Computer Support Forum

"Your computer is infected!" & Awola

Question: "Your computer is infected!" & Awola

Ran all the "READ & RUN ME FIRST" (Win XP) steps. Still have popups from yield sign in tray that say "Your computer is infected!" Also still have Awola Anti-spyware that either Spybot S&D or AVG had detected, and I thought, deleted.

Attached Combofix and MGTools logs. AVG had no report to save even though I had "Automatically generate report after every scan" checked and "Only if threats are found" unchecked. The only thing AVG found was 9 cookies.

Thanks.

Relevance 100%
Preferred Solution: "Your computer is infected!" & Awola

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: "Your computer is infected!" & Awola

Hi cee3!
Welcome to Major Geeks!

I'm looking at your logs.
abri

8 more replies
Relevance 81.78%

I'm in an identical situation to another post. I'm not sure though if the response to other post was based on the reports or not. So, like the other guy:

Ran all the "READ & RUN ME FIRST" (Win XP) steps. Still have popups from yield sign in tray that say "Your computer is infected!" Also still have Awola Anti-spyware that either Spybot S&D or AVG had detected, and I thought, deleted.

Thank you so much for this forum!! Just let me know if I should simply follow what the other thread described.
 

Answer:AWOLA antispy and "Your Computer is Infected"

Hi kilgore!
I'll take a look at your logs and get back to you. This takes some time, so thanks for your patience. Please don't use your computer too much until we're sure it's clean.
abri
 

14 more replies
Relevance 87.74%

Okay... I've read several responses to the "PSGuard" variant of this virus/trojan/spyware, and tried all those solutions. Nothing seems to work. This think is kicking my butt... basically... I don't think it's actually doing anything. I've removed several Trojans that 'were' infecting my computer which is where this stupid little icon came from:



... but the icon remains. That was screen-cap'd in SAFE MODE with nothing on. I'll post two HiJackThis logs. The first one is from safe mode... the second is the one of my currently running system.

-First Log (SAFE MODE)-

-------------------------------------------------
----------------------------------------


Current Log

----------------------------------------
--------------------------------------------

Edit by chaslang: Multiple unrequested inline logs removed


Scanners/Utilities Ran (All scans done in safe mode, as well as regular with current def's)

- Ewido Security Scan (removed several trojans most likely associated with icon)
- SpyBot S&D (Removed several 'normal' spyware entries)
- HiJackThis (Manually removed any entries/services that were not identifiable)
- AdAware (after other scans, literally found 0 entries)
- TrendMicro SysClean (Took forever, also found nothing)
- RootKitRevealer (Only found my SCSI Enabler used by Daemon Tools and other non-threatening entries, will post log at request)
- AutoRuns (Nothing unidentifiable)
- P... Read more

Answer:Red "(!)" Icon - "Your computer is infected!" (WorldAntiSpy)

-=PROBLEM SOLVED=-

Okay... my system was clean. But, the icon roots itself in the %system%\system32\wininet.dll file, so... I went into the windows recovery console, and copied over a fresh one from the %system%\ServicePackInformation\I386 folder and poof... icon gone.

Then when I rebooted, I had a nice little windows update waiting for me.

If you'd like, I can attach the infected dll file (renamed wininet.old 643k) or e-mail it somewhere for analyzation purposes.

Thanks for all your help!!!

-Z
 

4 more replies
Relevance 86.1%

I double-click and get "search" instead of "open"--only when I click a disk, like Hard Drive C: or Floppy A: or CD F: and so on.

It didn't used to do this, so I must've inadvertently changed some setting somewhere, but darned if I can find it now.

Any ideas?
 

Answer:Solved: On the "my computer" list, I double-click on disks and get "search" instead of "open"

12 more replies
Relevance 86.1%

Ok, so im new here so hey everybody..

to the point: my laptop is "stuttering"/lagging/skipping.
whatever you wanna call it its doing it.
my video/music/and cursor skip every second for a splt second it starts on start-up and dont stop til i turn my laptop off. it happens in a pattern its not random, ive done checked my drivers, spyware, and m RAM is good.. so can someone please help me? ***could it be because my battery wont hold a charger? so it has to be hooked up to the charger at ALL times or it dies Example: is the charger not got the "juice" to run the laptop by itself so it studders/skips..*** i dont know if this has anything to do with my problem but i ran "event viewer" and found this : The following boot-start or system-start driver(s) failed to load:
Cdrom
Imapi
redbook

PLEASE HELP




OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Genuine Intel(R) CPU T2250 @ 1.73GHz, x86 Family 6 Model 14 Stepping 8
Processor Count: 2
RAM: 502 Mb
Graphics Card: Mobile Intel(R) 945GM Express Chipset Family, 224 Mb
Hard Drives: C: Total - 39723 MB, Free - 23484 MB; D: Total - 12684 MB, Free - 3633 MB;
Motherboard: Dell Inc., 0FF049, , .HWPLLB1.CN1296167S5169.
Antivirus: McAfee VirusScan, Updated: Yes, On-Demand Scanner: Disable
 

Answer:Solved: Whole computer "studders"/"skips"/"lags" .. have event viewer report (PLEASE

6 more replies
Relevance 84.87%

Ok, so im new here so hey everybody..

to the point: my laptop is "stuttering"/lagging/skipping.
whatever you wanna call it its doing it.
my video/music/and cursor skip every second for a splt second it starts on start-up and dont stop til i turn my laptop off. it happens in a pattern its not random, ive done checked my drivers, spyware, and m RAM is good.. so can someone please help me? ***could it be because my battery wont hold a charger? so it has to be hooked up to the charger at ALL times or it dies Example: is the charger not got the "juice" to run the laptop by itself so it studders/skips..*** i dont know if this has anything to do with my problem but i ran "event viewer" and found this : The following boot-start or system-start driver(s) failed to load:
Cdrom
Imapi
redbook

PLEASE HELP
 

Answer:Whole computer "studders"/"skips"/"lags" .. have event viewer report (PLEASE HELP)

**(DONT KNOW IF THIS WILL HELP..)***

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Genuine Intel(R) CPU T2250 @ 1.73GHz, x86 Family 6 Model 14 Stepping 8
Processor Count: 2
RAM: 502 Mb
Graphics Card: Mobile Intel(R) 945GM Express Chipset Family, 224 Mb
Hard Drives: C: Total - 39723 MB, Free - 23484 MB; D: Total - 12684 MB, Free - 3633 MB;
 

2 more replies
Relevance 84.05%

My computer either freezes or slows to a crawl when I hit the "my computer" icon, or try to use the "send to:" option under files or when I try to save a file in a different folder other than the one currently displayed in the "save in" feature. Major geeks cured this problem for me in 2004, but I did not save the solution and cannot remember it now. Please help...again!

