenience

The same happens with any other malware/spyware removal program, Spybot S&D, Malwarebytes etc...

Is there anything I can do to fix this?

Thankyou!
 

Answer:malware halps/malware removal not running

Hi again,

also tried doing this (as seen in another thread)

Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

* Scroll down to ?Non-plug and Play Drivers? and click the plus icon to open those drivers.
* Then search for TDSSserv.sys
* Let me know if you find this or not.
* If you do find it, right click on it, and select Disable. Do not try to uninstall it.
* Also if this is found and you disable it, then reboot and see if you can run the cleaning procedure and attach the requested logs.


but the device mentioned is not present (although there are a few that have error "!" things next to them, but 30 or so others.

:confused have no idea if any of this will help you lovely helper person, but i guess im just trying...
 

2 more replies
Relevance 70.52%

About a week ago, I noticed that when running Internet Explorer www.google.com that clicking on a website would take me to an add instead of the website. If I clicked back and clicked on the website again, it would correctly go to the website.

A day or two before noticing this issue I had upgraded to AVG 8.0 Free and had installed the latest Firefox version.

I am running a Windows XP Professional SP2, Intel Pentium 2.8 GHz.

I ran the instructions at forums.majorgeeks.com/showthread.php?t=35407 and am still experiencing the same issue as described above.

Any help would be greatly appreciated! This is the first forum I've ever posted to so be patient!

Thanks,
Deb
 

Answer:Malware - Exists after running MalWare Removal

This is the last of the Malware log files.

Thanks again!
Deb
 

2 more replies
Relevance 70.11%
Question: Preventing Malware

I am not sure the best place to post this. I am trying to find a secure method of moving files from home to office. Our office has a rule stating that you should not bring a thumb drive into the office from home without going through IT. This is to prevent infecting the work network. IT can run a Symantec scan on the USB device but is still not in favor of using the USB due to what might not be caught on a scan.

Any ideas of methods that IT might be willing to implement that allows the convenience of USB drives and the security that IT needs. I am in the position of greatly influencing this research if I had a direction to suggest. Of course IT would be researching in order to feel confortable. Thanks in advance. If there is a better forum for this question please advise.
 

Answer:Preventing Malware

There is not a lot that you can do to insure that any USB device is clean without running scans on them. Your IT department would have to insist that all employees install programs such as AutoEater on their home computers and scan them with something like USB Vaccine. But that would require faith that all employees took these measures.
 

2 more replies
Relevance 70.11%

My apologies that this is basically a duplicate post, but I've simplified it and given it a more descriptive title.

When I had trouble reading a PDF file, I tried downloading the latest version of Adobe Reader, and standard Google searches led me to a site with an installation package for something called Adobe Reader X 10.1.6. When I tried installing it, though, it just put out a "this is not a valid patch file" error message. I'd originally gotten this package using Chrome, but I got the same result using IE. When I tried to find an older version of Adobe Reader, though, I found a site with "old" versions that included version XI 11.0.2! That version installed with no problems and seemed to work correctly. When I tried to uninstall the X 10.2.6 version, though, it just put out the "this is not a valid patch file" error message. I couldn't find anything by the name Adobe Reader X with disk searches, and my attempt to delete it started some disk activity that DIDN'T STOP when I tried to shut my computer down, so I had to forcibly power down. I used my Neosmart Technologies Vista Repair Disk to try to restore my system, and neither the AVG 2013.0.3272 nor Clamwin 0.97.6 free virus-detection tools found any problems, but I still wasn't able to uninstall Adobe Reader X 10.1.6.

When I tried to follow suggestions on the TSG webpage, I found that I couldn't boot my system in safe mode -- the F8 key doesn't seem to d... Read more

Answer:Adobe Reader/Vista/IE malware? -- Impossible to follow instructions

13 more replies
Relevance 69.7%

I ran your most excellent Read Me tutorial on malware/virus removal and want to attach the logs below as instructed. Still to come: SAS txt file and Malwarebytes log in next text, providing I can find them!

Thanks,
Cal
 

Answer:Malware - Ran the Read Me Procedure

LOgs for SAS:

C:\Documents and Settings\cgoldsmith\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs <--- found here.

Logs for MBAM:

C:\Documents and Settings\cgoldsmith\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs<--- found here. Attach the most recent, log showing what it removed.
 

10 more replies
Relevance 69.29%

Hello,

It seems that my computer as been infected by a nasty virus/malware since yesterday. I have tried to eradicate it with ComboFix but it keeps resuming its activities.

The initial symptoms was no access to Web in Chrome: Error 102 (net::ERR_CONNECTION_REFUSED): Unknown error

However I had web access via IE and Firefox.

Also HTML content was not anymore displayed in Outlook (images displaying red cross).

Then I could not install any new software, seems like the access to Registry was blocked somehow.

I managed to install MBAM but it won't update it's 68 days old signature file.

Even to start the GMER I had to go back to safe mode because it would not start.

Below are the following logs:
1. The last instance of ComboFix (Sorry I did not know about this website and the rules when I ran ComboFix, so I thought I would post the log for info)
2. The defogger log
3. The HIJACK THIS log
4. The DDS log (plus the Attach)
5. The GMER log (I had to run it in safe mode because in normal mode I have the error: LoadDriver ("C:\Document and Settings\Alex\Locals~1\Temp\kwlorpod.sys" ) error 0xC0000034: The system cannot find the file specified.

Thanks in advance for your help.

Alex

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:57:15, on 26/02/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\... Read more

More replies
Relevance 69.29%

Seems I have a nasty virus/malware which is preventing just about everything I try to do to exterminate it, even in safe mode. Progress has been made, but it has been extremely slow and has hit a wall. It started with over half of the sites I tried to visit getting redirected to various sites claiming to be able to disinfect my computer and such, as well as several virus warnings from Symantec. After noticing this, I tried running Spybot, but it wouldn't open. After I renamed the executable file, it ran, but would not connect to the internet for updates. The same problem occurred with Malwarebytes' Anti-Malware and HijackThis. Also, the website for Spybot would always get redirected to another one of the above-mentioned fake sites.

I ran the scans without updates in safe mode hoping they would still be up to date enough to handle the problem. They did held to fix the problem of website redirection and updating Spybot and Anti-Malware, but they and HijackThis are still unable to run as their native (non-renamed) executables. I don't know if the more annoying problems will resurface later, but I want to be sure that the malware is off of my computer.