I use xp pro sp2; intel pentium 4a; 2.66ghz hd (1% left); 512ram

Thanks
 

Answer:"My Computer", "send to:", "save in:" Functions slow or freeze computer

Go to the "Search" funtion (along the top in the same row as User CP, FAQ, Members list etc)...click on advanced search...type your name in the "search by user name" then click search now at the bottom..this will bring up your posts...
 

6 more replies
Relevance 82.41%

Got my computer back today (Windows XP), and my background is now all green with a black box in the middle saying "Your System Is Infected...etc"

Also a red circle with a white X in the task bar

I can't open the task manager

Can Anyone Help???...

Downloaded HiJackThis

My log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:51 AM, on 12/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\sy... Read more

Answer:"Your System Is Infected" Background + "Internet Security 2010" virus/malware problem

Hi and welcome to TSF.

I'm afraid HijackThis no longer provides the information we require.

We want all our members to perform the steps outlined in the link given below, as far as they possibly can, before posting for assistance.

http://www.techsupportforum.com/f50/...lp-305963.html

If you have problems with any of the steps, simply move on to the next one and make a note of the problem in your reply.

Please note that the Security Forum is always busy, so I would ask for your patience while waiting for a reply - it may take a few days.

This thread will now be closed.

1 more replies
Relevance 82.41%

Got my computer back today (Windows XP), and my background is now all green with a black box in the middle saying "Your System Is Infected...etc"

Also a red circle with a white X in the task bar

I can't open the task manager

Can Anyone Help???...

Downloaded HiJackThis

My log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:51 AM, on 12/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\i... Read more

More replies
Relevance 82.41%

I've been having some problems with my computer and I've always somehow managed to work my way around the issues spyware/malware etc. have created but lately it's been getting out of hand.. Some time ago I got a virus or something that made the entire tab under "Processes" dissapear. So I could not see process-names in the task-manager. I have re-installed XP but this problem persists. I have been using a different application to monitor and handle processes.

The problem now is the constant pop-ups generated from this fake anti-virus program calling itself "Anti Virus Pro 2007" or something.. It pops up with fake commercials, and even attach itself into other explorer-windows while I view other pages.

As popups and messageboxes keep popping up, I close them, but after a while windows will open a messagebox telling me "Buffer overrun detected in e:\Windows\system32\explorer.exe" (or \\windows\explorer.exe I don't remember really but you get the idea) and explorer.exe will be terminated, sometimes taking some internet explorer windows along with it, other times explorer.exe just starts up again and all my windows remain.

I used to have Norton but was forced to remove it as it was sucking up all my CPU. It rendered my computer useless, as I mainly use it for gaming.

I've also experienced having the connection between me and my modem broken while beeing on the internet, and I don't know if my computer actually is offline or if -I'm- just... Read more

Answer:Infected - "Win Anti Spyware" "Buffer overrun error" and a fake dialer or something++

Hello and welcome to TSF

Please download ComboFix

Note: It is important that it is saved directly to your desktop.

Close all browsers. Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.

You are using an older version of HijackThis. Please do the following to download and install the latest version of HijackThis v2.0.2:

CLICK HERE to download the HijackThis Installer:Save HJTInstall.exe to your desktop.
Double-click on HJTInstall.exe to run the program.
By default it will install to C:\Program Files\Trend Micro\HijackThis.
Accept the license agreement by clicking the "I Accept" button.
Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
Click "Save log" to save the log file and then the log will open in Notepad.
Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
Come back here to this thread and paste the log in your next reply.
Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

You may delete the older version once you have successfully downloaded and installed the latest version of HijackThis v2.0.2.

Expected logs:

Combofix.txt
HijackThis log

19 more replies
Relevance 82%

I thought I was computer savvy until this problem came up. When I double click my computer, recycle bin, control panel, etc, the hourglass comes up for a few seconds, goes off, and nothing else. No error messages or anything, just nothing. I have viewed a few of the threads covering this and a common link was the hijack this result. I have posted that here, and really hope that someone can help me with this. I have run SpyBotSD and adaware, I have run mutiple virus scans, I did an SFC, and the final thing was to repair windows using the original disk, none of which has help. I am running Window XP w/SP2. Any other suggestions would be certainly appreciated. Hope to here from someone soon. MTCS, out.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TDSTEL~1\ENTERN~1\app\pppoeservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusCl... Read more

Answer:I cannot open "my computer" "control panel" "recycle bin", etc...

You may want to reinstall the operating system.

Backupthe files that are importantto you before you reinstall.

The "New" installation will overwrite the current one

If you do not format your hard drive before the reinstall the installation should not harm your files (That's why I suggest backingup your files) and will speed up the installation process.
 

1 more replies
Relevance 82%

Ok, so basically, whenever I turn the computer on, 3 error messages appear:

- A virtual driver failed to inicialize DLL. Chose close to end the program. H:/Windows/system32/code/pRee.exe

- A virtual driver failed to inicialize DLL. Chose close to end the program. H:/Windows/system32/code/pRee1.exe

- Error loading H:/Archiv~/GBPLUG~/gbiehcef.dll. Couldn't find specific module.

(sorry if some terms are incorrect, my computer is in Spanish, to I tried to translate as best as possible)

Please help me solve this terrible problem, it is really getting me on my nerves! (oh, and if this helps, I've recently donwloaded this so called "Limewire acceleration", and whenever I ran the setup, it didn't work. I don't really remember the name of the website I downloaded it from, sorry...)

Answer:Can't Open "My Documents", "Trash" or other files in "My Computer"!?

Hi and Welcome to the forum

I am almost certain that you have malware problems. Most like caused by you doing file sharing/ P2P - Limewire.

Suggest that you go here and follow the directions:

http://www.techsupportforum.com/secu...oval-help.html

Please be advised that the malware people are very busy and it could take a couple days to assist you.

BG

1 more replies
Relevance 82%

infected with "vbs", used "Flash_Disinfector" & folders on hard drive unable to open
________________________________________
HI,
i got infected with "vbs" through someone's usb, i ran "Flash_Disinfector", then installed "kaspersky 7", scaned the whole computer, it also deleted vbs trojan. However, after that when i tried to open my computer by clicking on its icon, it did not open, i tried to open it fron strat up, but the result was same. all others like my documents etc were all right, i open my computer through my documents, opened my c drive, when i tried to open further any folder present present in the C drive it gave me the error, that is,this item "1002931234.vbs" that this shortcut refers to has been changed or moved, so this shortcut will no longer work properly. Do you want to delete this shortcut? Howerever all my folders were not having any shortcut sign & it was same with all folders present in all my drives, but when i wrote the name of the folder in the address bar, it opened normaly, so now i cannot open my computer through its icon plus all the folders present in my hard drive. please help me to sort this thing out.

dds


DDS (Ver_09-12-01.01) - NTFSx86
Run by Nadeem_Ahmad at 14:54:49.54 on Sat 03/13/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1975.1542 [GMT 8:00]

AV: Kaspersky Anti-Virus *On-access scanning disable... Read more

Answer:infected with "vbs", afte "Flash_Disinfector" all folders on hard drive don't open

Hello buct,

It will require more than 1 round to clean the system. Please stay with me until given the 'all clear' even if symptoms seem to abate.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal.


====================================================


Double click on combofix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes,... Read more

10 more replies
Relevance 82%

HI,
i got infected with "vbs" through someone's usb, i ran "Flash_Disinfector", then installed "kaspersky 7", scaned the whole computer, it also deleted vbs trojan. However, after that when i tried to open my computer by clicking on its icon, it did not open, i tried to open it fron strat up, but the result was same. all others like my documents etc were all right, i open my computer through my documents, opened my c drive, when i tried to open further any folder present present in the C drive it gave me the error ( i am including the error meggage in attachment), howerever all my folders were not having any shortcut sign & it was same with all folders present in all my drives, but when i wrote the name of the folder in the address bar, it opened normaly, so now i cannot open my computer through its icon plus all the folders present in my hard drive. please help me to sort this thing out.

Answer:infected with "vbs", used "Flash_Disinfector" & folders on hard drive unable to open

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 82%

System: Acer Aspire one netbook.
Win XP home ed. SP3

Synopsis of issue:
Got this comp. from my company for a new line of work I started. Was "deep frozen" when I got it and was useless to me in that state. Got it thawed and it suddenly wanted to do loads of updates, so I let it. Apparently I was not careful enough & got the "XP antivirus 2012" malware.

Eventually conquered that beast and installed avira free. almost immediately avira picked up on the "html/infected win.gen2" malware. I quarantined, deleted, scanned comp. w. avira, rkill, & malwarebytes. all scans came up clean but I now have no connectivity. wired conn. continually tries to acquire network address and w.less has limited or no....

Not my router or modem as I have 2 home comps actively cnctd as I type this. Also tried multiple other networks w. same neg. results.

After loads of searching and t/s'ing I believe I have found the root of the problem: When I look under "services" I found that "netbios helper", "Network Location Awareness" & "dhcp client" are all not started.

Trying to start them results in failure b/c some "dependencies are marked for deletion". the afore-mentioned 3 things are dependent upon the Netbios over tcpip and tcpip protocol driver.

Those drivers are in the system32/drivers folder but I cannot find a "non plug and play" section in the device manager. Yes, I looked under ... Read more

Answer:[SOLVED] No Connectivity after "infected win.gen2" and "XP antivirus 2012" issues

Hello Gunnersfan13,

I do see the problem and I'll have to ask you to please stop any more action on your part to resolve this yourself or you'll make my job that much more difficult. :)

You are still very much infected with ZAccess. I need to see the dds.txt. (You posted, and attached, only the Attach.txt produced by dds.scr)

Run dds.scr again, and post the contents of the dds.txt.

==============================

Next, open Notepad and copy/paste the contents inside the quote box below, into Notepad.


Quote:




regedit /a afdexport.txt "HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolset\Services\AFD"
notepad afdexport.txt




Save this as afdexport.bat Choose to "Save type as - All Files"

Double click on the .bat file & allow it to run. Then post the log which it produces

===============================

Also, download SystemLook from one of the links below and transfer it to your desktop.

Download Mirror #1
Download Mirror #2Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:


Code:
:filefind
afd.sys

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt

19 more replies
Relevance 82%

Hello,

Last week, on an AMD Athlon 2200+ based PC running Windows 2000 Pro I was seeing numerous symptoms including being unable to run Internet Explorer-based Windows Update or Microsoft Update, and not being able to run the Add/Remove Programs component. Attempts to do these tasks would result in a non-responsive window which if hovered over with the mouse pointer would turn the pointer into the hourglass icon. Interestingly, Task Manager did not show these windows as "Not Responding" so they weren't typical "freezes" or "hangs", but they could only be closed by killing the respective process.

Having had good success with the READ & RUN ME FIRST, Malware Removal Guide in these forms in the past, I started the same procedure. Both SAS and MBAM found no infections, but while running ComboFix, just after the "Completed Stage_50" message, the message "System file is infected !! Attempting to restore C:\WINNT\system32\comres.dll" was displayed.

ComboFix then said it would reboot, but after the restart, a window appeared for which I didn't write down the details verbatim. It was some kind of announcement that the system was shutting down in 60 seconds due to something resulting from lsass.exe. At the end of the countdown, the computer restarted again, but then would arrive at a blank desktop and not progress any further. The mouse pointer would move, but the system did not respond to any clicking (left or ri... Read more

Answer:ComboFix reports "comres.dll" is infected & "axaltocm.dll" file reappears

Here are more attached log files.


krellkraver
 

17 more replies
Relevance 81.18%

Hi, this is my first time posting here.

I'm running Windows XP Pro SP2, and my computer has a virus that, at first, was giving me a tool-tip-like message from the system tray saying "Your computer is infected! ..." and something about installing a scam antivirus program. I've done a lot of searching for this issue and have seen many cases of it. Posts on other forums offered specialized programs like "Smitfraudfix.exe" and others that I was unable to get to work.

I've updated my Java (which stopped the annoying "Your computer is infected!" popup), removed my Temporary Internet Files, and run Avast! and Avira every time I restart my computer, but each time there seems to be malware that needs removed. Can someone please help me clean this virus / trojan off of my machine completely?

Thank you for your time, here is a HJT log from the time of this post:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:10:53 PM, on 9/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files... Read more

Answer:"Your computer is infected!" Popup message. Computer infected with Trojan

16 more replies
Relevance 81.18%

In Windows XP, fully updated, I have several folders full of mp3's and want to see the bit rate and duration. I right click on a column heading and select "Bit rate". I then click on "More..." so I can get to "Duration", and I select that one too.

But all the figures in the "Duration" column appear to be in "hours" and "minutes", so I see "00:04" or "00:03", but what I want is "minutes" and "seconds".

Any thoughts as to how to change this?
 