EDIT: This appears similar to be the Google hijacker that others on this forum are experiencing

ANOTHER EDIT: The main annoyance is back. Google search results are being redirected again. :-(
DDS (Ver_09-06-26.01) - NTFSx86
Run by Aaron at 20:52:13.84 on Sat 06/27/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.... Read more

Answer:Malware preventing countermeasures

Hello AlfaWolf04,Delete these old version of Java, as they are malware magnets.Java™ 6 Update 2Java™ 6 Update 3Java™ 6 Update 5Java™ 6 Update 7 Please post the last Malwarebytes log so I can see what it is finding. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire MBAM report in your next reply

7 more replies
Relevance 69.29%

I've heard mention on other forums that for XP Pro there is stuff like EMET, Software Restristion Policy, Hosts File, etc., that will prevent installation of malware like OpenCandy, YellowMoxie Redirect, and so on. If true, I'd like to know more (a lot more) about this! Advice? Links? Anything at all appreciated!

Answer:Preventing malware installation

 There are supported antivirus and antimalware programs for XP if that's what you're looking for.  They're pretty much the same ones you can get for later versions of Windows.
 Of course MS pulled the plug on the last of the Windows updates for XP back on 4/8, so it's going to become more and more vulnerable to attacks over time.  My recommendation is to either upgrade to Windows 7 or 8 or go with Linux.  The Mint and Ubuntu versions of Linux run very well on computers that run XP, and they just boot up, find your devices, connect to the Internet, have a Windows like user interface, and come with Firefox and LibreOffice.  AND they're supported.
 
Good luck.

8 more replies
Relevance 69.29%

I have some form of malware that is preventing me from installing and running Super anti spyware, spy-bot and malware bytes. I keep getting an error window with the following message. " The instructions at "0x7c8841ee" referenced memory at "0x00000000", the memory could not be written" then an end program button.
Ad-Aware seems to be the only program that I can run and it finds "win32trojant.dss"
Attached is my HJT file
any help or direction would be appreciated, thanks
 

Answer:Malware preventing me from installing

Please at least attach logs from running Combofix and MGTools. You didn't mention whether you had problems running those so I assume you have logs from them.

Thanks
kes
 

14 more replies
Relevance 69.29%

Hello Spyware gurus,

My name is Jim. I am having a few problems and followed the full instructions for malware removal and picked up a whole bunch of stuff (2 spyware, 2 trojans and 1 suspected trojan) that were parasitizing my machine. I did the panda scan and it picked up a lot of things that it couldn't remove (5 items). Has anybody got any advice or how to get them off and keep them off? I usually run Zone Alarm and AVG and also scan with spybot. I think that I must be making some fundamental mistakes somewhere because I reinstalled not long ago. The taskbar and desktop items also take quite a while to load. Anybody got an idea of why this might be? Is it another virus and how might I shake it? Previous to finding this really useful site I used spysweeper which told me that I had a couple of browser hijackers that it wouldn't remove for me and that they had exploited a hole in IE to gain some nasty control of my PC. I attached 3 files mentions in the instructional post, and will post the other 3 on a replyAnybody got some words of wisdom for me?

Thanks

Jim
 

Answer:Malware problems! I followed the procedure. Anybody got a minute?

Here are the hijack and panda scan logs. Thanks to anybody who might lend me a hand...
 

10 more replies
Relevance 69.29%

Started out with PurityScan. Been two weeks since I started so hard to remember everything I've been able to get rid of. Have run through the preliminary cleanup steps, and on 6C/7 of posting. Additional logs to follow...
 

Answer:Help with malware, followed typ procedure, HJT logs attached

...remaining logs...only noticable problems are the popups leading to various virus products.
 

10 more replies
Relevance 69.29%

This machine is running XP home, sp2, AMD sempron 2400 @ 1.77 GHz, 512 Ram.
Malware removal procedures ran fairly smooth, as I've performed them once before.
Attached are the logs. MBAM log was left off because of space, and it is empty, but available if needed.
Your site is appreciated, and help with this is also.
 

Answer:Slo puter, ran Malware remove procedure.

Well, you obviously need to at least double your RAM. However, I am not seeing any malware in your system. We can clean up a few items:

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)Click to expand...

After clicking Fix, exit HJT.

Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.




REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\NoExplorer]

Click to exp... Read more

1 more replies
Relevance 69.29%

I'm trying to clean up my mother's computer because it had a whole mess of malware on it. I don't know how long it has been infected for because I haven't lived with her recently. She suspects it got on there this spring/summer when my cousin downloaded a game he plays.

Before I did the standard procedure, I looked at the add-ons/extensions in Firefox, Chrome and IE and the unfamiliar programs in control panel. I found the following things that googling suggested to be malware:

Hotbar
Browse to Save
Blinkx beat
White Smoke
Oberon game toolbar
search.conduit
Codec-V
Conduit/mixiDJ
Snap.do
DomaIQ
QuickShare
QuickDrag
Software Version Updater (apparently related to White Smoke)
Search Protect by Conduit
White Smoke New Toolbar

I followed the standard procedure for malware removal (logs are attached) and it seemed to clear some things but the following remain:

Blinkx beat
Snap.do
QuickShare

Snap.do is not listed in control panel, but it keeps being reset as the default search engine/home page for Firefox and Chrome. My sister has told me that she's tried to get rid of Snap.do some other way before.


The AV used on this computer is AVG 2013 Free, the OS is Windows 7.

Thanks for your help!
 

Answer:Some malware remaining after standard procedure

Rerun Hitman and have it delete everything it found.

Reboot and rescan with Hitman and attach the new log.

Tell me how things are running.
 

8 more replies
Relevance 68.88%

Hi,

I have printed everything, gone through all the hoops downloading Spybot, Superantispyware, Malwarebytes, combofix.exe and mgtools.exe. I successfully ran Superantispyware, but Spybot does nothing when I click on it, and same with Malwarebytes so I am stopping before I get more jacked up. I am attaching the log from SAS.

Here is my issue. I am fixing a friends laptop. Too much pron surfing. I removed 12 viruses (used Sysclean from trendmicro), they were mostly trojans from the system which was crippled by Joke_blue screen. Anyhow all that is gone (I am pretty sure). What was harder and I don't believe is gone is Anti Virus Pro 2008 or similar. I deleted all registry, start up, ran hijack this, trendmicro sysclean (from dos not online version) scanned registry again. Now windows loads normally without the gag screensaver and everything looks good until you try to use the browser. It starts but Once you try to google or yahoo something, it sends you to other places. Cannot access Microsoft update, Adaware, Trend Micro or even your forum here. Nothing will go beyond initial search and when you try typing an address in directly a second window pops up and goes to asiuoqgusdbaksd.com which redirects you to some other site. And now certain executables simply wont run. Firefox wont even start either.
 

Answer:Windows XP Cannot follow Cleaning Procedure

Please run the MGTools.exe and attach the resulting logs: C:\MGLogs.zip.
 

9 more replies
Relevance 68.47%

Hello guys, I hope I've posted this in the correct place. I'm only averagely tech minded so I'll try my best

I'm running Windows XP (sp3) and mostly use Chrome browser with IE occasionally.