Answer:Solved: Windows Explorer "Duration" Column - no "Seconds", just "Hours" and "Minutes"

16 more replies
Relevance 80.77%

My ASUS computer (Windows 7, 64 bit) was infected by "AV Security 2012". It seems that it is bundled with "ZeroAccess Rootkit" because it won't allow any program to run, claiming that they are infected. Besides poping up alerts and windows, it also disabled "System Restore" function and won't allow me to boot into Safe Mode. It does not allow me to delete AV Security 2012v121.exe either.

I read a bunch of articles online about how to remove it, but apparently, the people who developed this virus are reading them too! This version of virus has rendered these instruction useless. This is way beyond me now. I need help from a few Einsteins to kick this virus's butt.

Below is the HijackThis log. It won't let me run DDS, downloaded from the first link, probably killed by the "ZeroAccess Rootkit".

The complete HijackThis log:

===
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:25:14 PM, on 11/10/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\Shawn\AppData\Roaming\hAA11uvvS\AV Security 2012v121.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe
... Read more

Answer:Infected with "AV Security 2012" bundled with "ZeroAcess rootkit"

Oh, one more thing, after the infection, the computer told me that I need to restart the computer to install Windows updates and stupidly I did.
 

1 more replies
Relevance 80.77%

Hi All, Happy New Year!

First time posting... On 1/3/08 i ended up with a bunch of viruses on my computer. From what I can gather they are bad news. I down loaded PC Tools to do a search and found a bunch of Trojans and other nasties...

I have uploaded a screen shot of the PC Tools scan...

In the "C:\Program Files\Video Add On" folder the following can't be deleted:
icmtr.dll
icthis
isfmdl.dll
isfmm
isfmntr

In the "C:\Program Files\Helper" folder the following was found:
turbosearchsite.dll e404 Module

What is this? Do I need the file in Helper?

Please help!

PS: I am not a techno savvy guy. I kinda know what is going on but only enough to get myself into trouble and not be able to get out! I tried a few things to get rid of them but was unsuccessful.

From what I have seen I will be here for a bit. Thanks in advance.

bassndude (that's Bass as in the fish not the musical instrument ;-)
 

Answer:Infected: "Video Add On" and "Helper" folder that contain Trojan viruses...HELP

16 more replies
Relevance 79.95%

I am running Windows XP SP3, fully updated, on an Acer lap top PC.

I have several folders full of .mp3's and want to see the bit rate and duration. To do this I right click on a column heading and select "Bit rate". I then click on "More..." so I can get to "Duration", and I select that one too.

The two new columns appear, but the format of the "Duration" column appears to be "hours:minutes", so I see "00:04" or "00:03" for most .mp3's, when what I want to see is 'hours:minutes:seconds", e.g. "00:03:45".

This also happens for video files (.avi files), e.g. all my episodes of "Heroes" (sad, I know) have a duration of "00:42" instead of "00:42:xx".


Here are two pictures showing the problem with the .mp3's. The first is of Explorer showing the Duration as "Hours:Minutes":




The second picture is of the properties window of the first .mp3 in the list above:




I copied some .mp3 files to another (old) PC on my home network, and it displayed the duration field correctly:




Also, the properties window correctly shows the duration also:





I'm not the only person to have this problem. I received a private message from a member of another forum where I posted about this problem several weeks ago. That person also has the same problem with the duration field.

The tech guys on that forum were unable to find the source... Read more

Answer:Windows Explorer "Duration" Column - no "Seconds", just "Hours" and "Minutes"

* bump *

Tricky, this one!

8 more replies
Relevance 79.54%

Here are a few things that may be relevant to the problem:

1) Computer unable to access certain websites. (Ex: yahoo, facebook, etc.)
2) I did a scan and my computer is supposedly infected with "zlob" and "adware.IpWins"
3) My computer is running significantly slower then a few weeks ago.
4) Tons of random pop-ups that I did not have a few weeks ago.
5) Full system Scanned with Lavasoft's Ad-Aware but problem persists.

Here is my HJT log:
--------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:18 PM, on 9/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG... Read more

Answer:Computer infected with spyware. Infected with "Zlob"?

11 more replies
Relevance 79.13%

Hey all, been a while since I posted here, though I do pop my head in from time to time. Well, we all know the scammy "your computer is infected, call 855-226-4686 to fix it" pop ups that happen. Unfortunately my mom panicked and actually called it, and gave the remote access to her computer. I've run the scans, can you please help me figure out what to do about this. Thanks all.
 

Answer:My Mother Clicked The "your Computer Is Infected Call Xxx-xxxx To Fix It" Redirect

Actually it does not look like anything bad is running. I do however suggest changing any passwords for user accounts on this PC and also changing all online email, banking.....etc account passwords just in case they were able to steal any info related to this from your PC.

Also I suggest deleting the below folder which they may have put on the PC for remote access:
C:\Program Files (x86)\Citrix
 

1 more replies
Relevance 79.13%

Their is a Red Circle in my systems tray in the right hand bottom corner and every 10 seconds is pops up saying "Your computer is infected!". Very annoying. Can anyone help, I have ewido, hijack this, ad-aware, norton, singer, CleanUp!
here is my log.
Logfile of HijackThis v1.99.1
Scan saved at 09:20:43, on 30/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:... Read more

Answer:"Your computer is infected!" Keeps poping up in systems tray? Red Circle with white X

9 more replies
Relevance 79.13%

Made a HUGE mistake, messed with the settings under "My Computer" > "Manage" > "Services> and also the "Local Users". Now having trouble, can not see my "Start and Task Bar", the "windows"+ ''e" is no longer working.

How can I restore the Services & the Local Users account without having to reinstall my whole computer? I am afraid I will loose lots of files... I do not remember what exactly I changed, but some of the "Services" I changed to "disable" now when I try to open properties and change them back, I am unable. The right click to get to properties is not working.

Your help is highly appreciated.