My Avira Free has refused to net update for over 24hrs, and when I look at Internet Options I see the 'use proxy server' button is checked although I've previously un-checked it. I've managed to download manually from Avira and am currently running a scan with it & Malwarebytes.

I have some log files but I take notice of the warning against posting hijack this logs in this forum.

There are several processes & files that look decidedly fishy to me but am not sure of where/how to proceed. "ProxyServer = http=127.0.0.1:49717" for example!

I also use Malwarebytes free version & update & scan regularly with this & Avira free AV.

I usually scan any potentially fishy files with AV & MWB before downloading but something's gotten through (could be another user when I've not been here is responsible) or can hardware like a cheap chinese USB hub be responsible?

Answer:malware &/or virus (I think) is preventing AV updates

Welcome joolzLet's run these as I feel you have a rootkit.Many malwares like to change the proxy setting on you.Please click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.Now check if the internet is working again.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.... Read more

10 more replies
Relevance 68.47%

I am running Windows XP SP3, with the latest version of Firefox. I am using Bellsouth Fastaccess DSL. My antivirus is Norton, and could not find any issues. My computer is connected to the wireless network, with excellent signal strength. I have tried repairing the connection and using IE, but neither have worked. My laptop and other computer can both connect to the Internet. Other things that I have noticed: SUPERAntispyware and Spybot Search and Destroy have both stopped working. I have also posted this on the Web Browsing forum. Thank you for your help!

Answer:Malware preventing connection to Internet?

Please just keep it to one forum for nowIf we can't fix you here then you can post thereSee if you can access Safe mode w/networkingorYou can burn to a CD or download to a thumb drive the tools I am going to have you useDouble-check that Spybot's Teatimer function is disabled----------------------------------The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all th... Read more

11 more replies
Relevance 68.47%

What do you think about anonymous software, and firefox add-ons like switchproxy and stealther? Do they prevent malware? Do you have any Firefox add-on recommendations for effective internet security?
 

Answer:Question about Firefox Add-ons and Preventing Malware

You can not be anonymous on the internet.
In order for the post office to deliver mail to you, they need to know the address where you accept mail.
In order for the internet to deliver web pages to your computer, a server somewhere needs to know the address of your computer so you can view the pages. Some server (or more than one) knows exactly where you computer is located and what web pages you want to view. If this information wasn't known, you get a 404 error for every page that you tried to load.
The perception that you are anonymous is just that, a perception.

You do not protect the browser; you protect the computer so that things delivered to your computer don't come with nasties you don't want.

The computer needs: a firewall, one antivirus (monitoring in real time), one malware detector (monitoring in real time). You might be able to get two of these things in one program.

To lessen your chance of clicking on something you don't want and installing something not healthy for your computer, you can run noscript in Firefox. This turns off javascript and you are able to turn it on for certain sites either permanently or temporarily. I also run something called WOT (web of trust) which shows me when I use google to search, sites to avoid or to approach with caution.
 

2 more replies
Relevance 68.47%

Hi guys,

Here's my System info:
Windows 7 Home Premium 64bit
Intel i5-2500k cpu
8gig DDR3 RAM
OCD VertexII SSD 60GB running OS
2TB HDD and 1TB HDD
ASRock Z68 Pro3 Mainboard

I went through the clean up process step by step and my logs are attached over this and the next post
 

Answer:Possible Malware preventing drag and drop etc

And here's the last of the attachments
 

7 more replies
Relevance 68.47%

I seem to have a particularly pernicious bit of malware that I can't shift.

"Live Security Platinum 3.6.1" is showing in my taskbar, and keeps feeding me fake alerts.

I foolishly googled a "fix", which i suspect is just yet more malware.

I can't follow any of the general fixes because it's blocking almost every .exe from running.

Judging by the lost keystrokes as i type, i suspect there is some kind of keylogging afoot here too.

Help please!

I have older versions of some of the recommended tools installed if that helps - although can't find a way to update or run them... any ideas?

I'm on Windows Vista.
 

Answer:Malware preventing .exe files from running

OK I managed to find a rogue .dll... deleting it let me run .exes again.

I've had a bit of a mixed bag with the recommended utils though.

Hitman blue-screened for me twice in a row, and MBAM crashed during fixes the first time.

I've attached a transcript of what was in the window when MBAM crashed (although some of it's not very helpful because the full filepath wasn't displayed in the window when it became unresponsive) - and a log from when it ran OK the second time.

Any advice?
 

8 more replies
Relevance 68.47%

Hello.

I posted in the Vista section about trouble I am having with updates installing. One person replied that "[b]ecause of the large number of problems in category items that [I] posted, and the corrupted SFC store," before I do anything else, I should post in this forum to make sure my system isn't infected.

To briefly summarize what I posted over there, I can't get some updates to install, and I have some corrupted files (or corrupted something . . . I honestly don't know enough to know what the problem is).

Here is what I got when I ran the dds:


DDS (Ver_09-03-16.01) - NTFSx86
Run by admin at 16:00:03.31 on Thu 04/16/2009
Internet Explorer: 7.0.6000.16830 BrowserJavaVersion: 1.6.0_07
Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.2037.1118 [GMT -5:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Outdated)
FW: ZoneAlarm Security Suite Firewall *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkS... Read more

Answer:Possible malware infection preventing updates

Hello ti2,

I'm not seeing any malware in these logs. You can run an online scan and see if it detects anything lurking about. It can take some time, so please be patient and allow it to run it's full course:

**Vista users - right click on the IE icon and run as administrator

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.



Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

2 more replies
Relevance 68.47%

I've tried everything I know how to do (which admittedly isn't much) and I'm hoping someone can help. I've run Spybot, Malwarebytes, and AVG. They all say they detected something called Astromedia and removed it, but now my computer is running worse than when I started. Every time I open my browser or a new tab it acts like it's not connected to the Internet until I reload multiple times. Can someone please help? My system info is below.
Thank you!
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD A10-4600M APU with Radeon(tm) HD Graphics, AMD64 Family 21 Model 16 Stepping 1
Processor Count: 4
RAM: 5609 Mb
Graphics Card: AMD Radeon HD 7660G, 512 Mb
Hard Drives: C: Total - 590202 MB, Free - 403986 MB; D: Total - 19972 MB, Free - 2166 MB;
Motherboard: Hewlett-Packard, 18A6
Antivirus: AVG AntiVirus Free Edition 2015, Updated and Enabled
 

More replies
Relevance 68.47%

I think I may have picked up some malware that is preventing executable files from running.
Windows 10
avast free anti virus
Sony VAIO VPCEB2C5E

I first noted that i couldn't get FireFox to open. I removed the program & re-installed it but no joy. I eventually downloaded Chrome and this is working.
Now however I've discovered that the majority of the programs on my laptop will not run.
Symptoms:
The program will initially load, blue flashing disc, but then nothing.
The list of affected apps are below:
Outlook
Word
DIVX player
MalwareBytes
VLC media player
Any app updater is blocked.

Working Apps
Chrome
CCCleaner but no update
Excel
Spybot
iTunes but no updates

Any help much appreciated
 

Answer:Malware Preventing Executable Files

The fact that some programs run and some do not, makes this sound like it is not one of the typical executable program blocking malware problems. In fact, it may not be malware. Let's see if we can get anywhere with our cleaning process in the link below. Try all the tools. Don't assume that they all will not run just because one or more does not. Also if you run into major problems trying to run the tools, try running them in safe boot mode.

Read & Run Me First Malware Removal Guide (incl. Spyware, Virus, Trojan, Hijacker)

There is a chance that you may have to uninstall Avast temporarily. We have seen antivirus program cause problems like you are describing. But let's first see where we get with the Read & Run Me First.
 

3 more replies
Relevance 68.47%

Let me start by saying I already started in the "Am I infected" forum and they told me to start a new post in here. The link to my thread over there is: Internet access shuts down right after loginI sure would appreciate your help!Here is my DDS.txt:.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21Run by Alan at 20:44:04 on 2011-09-23Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3325.2251 [GMT -7:00].AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalSe... Read more

Answer:Malware preventing internet connection

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/420238 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

30 more replies
Relevance 68.47%

I posted previously in another section about lagging issues: How to make speed improvements

satrow: "The security processor loader driver (spldr.sys) isn't related to any 3rd party drivers, it's installed by MS as part of Windows. If it's not loading in at all, it could be a malware issue"

As instructed there, I'm asking for a malware review. Thank you!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17689 BrowserJavaVersion: 11.31.2
Run by Tony at 7:19:24 on 2015-04-01
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7630.4546 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe ... Read more

Answer:Malware possibly preventing spldr.sys?

Hello revelry,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your und... Read more

7 more replies
Relevance 68.47%

I hope I'm posting this to the right spot... this website is pretty confusing...

McAfee will not update and I cannot access the McAfee site. Instead, I get redirected to a pseudo site. I had something similar happen on another computer using Kaspersky. I am running Combofix now. Is there someone who could help me read the log?

Answer:Malware preventing McAfee from updating

DO NOT EVER run Combofix on your own and without supervision of an expert. It can seriously damage your system and make it unbootable. DO NOT post the log here.Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it.Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first

Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys. ~ Courtesy of boopmePlease download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and y... Read more

1 more replies
Relevance 68.47%

My computer has been acting strange for a while, but I couldn't ever pin it on malware.  My clock doesn't sync even when I change the server.  I got really suspicions when I connected to a new wireless network and got the following error message:
 
Cannot connect to the real www.google.com
Something is currently interfering with your secure connection to www.google.com.
Try to reload this page in a few minutes or after switching to a new network. If you have recently connected to a new Wi-Fi network, finish logging in before reloading.
If you were to visit www.google.com right now, you might share private information with an attacker. To protect your privacy, Chrome will not load the page until it can establish a secure connection to the real www.google.com.
 
I tried enabling my firewall but got:
 
Windows Firewall can't change some of your settings
Error code 0x80070424
 
I have a backup.  I ran CC cleaner and Junkware Removal Tool.  I'm currently running a full scan of Malware Bytes.
 
I've attached the results from dds.  Thanks for any help!

Answer:Malware Preventing Enabling Firewall

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Log... Read more

2 more replies
Relevance 68.47%

Attempting to follow the XP cleaning procedure, and none of the tools will run except MGTOOLS, which did run to completion and generated the zipped file.

Symptoms are: both IE and Firefox either redirect or deny finding websites. For example, cannot get to windowsupdate.microsoft.com--instead, browser is redirected to findstuff.com when I attempt to click on Google search result which points to windowsupdate.microsoft.com. Attempting to go directly there results in a 'page not found' error. Same is true for symantec.com or Mcafee,com.

Spybot did install, but when I run it, it loads a 3MB process I can see in task manager, but never opens.

Superantispyware will not install. Even after renaming the executable, it crashes with the "SUPERAntiSpyware Free Edition has encountered a problem and needs to close. We are sorry for the inconvenience" error, which pops up and asks if I want to send the error report to Microsoft.

Combofix opens the "do you want to run" window, but never continues when I tell it to.

Malwarebytes' Anti-Malware -- same thing: when I click to run it, nothing happens.

One detail: Netscape Navigator appears unphased by the malware. So, I do have a working browser for some web access (Microsoft insists on IE, so I cannot use windowsupdates via this browser) on that computer.

I am attaching the mglogs.zip file.

One other note: I am actually conversing from a clean machine. I am running logmein to access t... Read more

Answer:Malware's preventing most tools from running

Let's start with this:

Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

* Scroll down to ?Non-plug and Play Drivers? and click the plus icon to open those drivers.
* Then search for TDSSserv.sys
* Let me know if you find this or not.
* If you do find it, right click on it, and select Disable. Do not try to uninstall it.
* Also if this is found and you disable it, then reboot and see if you can run the other scans that would not run.

Use add/remove programs to uninstall:
J2SE Runtime Environment 5.0 Update 10"
J2SE Runtime Environment 5.0 Update 11"
J2SE Runtime Environment 5.0 Update 9"
Java 2 Runtime Environment, SE v1.4.1_02"
Java(TM) 6 Update 2"
Java(TM) 6 Update 3"
Java(TM) 6 Update 5"
Java(TM) 6 Update 7"
Java(TM) SE Runtime Environment 6 Update 1
Viewpoint Media Player

Now use windows explorer to find and delete:
C:\Documents and Settings\Julia\Application Data\MJUSBSP
C:\Documents and Settings\Julia\Local Settings\Application Data\tjnet

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file and any other logs you can run ( remember to try the in safe mode).
 

3 more replies
Relevance 68.47%

Hi, recently i've been having problems with "XP Security 2010" and other pop ups that it appeared to install. I tried several times to remove them with Malwarebytes and Spybot Search and Destroy and I was sure they had fixed the problem, but i am still having problems! Whenever i start up my computer I.E and FF run fine for the first few minutes then suddenly they start redirecting me to "search.avg.com" or they "cannot display the web page as i am not connected to the internet".

Also whenever i try to connect to the net with my laptop at the same time as my PC, my laptop does the same as the PC and the same is said for my PS3 when trying to play online but when i disconnect my PC from my router, my laptop and ps3 work fine.

Thanks

Steven

EDIT: also i have just noticed when i connect my laptop at the same time it appears to be turning my windows firewall off on the laptop.

Answer:Malware preventing internet access?

Hi,Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several op... Read more

5 more replies
Relevance 68.47%

Info in this thread:
http://forums.techguy.org/windows-nt-2000-xp/736643-automatic-updates-rundll32-error.html

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:55:39 PM, on 8/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avi... Read more

Answer:MalWare preventing Automatic Updates?