Answer:How to restore the defaults for "services" under "My Computer" > "Manage>

I am not sure about the "quick" way of restoring, but what you can do is go back to services, "RIGHT-CLICK" the white area select "HELP" then the third option is "Default settings for services"

you can see what the default was and manually restore it. I have tried to copy and paste it below

==========================================================

Service Startup Type Log On As Additional information
Alerter Manual Local Service
Application Layer Gateway Manual Local Service
Application Management Manual Local System
Automatic Updates Automatic Local System
ClipBook Manual Local System
COM+ Event System Manual Local System
COM+ System Application Manual Local System
Computer Browser Automatic Local System
Cryptographic Services Automatic Local System
DHCP Client Automatic Local System
Distributed Link Tracking Client Automatic Local System
Error Reporting Automatic Local System
Event Log Automatic Local System
Help and Support Automatic Local System
IMAPI CD-Burning COM Manual Local System
Internet Connection Sharing Manual Local System
IPSec Services Automatic Local System
Logical Disk Manager Automatic Local System
Logical Disk Manager Administrative Service Manual Local System
MS Software Shadow Copy Provider Manual Local System
Net Logon Automatic Local System
NetMeeting Remote Desktop Sharing Manual Local System
Network Connections Manual Local System
... Read more

3 more replies
Relevance 79.13%
Answer:"msvcr80.dll is missing from your computer." WindowsUpdate_00000643" "WindowsUpdate_dt000"

Hi,

Please share more information with us, when did you found this iussue? what action are you doing when you found this issue?
Plese first refer to this KB, does it fit this issue?
NET Framework update installation error: "0x80070643" or "0x643"
http://support.microsoft.com/kb/976982/en-us
More information will be appreciate.
Regards
Yolanda
TechNet Community Support

5 more replies
Relevance 79.13%

Grateful you advise where to find the answer I am sure exists but cannot find.
Frequently get this "critical alert" warning of infected computer (MS Pro Plus), error# 68T3.....etc.
How can I fix this? Thanks!

More replies
Relevance 79.13%

Hi i have the "your pivacy is in danger" red screen virus that appears to have infected many othe users.
Similarly i have limited acces to my computer, have numerous popups and am generally frustrated.
I have posted my hijackthis log below

Really hope someone can help.

Regards

James
Hijack This Log:
Logfile of HijackThis v1.99.1
Scan saved at 19:05: VIRUS ALERT!, on 27/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ewido\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0... Read more

Answer:Solved: "Your Privacy is in danger" Virus has infected my computer

13 more replies
Relevance 79.13%

Please help...
All of a sudden I'm getting this popup non stop, I ran SuperAntiSpyware, adware, and Norton, but nothing help...sigh!

Somebody, please help! Thanks so much!

this is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:11 PM, on 3/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\brows... Read more

Answer:Solved: Please Help to Remove "NOTICE: If your computer is infected..." popup

16 more replies
Relevance 79.13%

Hello there, friends at Tech Support Forums. Once before I visited the website and received timely, effective assistance with a problem, and I'm returning seeking similar advice.

I've browsed through a few other postings, and it seems that a few other people describe the same sort of situation that I'm dealing with. I'm using a laptop with Windows XP, and in the bottom righthand taskbar there is a red circle icon with a white X that simulates Windows antispyware message. It periodically states the following in a popup box:

"Your computer is infected! Windows has detected spyware infection! It is recommended to use special antispyware tools to pervent [sic] data loss. Windows will now download and install the most up-to-date antispyware for you. Click here to protect your computer from spyware!"

If I click this bubble, then it leads me to a website that encourages me to download a program called PC-Antispy or PC Clean Pro. Also, another message pops up periodically. This message also has a bubble that leads to the same website to download PC-Antispy program.:

"Windows Security Alert
To help protect your computer, Windows Firewall has detected activity of harmful software. Do you want to block this software from sending data over the Internet?

Name: Trojan-Clicker.Win32Tiny.h
Risk Level: Critical
Description: This Trojan opens a range of web pages without the knowledge or consent of the user. The Trojan adds a rule to the Windows Firewall which ... Read more

Answer:Computer infected. Please help: Red Circle with White X in taskbar/"PC-Antispy"

My apologies for being preemptive, but I was hoping I could provide more timely information to you, so I followed directions that were given to other folks with similar problems. I downloaded Combofix and the Windows XP Service Pack 2 program, turned off anti-spyware/anti-malware programs, and then dropped the Windows SP program into the Combofix program. I ran into no problems, and I have included the three logs requested in other forums in this reply (e.g., ComboFix.txt, new HijackThis log, Add-Remove Programs.txt).

The red symbol with white X is gone, but when I try to go to Tech Support Forums via Google Search results, I am still redirected to other sites. Also, I still periodically get a Windows Security Alert stating:

"To help protect your computer, Windows Firewall has detected activity of harmful software. Do you want to block this software from sending data over the Internet?

Name: Trojan-Spy.Win32.KeyLogger.aa
Risk Level: Critical
Description: This Trojan has a keyboard logging function, which is intended to steal information from users of a range of on-line payment systems. . . [etc.]"

So, it seems like there may still a problem. Please see the logs below. Thanks in advance for any advice you can provide.

--------------------------------------------------

ComboFix 08-10-12.01 - Owner 2008-10-13 11:27:17.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.565 [GMT -5:00]
Running from: C:\Documents and Settings\... Read more

11 more replies
Relevance 79.13%

I went to a website of a ligit company and a pop up came up asking if I would accept the certificate...thinking that this is a real company I accepted...as soon as I did my system restarted it self. When it loaded back up of course I had warnings from my virus detector that I was infected, but it was in quarentine..obviously not because I keep getting the pop-up.

I tried MANY times to run Panda ActiveScan however it would go so far and quit...after numerous tries I stopped it after it detected some things.

Panda ActiveScan

Incident Status Location

Dialer:dialer.su Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\uninstall\Switch
Adware:adware/wupd Not disinfected Windows Registry ... Read more

Answer:"Your computer is infected!" pop-up (trojan-downloader.win32.adload.ma

Please download BootCheck.exe to your desktop.Double click BootCheck.exe to run the check
When complete, a Notepad window will open with some text in it
Save the Notepad file to your desktop as BootCheck.txt
Copy the contents of BootCheck.txt and post it in your next reply

19 more replies
Relevance 79.13%

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:38 PM, on 3/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Windows\regedit.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Win... Read more

Answer:"Your computer was infected by unknown trojan" System Error

Hi Dr_Omels

Thank you for your patience. I will be helping you deal with the issues raised in your log from this point onwards

Before we start jumping into things, here is a quick basic note which I mention to everyone. The fix which I have provided for you is for this computer only, it should not be used on any other computer. Each fix is tailor made for the specific task in hand. If for some reason you have system restore disabled, then please re-enable it before proceeding, an infected restore is better than none. Please read through the fix first and set enough time aside to complete the task in one session. If there is anything you feel needs clarification then please ask - do not guess! Thanks.

If this is a business computer or a computer from a work place then please advise your IT department of the concerning issues before commencing further.

Please follow these directions in the order they are set out for you.

On with the fix.....

Please download Malwarebytes' Anti-Malware from Here or Here

Double-click mbam-setup.exe and follow the prompts to install the program.
Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is che... Read more

1 more replies
Relevance 79.13%

Ok, I know this has been on here before but i seriously need help with it.