Er hm, was I suppose to post the HJT log while in non-safe mode?
 

1 more replies
Relevance 68.47%

Hello,
I have recently developed a problem when I play games on the Pogo & Slingo websites as I have done for many years. I recently started getting a popup to download some antivirus software called 'winsuperantispyware' which I knew was bogus, so I did my best to ignore & get rid of it. Anyway, shortly afterward I began having problems with java on both sites & on Pogo, it said my java was not working or I had a 'bug' in my cache. I decided to run all my clean up programs including Smitfraudfix & Superanitispyware & I am still getting an error message when I try to play my beloved games.
I spent time reading through some of the related forums on this subject at your site yesterday & so I even tried to download Mozilla Firefox & when I did that, I got the 'winsuperantispyware' popup at the time when my selected game is downloading which I believe tells me that this malware is preventing me to play games with java on any browser. I have tried relentlessly to solve this problem on my own & I am having no luck , so I hope you guys can help me get rid of this nasty little pest!
Here is my Hijackthis file:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:37:59 AM, on 9/30/2007
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\s3trayp.exe
C:\Program Files\CyberLink\Powe... Read more

More replies
Relevance 68.47%

Greetings! I have recently been infected with some sort of malware. It is preventing me from visiting several websites I used to visit often. A few examples:Google, Yahoo search engine, Gmail, Hotmail, Facebook... Just to name a few. When I try to visit any of these sites I receive a browser message "Unable To Connect". I use Firefox.

I run Windows 7 64 bit.
_____________________________________________________________
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Tyrantius at 21:05:02 on 2011-08-22
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4030.2591 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common File... Read more

Answer:Malware Preventing Me From Opening Many Websites

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

If you did not modify your HOSTS file it has been compromised.


Quote:




Hosts: 184.107.64.187 Google
Hosts: 209.172.56.118 search.yahoo.com
Hosts: 209.172.56.118 Bing




Go to: HostsXpert v4.4
Download the program HostsXpert to restore the default hosts file back onto your machine.
Unzip the program and execute it.
Select
"Restore MS Hosts File".
Close the application.

Restart the computer normally.
===

When the hosts file has been restored.

Please download C... Read more

7 more replies
Relevance 68.47%

Hi,
I have formatted my computer a few days ago and now I'm reinstalling my adobe programs. in order to do so I must close firefox, but after I do it, it reappears in the processes window. I terminate it, and a second later appears a process named CuNew.exe which immidiately changes to firefox. it just keeps happening every time I try to terminate it.

this cunew sits in C:\WINDOWS\system32\install, and it's something by indetectables.net. I guess it's a malware but my antivirus doesn't recognize it.

in addition, every time I restart now. I get error messages from programs such as skype, "the program failed to initialize", each time more and more programs.

here's my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:54 PM, on 9/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Extensis\Exte... Read more

Answer:malware preventing firefox from closing

I ran Malwarebytes' Anti-Malware and it detected the file. It said that it deleted it, but it just pops up again in the same directory.
Also, I noticed that this process disguises itself as Firefox all the time, e.g. when Firefox is closed I see "Firefox" running in the processes window, when it's open, there are two "Firefox" there.

Help will be so much appreciated!

Here's the MAM log:

Malwarebytes' Anti-Malware 1.41
Database version: 2833
Windows 5.1.2600 Service Pack 2

9/21/2009 1:59:11 AM
mbam-log-2009-09-21 (01-59-11).txt

Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 194426
Time elapsed: 35 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0014hv01-o13r-jqfl-rq46-27ap31np34lx} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c20ee2d6-81c3-6a08-79c5-1989da43bc19} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UI... Read more

2 more replies
Relevance 68.47%

Hello!  Yesterday I was having some problems with some spyware.  It would randomly create a fake windows firewall error saying that my computer is infected and prompt me to visit a web page to download a full version of a virus scanner.  The malware was causing lots of pop ups and whatnot.  I downloaded MBAM and superantispyware.  I ran both of them and the popups are gone(wohoo!).  However... This morning I got on my computer and I am unable to use any web browser (IE, Firefox) to navigate to websites.  I am connected to my router just fine, and I am able to connect to Steam and AIM with no problems, so I know I am connected to the internet.  I am unable to ping any websites or anything.  When I try to navigate to a website, I get the "address not found" error.  Please help!

Answer:Malware preventing web browser usage!

Go to...http://www.computerhope.com/forum/index.php/topic,46313.0.htmlFollow the guidelines, post the three logs and a specialist will review them in turn.

5 more replies
Relevance 68.47%

OS - Windows XP Home

I've been trying for a couple of weeks now to install Comodo Firewall, but it just wouldn't install. I made a thread over at the Comodo forums regarding this, which ended up being 2-3 pages long, and finally a Comodo technician replied to me.

He said the following:


Quote:




I am sorry, but your PC is seriously infected with at least four dangerous viruses. They blocks your registry and fully controls your Windows.
For example:
C:\windows\fonts\fonts.exe - see http://www.auditmypc.com/process/fonts.asp
System32\appmgmts.dll - see http://www.greatis.com/appdata/d/a/appmgmts.dll.htm
si.exe - see http://www.processlibrary.com/directory/files/si/ - most dangerous, it loads under explorer (maybe even replaces it)
Also I've found few suspicious and unknown drivers in your system.





Therefore, I've decided to come on here for help, in the hopes that I can clean my PC of this malware. I've followed all the instructions in the "Read This Before Posting For Malware Removal Help" thread.

I did everything except for the Gmer scan. I ran the Gmer scan and it was running for around 3 hours. I went and did something else for a while, and when I came back it was still running. It had caused the whole PC to basically freeze up, with the only thing NOT freezing up being Gmer itself. Then all of a sudden the PC blue screened and rebooted, therefore I'm left without the "ark.txt" file unfortunatel... Read more

Answer:Malware Preventing Installation Of Firewall!

Bump, please.

19 more replies
Relevance 68.47%

Found some suspicious things in my email, so I ran the sequence of malware detection/removal. I'm attaching my logs and waiting for instructions on what to do next. Thanks for your help!!

I have one last file to upload, so I'll comment on this post and add it there. Your procedure gen's 6 logs and we can only attach 5.
 

Answer:Malware Procedure Completed, Logs for review

Now for the TDSKiller log, attaching that. Thanks again!
 

16 more replies
Relevance 68.47%

I was downloading movies using bittorrent. I deserve whatever virus I got. First thing I did was delete BitTorrent. I really need some help removing this thing.

It freezes at random times. Also when restarting it freezes. Sometimes I have to restart 3-4 times before it will load up completely without freezing. Computer runs very slow as well. At first I couldn't toggle between programs at the bottom. I would have to minimize one, and then restore another. I also couldn't right click on programs down in the taskbar.

I tried to solve the problem myself at first by checking which one looked like a virus in my Task Manager. I searched for the .exe and then went into safemode and deleted it. It said it had been created on November 29th. The .exe was called THEEE4.EXE. When I got back to windows there was another file in there, newly created, made up of random numbers and letters 6 characters long. It was in the C:\WINDOWS\Temp folder.

Anyway, that's all the information I can think of, here's my .zips and .txt's
 

Answer:Some sort of Malware. Not solved by cleaning procedure

Hi JLong!
Welcome to Major Geeks!

No one deserves a virus or any other bad thing to happen to them.



1)Please go to add/remove programs and uninstall the below:

J2SE Runtime Environment 5.0 Update 10"
J2SE Runtime Environment 5.0 Update 3"
J2SE Runtime Environment 5.0 Update 6"
J2SE Runtime Environment 5.0 Update 9"
Java(TM) 6 Update 2"
Java(TM) SE Runtime Environment 6 Update 1



2)Reboot after uninstalling the above.

3)Install the current version of Sun Java from: Sun Java Runtime Environment You still have not done this.

I will get back to you with other instructions after I've had a chance to look through your logs. This can take time, so thanks for your patience.

abri
 

7 more replies
Relevance 68.47%

My Dell Inspiron 1420 (Vista SP 1) suddenly started running sluggishly after I woke it up out of hibernation yesterday. It won't open programs such as System Restore and MSWord, but it runs Firefox and CCleaner without a problem. Task Manager shows up in the tray but won't open as a window.

It also locks up when I try to shut it down, and I've had to force it manually. It boots up fine.

I've defragged recently, cleaned the registry, cleaned out temp files, run scans with SpyBot. Then I followed the instructions on the malware removal guide in this forum, and nothing seems to have changed. I wasn't able to run the SUPERAntiSpyware program (stalled on the "preparing to install" dialogue), but the other three programs seem to have worked fine. I've attached those logs here.

Also, I don't know if this is relevant, but two new processes try to run at every start-up: "apntex.exe" (which I understand to be related to the touchpad driver) and "services.exe".

Thank you for any advice you can give me!
 

Answer:Malware cleaning procedure attempted, still have problems

Welcome to Major Geeks!

Your logs are clean. Thus you are not having malware problems. I suggest that you post in the Software Forum. I do see a very large memory dump file that indicates you had a system crash:
Code:

2009-03-14 21:54 . 2009-03-14 21:56 310,825,039 --a------ c:\windows\MEMORY.DMP

We need to cleanup from running the READ & RUN ME:

We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
"%userprofile%\Desktop\combofix" /u
Notes: The space between the combofix" and the /u, it must be there.
This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Delete the C:\combofix folder from combofix (if it exists)

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Go to add/remove programs and uninstall HijackThis.
You can ... Read more

3 more replies
Relevance 68.06%

When I try to run a scan from usind AVG anti-virus, Avira, Windows Defender, or SuperAntiSpyware; when the scan gets to a certain point, Windows shuts computer down with a blue window. It says Kernel_Stack_ Inpage_ Error plus some standard verbage about if you recently installed sortware/hardware,see administrator, etc. At bottom it says: STOP: 0x00000077 (0x00000001, 0x00000000, 0x00000000, 0xF79B1D24). I could sometimes run AVG scan in "select drives/folders" mode but recently it quit allowing that after I upgrade to AVG 9 (free). I uninstalled AVG and went to Avira but with same results. Scanning with Windows defender did the same. I recently installed and ran SuperAntiSpyware and was able to pinpoint problem to " System Volume Information" directory. I am unable to open to see contents as Windows shows no files in it. When I ask Ariva to scan it, Ariva says no files also but if I use AntiSpyware to scan, it shows many files during it's scan but will get to a certain point and computer will shut down. I can almost see file that shuts it down but it happens too fast to catch it. I was able to run "RootRepeal" and log is below. I was not able to run "DDS.scr".

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/30 13:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepe... Read more

Answer:Unknown malware/virus won't let any anti-virus/windows defender/malware removal progran to complete scans

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

23 more replies
Relevance 67.65%

Hi Guys,

I could use some help getting rid of some malware that has been vexxing me for quite a while now. Looking back at my windows update history, I have been unable to install Vista Security Update KB979683 since 16 Apr 10 with it attempting to install everyday since then and always getting the same error 'FFFFFFFF'

I was unable to get a RootRepeal log as the program would use up all my RAM (2GB) and then just exit itself after about 20 mins.

My logs are attached. Thank You!
 

Answer:Malware preventing Vista security updates

Welcome to Major Geeks!

You ran steps in safe boot mode not normal boot mode. You should be running in normal boot mode to get proper logs unless that is not possible.

Also you skipped running step 6 of the READ & RUN ME so we cannot tell whether you have a Master Boot Record rootkit infection or it is just the disk emulation software you did not disable. To properly continue, you will have to run this step and then rerun MGtools and attach a new log; however, based on the sum of all logs, I don't think you are having malware problems.

While problems with Windows Updates can sometimes becaused by malware, it is quite frequently not malware. It could just issues with Windows itself or it could be your own protection sofware. You could try shutting down Symantec and Windows Defender and see if you can update.
 

3 more replies
Relevance 67.65%

I get svchost.exe errors on bootup with references to 0x85993a44 and 0x01c8284.

I get Google redirects.

I cannot do a Windows update. I get Error number: 0x80072EFF

I've attached the logs.

It looks like the limit for attachments is 4, but the 5th is short and is here:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/25/2008 at 04:17 AM

Application Version : 4.22.1012

Core Rules Database Version : 3685
Trace Rules Database Version: 1662

Scan type : Complete Scan
Total Scan Time : 01:39:58

Memory items scanned : 918
Memory threats detected : 0
Registry items scanned : 9108
Registry threats detected : 0
File items scanned : 47848
File threats detected : 0

Any help???
 

Answer:Malware preventing Update and causing redirects

Welcome to Major Geeks!

We need some additional info. Please run this: GMER - running with a random name and attach the log from GMER.
 

10 more replies
Relevance 67.65%

Just occured to me to try using IE 64 on this Win7 64 machine as I've been reading this site from an alternate machine. It seems to work fine, but Firefox, Chrome or IE 32 won't work. I've checked the hosts file as well.

Microsoft Security Essentials Detected the following since this all occurred:

Trojan:Win32/Ertfor.A
Trojan:Win32/Hiloti.gen!D
Trojan:Win32/Wimpixo.E
VirTool:Win32/Obfuscator.KG
Rogue:Win32/Winwebsec
Trojan:Java/Mesdeh.C
Trojan:Java/Mesdeh.A
Trojan:Java/Mesdeh.D
VirTool:Win32/Obfuscator.KG
Trojan:Java/Mesdeh

Norman Malware Cleaner from 11/13 detected/removed 5 things but unfortunately I didn't log them.