Im getting the "Your computer is infected! Windows has detected spyware infection." message from a white 'X' in a red circle in my tray and it says click on it to get protection, its obviously the virus / malware itself that is causing this message but I cant get rid of it.

Previous forums said it was Spyaxe, but I tried the uninstallers from spyaxe to get rid of it but that didnt work. I also tried Smitrem and have run Adaware SE (which seems to feeze when it gets to the system32/dllcache part of the scan????????) and it wont cure it.

I think some rogue programs such as ann.exe and winstall.exe have come from this malware (if this helps!!?) but I have tried everything to get rid of it and it just wont go!

Oh I also had a prob getting to safe mode, when i select it from start up (i.e. after pessing F8) a blace screen with a list of dll files comes up and then it freezes and wont boot up. I have to turn off power and restart to normal mode to get rid of it!!! dont know if this is anything to do with it??

ANY help at all will be so gratefully received.

Cheers guys.
 

Answer:"Your computer is infected! Windows has detected spyware infection."

You need to have a read of this - If your system is infected. Read this before deciding whether to CLEAN or REFORMAT.

Then if you should wish to proceed with cleaning your system you need to go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT and AVG Antispyware logs as ATTACHMENTS into a new thread in the Security and the Web forum, only after doing the above.
 

9 more replies
Relevance 79.13%

Hello -
I'm a getting a pop-up sting when I try to open internet explorer and some other programs that says "Your computer was infected by unknown trojan. It's dangerous for your system (critical files can be lost)! Click OK to download antispyware program to clean your system! (recommended)"

My Internet Explorer now gives me a message that says "Internet Explorer has encountered a problem and needs to close........."

I did a full system scan with my antivirus software loaded on my computer bu it did not find anything infected. It is Norton and not currently up to date, unfortunately I had not kept up on the renewal.

I was going through the 5-step checklist but can not get Explorer to open so unfortunaltely I could only get through step 1 and did not find any of the files listed, or anything unusual in my Program Files.

So I'm stuck. I would go out and purchase some off the shelf anti-spy software but not sure if that will fix my problem.

Please advise!

More replies
Relevance 79.13%

Hello,

Thanks in advance for your help.. it is greatly appreciated. I have already gone through the 5 steps prior to posting, and was unable to run one.. Panda online scan. I have also exhausted the malware self help on this one.

On opening or using Internet Explorer we get this:

System Error!
Your computer was infected by an unknown trojan.
It's dangerous for your system (critical files can be lost)!
Click OK to download the antispyware program to clean your system! (Recommended)

It's a winxp machine with AVG Antivirus Pro & Windows Defender. All efforts have failed so far.

Deckards log:

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-01-17 11:45:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-01-17 17:45:52 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:46 AM, on 1/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\sy... Read more

Answer:[SOLVED] IE infection "Your computer was infected by an unknown trojan"

72 hour bump... thanks for any help you can provide!

4 more replies
Relevance 79.13%

I hit the wrong button and now have a consistent baloon in the right corner saying " Your computer is infected." and directs me to Spyware Strike.

After initial symantec scan, it showed trojan.zlob.

After further scans and removals of files. It still repopulates itself on start up, the message reappears, etc.

Help.

I tried the Symantec help area and did a scan using safe mode, I disabled system restore, I ran adaware, registry mechanic, but could not find the files in the registry that Symantec suggested would be there.

Help again.
 

Answer:trojan.zlob, pop ups, baloon in corner "Your computer is infected."

Click here to download HJTsetup.exe: http://www.thespykiller.co.uk/files/HJTSetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

3 more replies
Relevance 79.13%

I hit the wrong button and now have a consistent baloon in the right corner saying " Your computer is infected." and directs me to Spyware Strike.

After initial symantec scan, it showed trojan.zlob.

After further scans and removals of files. It still repopulates itself on start up, the message reappears, etc.

Help.

I tried the Symantec help area and did a scan using safe mode, I disabled system restore, I ran adaware, registry mechanic, but could not find the files in the registry that Symantec suggested would be there.

Help again.
 

Answer:trojan.zlob, pop ups, baloon in corner "Your computer is infected."

Duplicate. Continue posting here only please: http://forums.techguy.org/security/...ups-baloon-corner-your-computer-infected.html
 

1 more replies
Relevance 79.13%

A quick scan of the internet shows that I am not the only one to get this during the last several days. When I try to access Control Panel > Fonts, I get a popup reading "System error! Your computer was infected by unknown trojan. It's dangerous for your system (critical files can be lost)! Click OK to download the anti-spyware program to clean your system! (Recommended)"

Then I get a message to the effect that Windows Explorer has encountered an error & must close. So I never get to Fonts.

What it wants to download, I gather, is the rogue antispyware program "Files-Secure." Of course, I haven't pressed the button to download it, but I can't get rid of the damned thing--AVG, A-Squared, Bit Defender, AdAware, SpybotS&D--and not one of them zaps it.

Here my log from SmitfraudFix, which I just ran:

SmitFraudFix v2.274

Scan done at 12:57:45.40, Fri 01/18/2008
Run from C:\Documents and Settings\Stephen\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Av... Read more

More replies
Relevance 78.72%

Hi all,

The "Your computer is infected! Dangerous malware infection was detected on your PC. They system will now download and install the most efficient antimalware program to prevent data loss and your private information theft. Click here to protect your computer from the biggest malware threats." balloon in taskbar appears constantly and time after time it installs SpyAxe. I have tried many spyware/malware/virus software, but nothing seems to do the trick. Each of them finds something or other, but the main problem (balloon) is still there. Following is the Hijackthis log. Thanks in advance for your help.

Logfile of HijackThis v1.99.1
Scan saved at 5:45:56 PM, on 12/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Sunbelt S... Read more

Answer:"Your computer is infected!" balloon in taskbar/SpyAxe

Please download these additional files/programs. Do not run them unless instructed to do so.

smitRem.exe - extract it to it's own folder.

CleanUp!.exe - Install

Ad-aware - install it if you don't have it already. Make sure it's the newest version and check for any updates before running it. Also make sure to customize the settings in Ad-aware at http://www.greyknight17.com/spyware.htm#adaware for better scan results. One updated, and custom settings in place, Close Adaware.

Ewido Security SuiteInstall Ewido Security Suite
When installing, under "Additional Options" uncheck..Install background guard
Install scan via context menu

Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.On the left hand side of the main screen click update.
Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.


'UNPLUG'/DISCONNECT YOUR COMPUTER FROM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING


This webpage would not be available when you're carrying out the fix. Please save the following instructions in Notepad. I have customized my instructions on the assumption that you are using Notepad. It may lead to some confusion should you choose to do otherwise.

If there's anything that you don't understand, kindly ask... Read more

10 more replies
Relevance 78.72%

Somehow I got infected with something that is putting a red circle icon with a white X in my task tray. Every 5 seconds it pops up a window stating "Your computer is infected!", etc. etc.

I would appreciate anyone's help of how to remove this. My spyware software did not resolve the problem. I have downloaded HighJackThis and below is the output of the scan.

Logfile of HijackThis v1.99.1
Scan saved at 8:02:16 PM, on 1/15/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
C:\WINDOWS\System32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\SpywareBot\SpywareBot.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\winstall.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:... Read more

Answer:"Your computer is infected!" popup from task tray

13 more replies
Relevance 78.72%

Dear everyone,

How are you people doing? Better than me, I hope. Can someone help me, please? My computer is affected by numerous spywares, viruses and a host of other malicious software. Hope all you people familiar with Hijack This will take a look at my Hijack This logfile (attached) and advise me what to do. Thanks in advance.

Right now, one of my biggest problems is an error message - which I suspect is spyware and malicious - that keeps popping up about every half a minute. As I was typing in this dialog box, it still keeps popping up bur disappears after a few seconds without any action from me. Here is the error message in its entirety:

QUOTE

Your computer is infected!
Possible harmful infection was dected on your PC
The system will now download and insall the most efficient spyware removal program to prevent private data loss and your identity theft.
Click here to protect your PC from the biggest spyware threats.

UNQUOTE

I have run Microsoft Anti-Spyware, Spybot Search & Destroy, avast anti-virus software, etc. but nothing seems to stop it.

I am hoping that Hijack This will reveal what spyware is affecting my computer system. Hope all you experienced users out there will help identity what are the spyware bugs in my system and advise me which to remove.

I am very new to Hijak This, so besides telline me which entries to remove, please also advise how I should go about doing it.


Thanks a bunch.

TobyGA
 

Answer:Spyware message "Your Computer Is Infected" Keeps Popping Up!

Welcome to MajorGeeks! Please complete the following:

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis
When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
Bitdefender
Panda Scan
HijackThis

 

1 more replies
Relevance 78.72%

Whenever I open my internet explorer I always get this message saying Your computer was infected by "Trojan.Win32.Obfuscated.gx" It happens everytime I open IE and it also does it whenever I try to open a new page. Heres a link to what it looks like when I try to load a page http://i61.photobucket.com/albums/h5...1/untitled.jpg

I dont know what the hell it means and I really want to get rid of it. All help is very appreciated, and heres my log

Logfile of HijackThis v1.99.1
Scan saved at 2:00:13 PM, on 12/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCO... Read more

Answer:Your computer was infected by "Trojan.Win32.Obfuscated.gx"

up to the top, need help guys please help me out

3 more replies
Relevance 78.72%

HI there,
please help restore browsing ability. I'm not tech-literate but I'll adapt. Something called ChangeIcon seems unremovable. But I'm sure that's the least of my pc's problems. Essentially, I can't browse without being hijacked by pop-up ads rendering the search engine immobile. Thanks in advance.
 

Answer:Browser Hijacked by "Infected Computer Warning" Pop-up Ads

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

7 more replies
Relevance 78.72%

I hit the WRONG website this morning doign a google search and got like 11 virus's that my Symantec Antivirus Corporate Edition removed. BUT....I have that red button with WHITE X that says "Your computer is infected" on my task bar list on the bottom left of my computer. I ran HijackThis and this is the log...

Logfile of HijackThis v1.97.7
Scan saved at 10:06:27 AM, on 5/16/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINNT\System32\3Com_DMI\3CDMINIC.EXE
C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
c:\PROGRA~1\NavNT\DefWatch.exe
C:\DMI\WIN32\bin\DellDmi.exe
C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
C:\Program Files\Dell\OpenManage\Client\DLT.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\Ghost\ngctw32.exe
c:\PROGRA~1\NavNT\Rtvscan.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\dmi\win32\bin\Win32sl.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Net... Read more

Answer:HELP! "Your computer is Infected" button? HijackThis Log included

Run HJT again and put a check in the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://lookfor.cc/sp.php?pin=76985
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://lookfor.cc/sp.php?pin=76985
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://lookfor.cc/sp.php?pin=76985
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
O2 - BHO: (no name) - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll (file missing)
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O16 - DPF: {C72242D0-3AB5-453D-842C-8A3C9AC0838D} - http://download.sidestep.com/get/k00719/sb027.cab

Close all applications and browser windows before you click "fix checked".
Click on the link below to download CWshredder.
http://www.intermute.com/spysubtract/cwshredder_download.html

Run the program and let it do it's thing. Make sure to click on "Fix" and not scan only.

Reboot.

Download the newer version of HJT from this link: Hijackthis and post your HJT log again.
 

1 more replies
Relevance 78.72%

followed all 5 steps:

Could not run hijackthis at first, but renamed it to analyzethis and it opened, as pointed out by another thread with a very similar problem as mine.

Popup from taskbar, red x and does not stop popping up with fake warnings.

===================HIJACKTHIS======================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:29 PM, on 10/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\msscntr32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\user\Desktop\analyzethis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/...arch.yahoo.com
R1 - HKCU\Softw... Read more

Answer:"Your computer is infected!" taskbar popup - xpsecuirtycenter

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3






* IMPORTANT !!! Save... Read more

2 more replies
Relevance 78.72%

Thanks for any and all help in advance.

I have gotten the virus with the little balloon that pops up over the system tray telling you that you are infected and should click the balloon to go to a site to download spyware software.

The machine cannot execute files related to spyware/virus removal. Internet sites are being blocked that have anything to do with sypware/virus removal.
Task Manager cannot be accessed. Manual adjustment is immediately countered by virus.

HJT will not run. So I followed the instructions in another post over to radiosplace.com to get the old version of HJT, which would execute.

This is my current log:

Logfile of HijackThis v1.99.1
Scan saved at 10:14:29 AM, on 11/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\uesiuqcr.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Nick\Desktop\tool.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uesiuqcr.exe,
O1 - Hosts: 208.78.218.62 forums.clubsi.com
O2 - BHO: getfn32.msiets - {21A237A4-3A94-4198-911D-647ED2263DD2} - C:\WINDOWS\system32\getfn32.d... Read more

Answer:"Your Computer Is Infected Balloon" Complete Takeover of my PC - HJT log

16 more replies
Relevance 78.72%

The message reads as following:


Code:
Your computer is infected!
Windows has detected spyware infection!