I can't remember if ESET picked up anything- the history logs aren't showing anything, and it's not able to update itself (presumably the same protocol used as 32-bit browsing?)

GMER also has many of the options listed in the preparation guide greyed out:
 gmer.png   68.07KB
  1 downloads

---

DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by John Doe at 8:53:01.79 on Sun 11/14/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.4060.2493 [GMT -8:00]
============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files�... Read more

Answer:Possible Malware Remnants Preventing Any 32-bit Browser From Working

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

10 more replies
Relevance 67.65%

Sup hoes, I'll jump right into it.Workstation at a clinic is infected with a piece of malware that disables antivirus as soon as it's accessed. So far I've tried to run AVG's scan and MalwareBytes' scan. Running malware bytes once after installing will start the scan and the search is stopped seconds after initializing, program is terminated. At this point then the program can not be opened. Attempting to open mbam.exe delivers error "Windows can not access the specified device, path or file. You may not have the appropriate permissions to access the item." Identical results if repeating this entire process in safe mode.Installing AVG; AVG Active Anti-Virus (the real-time scan) disables and can not be enabled. An attempt at a scan with AVG results in an immediate conclusion stating no threats were found (nothing scanned). Safe mode is similar, the AVG scan will run for about 15 seconds then just simply close.The only active process I found out of the ordinary was this entry: "3517402925:3534772270.exe" - 464K. Ending the process does not seem to have any effect; it remains there. It is an active process in Safe Mode as well. Found registry entry inLOCAL_MACHINE > System > Services > 2d4fa7d1 >name: imagepathdata: \systemroot\3517402925:3534772270.exeAlso appears inLOCAL_MACHINE > System > CurrentControlSet > Services > 2d4fa7d1LOCAL_MACHINE > System > ControlSet003 > Services > 2d... Read more

Answer:Malware preventing Anti-Virus from scanning

Hi Putrid, I know it looks like a lot, but it's really just a lot of text asking for only 4 scans. Once you've done these and posted the results in your next post, let me know how the computer is running.Note: You may have to perform some or all of the following in Safe Mode With Networking, depending on if you have internet access while in the normal Windows environment.========================================================================================================================================================Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.========================================================================================================================================================Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the update... Read more

3 more replies
Relevance 67.65%

we are in a small corporate environment.we have one user that needs administrator permissions to run some softwarethe problem is, this user regularly accidentally installs viruses and malware from her browsing habits.we have spent countless hours cleaning up the system from various attacks, malware and viruses.is there a way to give the user admin permissions to run the software, but block things from being installed.it is an active directory systemthanks

Answer:preventing virus and malware from admin user

mmm... Bit of rum situation when a user with admin rights is part of a problem re' malware/viruses etc...Perhaps restrict the profile (for that user only) so as to NOT allow actual online presence; able to browse access local network etc but thing outside of it?

5 more replies
Relevance 67.65%

Hi everyone,

I got a virus/malware of some sort the other day after downloading what i thought was a book.. -.-

Basically, this virus/malware (not sure what it is..) prevents some antiviruse programs from running, I had Microsoft Security Essentials at first, but this got disabled and I couldnt use it so i downloaded AVG which installed fine, but wouldn't lauch, Windows Defender was also prevented from functioning.

But Antimalware bytes and Kaspersky seem to work fine and i removed several viruses/malware with them, though the problem still persists and Windows Defender/Microsoft Security Essentials still won't run!

Spybot search and destroy can scan, but when it gives me the option to remove the infections, an error occurs and says i need admin rights to do this (even though i am on an admin account..)

I would try to remove the virus through safe mode, but i cant get onto it! A message pops us saying something about the screen not being compatible or something

I was thinking of using ComboFix since it worked for me last time i had a serious virus, but im not sure i should use it since they say yo only use it with supervision from a PC pro..

Any help would be much appreciated!

Edit: Rkill didnt work, it just said "The system could not find the path specified"

Answer:Virus/Malware preventing my antivirus from working! Help please!

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

2 more replies
Relevance 67.65%

It appears that my desktop PC is infected with some malware/virus which is preventing my malware diagnostic/cleaning tools from running. When I try to run MBAM or Spybot, I get the Windows message "Windows cannot access the specified device, path of file. You may not have the appropriate permission to access the item". When I run Avira, it goes all the way through a full system scan, identifies about 13 infections (including ZLOB etc), then just crashes.

I've tried booting in safe mode then running the tools, but I get the same result.

I've also been getting inconsistent boot-up, the occasional blue/black screen and sometimes the PC won't boot at all unless I power off and on again (sometimes twice!!).

I followed the Preparation Guide, downloaded DDS, but when I tried to run it, it just sat there, cursor blinking but no reports, even after 15 minutes. I also downloaded RootRepeal and tried to run it, but it also crashed immediately.

I would greatly appreciate your expert help with this.
Hazmat99

Answer:Infection preventing malware tools from running

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

3 more replies
Relevance 67.65%

Hey guys, I apologize in advance, but I want to let you guys know I am not tech-savvy whatsoever; I fell upon this forum by google searching repeatedly on issues my computer is having; Anyway, I think I have cornered down the problem;
 
 
I am unable to connect to the internet with my desktop (all other devices in my house are able to connect)
 
chrome, IE, etc etc are all giving me the error that they "could not connect to the proxy"
I go into my browser settings to disable the proxy which I never set up, and, it is automatically re-enabled; Obviously I have malware of some kind;
 
I have ran hitman 64bit, malwarebytes, and neither of them succeeded; I was reading multiple threads on this forum from people who were having the same issue and noticed that the mods/"consultants" here were asking them to have some kind of scanner run and create a log for them to see; I also noticed the solutions they offered were specific to the OP's computer, and thus, could not be used by others reading.
 
So, I have created this thread in hopes that someone can help me. Just tell me what to do and ill get right on it!
Thanks guys, I really appreciate the help;

Answer:Malware setting up a proxy and preventing me from disabling it

Also, I have a dell desktop with a preinstalled version of windows;
 
The F**** joke of a "reset/recovery" disc made in windows 8 doesnt work; I have created a repair disc using the program in windows 8, and, when I try to use it, it tells me the "media is not valid"
 

I have also looked up my product key using belclair or something like that, and went to microsoft's website, only for them to reject the product key in a new installation of windows;
 
therefore, I can not do a clean install of windows 8; I am bleep out of luck here with dell and microsoft and it seems my only option is getting rid of this malware myself;

2 more replies
Relevance 67.65%

Hello,

I believe my laptop is infected with malware, preventing it from performing any tasks, such as accessing the internet, or opening programs. It is a shared laptop used primarily for web browsing (google, facebook, etc.) iTunes, and paying bills online. I am able to boot the computer, logon (although noticeably slower), and then I receive two error messages. The first is:

rundll32.exe - Bad Image

"The application or DLL C:\WINDOWS\oparexurivikiki.dll is not a valid Windows image. Please check this against your installation diskette."

I click ok, then another error message immediately pops up:

RUNDLL

"Error loading C:\WINDOWS\oparexurivikiki.dll

%1 is not a valid Win32 application."

I then click ok, and now my desktop appears normal, although 9/10 times I notice that on the bottom right in my taskbar, my network icons do not appear (both LAN and wireless).

From trial and error, I've learned that sometimes I can open up 'my computer', text files, but once I try and open internet explorer or any exe files, my computer freezes. The computer will eventually lock up at some point even if I avoid opening exe files.

I've tried system restore to earlier points, and the problems have not gone away. I've been able to download programs like Malwarebytes' Anti-Malware, AVG 2011, and SUPERAntiSpyware Free Edition, and run them (without updating them; can't connect to internet) and although they have detected and quaranti... Read more

Answer:Suspected malware preventing operation of any programs

16 more replies
Relevance 67.65%

Hello.

For about two weeks now I have been battling several trojans/worms that have attacked my computer. I have managed to remove the majority but I'm still having one problem; I cannot update, run in real time or reinstall my Symantec Antivirus program. Every time I attempt to reinstall my antivirus program I have a window pop up saying my computer will shut down in 60 seconds; it also says I initiated this shutdown sequence. I usually use to Mozilla Firefox but I did use Internet Explorer about two weeks ago to view some sports videos on Yahoo Sports (the videos could not be opened with Firefox). Ever since I used IE my computer started acting weird; pop up ads all over the place, additional browser windows opening and my task bar disappearing. All those problems have been fixed except the problem of my antivirus.

Thanks ahead of time for your help!

Best,
Erika
 

Answer:Malware Preventing the Reinstallation of Antivirus Program

Attached is my MG log....
 

4 more replies
Relevance 67.65%

Please help to solove the problem. Google chrome when opens https://google.com tels that it can not open real google.com. But it opens https://www.yahoo.comDDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.65.2Run by U135428 at 18:08:26 on 2014-07-28Microsoft Windows 7 Enterprise 6.1.7601.1.1254.90.1033.18.3014.1552 [GMT 3:00].AV: McAfee VirusScan Enterprise *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\Hpservice.exeC:\Windows\system32\WUDFHost.exeC:\Windows\System32\spoolsv.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exeC:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exeC:\Program Files\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exeC:\Program Files\McAfee\Common Framework\FrameworkService.exeC:\Windows\system32\mfevtps.exeC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Program Files\... Read more

Answer:Malware preventing https work on chrome

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/542521 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

4 more replies
Relevance 67.65%

Hi there,

I've had my attention drawn to my sister in laws computer that appears to be causing major problems. it won't open IE or FF but will run Chrome. when trying to place the computer into safe mode the power cuts and it reverts back to booting up. this happens at all versions of safe mode.

I've run an avast boot scan and found several files infected with Win32:rootkit-gen. I've also run malware antibytes with no luck. i'm out of ideas :S


DDS (Ver_2011-07-14.01) - NTFS_x86
Internet Explorer: 7.0.5730.13
Run by Kathrin Wallace at 20:24:21 on 2011-07-17
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2039.1212 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenge... Read more

Answer:Unknown Malware preventing safe mode?

Hello and welcome to TSF Virus & Malware support. My name is Taylor and I'll be helping you with your fix.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

9 more replies
Relevance 67.65%

So this is my first post in this forum(so i hope i am not doing anything wrong).
Since about a couple weeks ago my computer has been working fine. Then when i woke up on March 25, the minute my computer started i received an error message. I thought everything was alright but when i went to open my browser i received the message " The procedure entry point _except_handler4_common could not be located in the dynamic link library msvcrt.dll." and "The procedure entry point _ftol2could not be located in the dynamic link library msvcrt.dll.". Everytime i try opening a programs like Photoshop,Word, Malwarebytes and ESET... it gives me that message(I tried dowloading and running rkill with different names but the message also popped up). Strangly I can still open SuperAntiSpyware and open games like Chess. I have tried running Microsoft Security Esssentials with no results. I have tried running SuperAntiSpyware in all modes (including the rescue scan) and it said that everything is clean. When i clicked on something that was only avaliable to the paid version my internet browser(Internet Explorer) popped up(So i think its like the Security scam that does not let you use programs). Thats why i would like to request help in getting rid of this, if this even is a virus.

Thx

Ddng

Answer:The procedure entry point could not be found(Malware/Virus)

Hello, please run this so we can get some info.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Devices List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

16 more replies
Relevance 67.65%

I run the Win2000 cleanup procedure and I still have a malware that creates a "Searched" folder with 56,000 .avi files which slows down the machine.

In addition to SAS, SpyBot, MAB, ComboFix & MGTools -- I also ran Kaspersky & AVG. AVG reports that the avi files are Generic_c.AVS infected.

Attached is a WORD doc with screenshots of the pop up that comes up after I boot up & what I get when I try to open a command screen.

Attached are the logs.

Thanks in advance.
 

Answer:Still Having Malware Trouble After Running Win2000 Cleanup Procedure

Attached are additional logs from SAS & MAB.

Thanks.
 

8 more replies
Relevance 67.24%

I have run the malware removal intructions and when through each programs as they did remove some of the malware and virus. The issue that I am having is that when I open the computer under seperate user and try to run the malware removal programs via internet or through USB drive, I keep seeing a window which pops up asking me which program I want to use to open the program. I have run the computer under the adminstrator and do not seem to have problems running the

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log



View attachment hijackthis.log

malware removal steps and have attached the reports from the intructions.

Even when I try to open add or remove programs under control panel- I get the following message: "C\windoesn\system32\rundll32.exe- application not found. I am thinking that It is something to do with AVG and have removed the program with the step.

Please help....

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log
 

Answer:Help with malware removal- have run malware removal instructions

ssmehta007 said:



....try to run the malware removal programs via internet or through USB driveClick to expand...

Specific download and installation instructions are in our R&R ME FIRST guide :
ComboFix
Running from: l:\combifix\ComboFix.exe <--- belongs on your desktop

RootRepeal
Save it to your Desktop

SAS & MBAM
Installed to the Default Location - "C:/Program Files", as we suggest that you keep them after malware removal.

MGTools.zip
Download this file to the root folder of the drive where you have installed Windows (Typically this would be C:\ and thus you would have a C:\MGtools.exe file after downloading). ​
Please make those corrections and attach the missing RRlog.txt (from RootRepeal) and MGlogs.zip - normally it is C:\MGlogs.zip . Please tell me any problems you still have.
 

18 more replies