It is recomended to use special antispyware tools to prevent data loss.

Windows will now download and install the most up-to-date antispyware for you.

Click here to protect your computer from spyware!
This stupid message only started to appear after i used my school's wireless internet connection.

It would be awesome if you guys could help me fix this, since this laptop is used to make school projects and work things, that I can't afford to lose.

Answer:Weird PopUp Message. "Your computer is infected"

Do not attempt to run or install the antispyware 2009 (I believe that is the software it tells you to use) as it is a malware.

Google and download Spybot Search And Destroy.
Install Spybot search and destroy, follow the steps and it will 90% of the time remove everything related to that specific virus/spyware.

7 more replies
Relevance 78.72%

I am running Windows XP SP2 and in the lower right corner, on the start toolbar, I recieve a message in a balloon that "My computer is infected!" from a red shield that LOOKS LIKE the Windows Security Alerts but is not because when I click on it it tries to get me to buy software!

This has been bothering for days!! I have Ad-Aware 6 and I ran the scan and it removed everything BUT the balloon. I have also scanned with Panda Antivirus, and it removed everything BUT the red balloon. I have used McAfee (but had to delete ot use Panda) and it searched and found maybe a few things which I removed, BUT the balloon and icon are still there! I have also tried to use SpyBot search and destroy BUT it is still there! I hope someone sees my frustration before I am forced to reformat.

I have ran ALL of these programs in safe mood and they found stuff but balloon still there. I have also used AVG Anti-Spyware (the new version) and CCleaner but it is still there!

Below is the HijackThis log after I scanned with all of the above programs!

PLEASE HELP ME, I need it!

Logfile of HijackThis v1.99.1
Scan saved at 9:41:11 PM, on 1/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\... Read more

Answer:"Your Computer is Infected!" Balloon-Need HELP!! HijackThisLog Included

Hi biyoung,

Welcome to Tech Support Forum!

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

No need to reformat. It looks like you have a new variant of the Smitfraud infection. No worries, we'll take care of it in no time.

OK, here?s what we do first.

BEFORE BEGINNING, Please read completely through the instructions below. Please also print these instructions or copy them to Notepad (or another word processor), and save it for easier reference. This is because we will be in Safe Mode during the fix and you won?t be able to access the Internet to view these instructions.


1. Please download SmitfraudFix (by S!Ri):Extract the content (a folder named SmitfraudFix) to your desktop.
Please do NOT run a scan yet!

NOTE : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm



2. Please download CCleaner and save it to your desktop:Run the CCleaner installer.
During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
Please do NOT run a scan yet!


3. Please download... Read more

2 more replies
Relevance 78.72%

Hi, first post coming here but I had the exact same problem from a rogue anto-virus software called internet security2010, i got rid of the anti-virus with spyware doctor, and fixed the obviously fake background with the file suggested on the first page of this thread, and it worked! So I hope you can fix yours soon

Answer:Re: "Your System is Infected" is virus leeching my computer - help please! :)

Please go to this link and follow the directions and post the required logs.

1 more replies
Relevance 78.72%

I am having a problem with changing my background, everytime i go to properties my scroll bar is locked and i cannot browse for a new background or scroll to choose one, I have tried "ad-aware se" and ran "hijack this", but I don't really know what to fix with that, here is a copy of my hi jack log file:

EDIT: Inline log removed

any information that would help me to fix this problem would be a great help.
 

Answer:I cant change my background and i have annoying "computer is infected" pop ups.

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.



When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
CounterSpy - ONLY IF you were not able to run Windows Defender
Bitdefender - from step 6
Panda Scan - from step 6
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat
HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs... Read more

1 more replies
Relevance 78.72%

Ok so, I have Norton Anti virus 2007, and today, it detected a trojan virus, but it supposedly blocked and quarantined it. After that, i noticed that windows security center was not working, and all it was doing was showing a red shield with a white x on the system tray, and when i put my cursor over it it says "Your computer is infected !" and every now and then a little talk box pops up and says that my computer has been infected with spyware that has effected the registry.

When I click the red shield icon (both left and right click) it comes up with a window titled "question" and says "Would you like to update your security software and install Registry Cleaner?" and all i can do is click yes or no. If i click no, the window goes away, and nothing else happens, if I click yes, it installs registry cleaner v3.2, and i can scan it, but i can't delete any of the files unless i buy the full version.

First i started by performing a full system scan with Norton Antivirus, which came up with nothing I have run spybot, ad-aware, spysweeper, etc., i also used a program i have called Registry Mechanic, and none of the above fixed the problem.

After searching the internet for about 3 hours, i found HijackThis and ran it.

I would GREATLY appreciate it if somebody could help me fix this (the only other thing i can think of is windows restore, but I really don't want to have to resort to that)

Here is the HiJackThis log:


Logfile of Hija... Read more

Answer:Windows Security Center "Your Computer is Infected!" please help!

Hello TheCabo0se and welcome to TSF,

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

Install AVG Anti Spyware
Double-click the icon on Desktop to launch AVG
On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

--------------------------------------------------------------------

Download and install CleanUp! but do not run it yet. (Not Recommended for XP64).

-----------------------------------------------... Read more

1 more replies
Relevance 78.31%

This error message used to open whenever i clicked on something aswell as a message bubble on the taskbar. Which would then open a website for some "spyware removal tool". I have managed to get rid of the website link, however the message is still popping up.

Error Message as follows: "Your computer was infected by unknown trojan. It's dangerous for your system (critical files can be lost!)
Click OK to download the antispyware program to clean your system! (Recommended)"

I deleted these system files in safe mode which got ride of the website link:
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\NetProject\sbsm.exe

But as far as the rest i have no idea. ANY HELP WOULD BE APPRECIATED!!

HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:34 PM, on 21/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\mobsync.... Read more

Answer:Virus Error Message "Your computer was infected by unknown trojan." Vista Home prem.

Hi,

The tool I have a link to below with directions will run on Vista, but you may have to use "RunAs- Administrator" if you do not understand that, let me know.

Please read all through the info so you know what will be done.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

There is a Printable Version button up under the Thread Tools drop down menu that will let you print a nice text version of these instructions.
Alternate way to save directions:Open Notepad> Copy and Paste any text you wish into Notepad, and Save the file as something you will recognize like TSGhelp.txt and save it onto your desktop.
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------​
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please... Read more

1 more replies
Relevance 77.9%

There is a windows-esque ballon that says my "computer is infected". If I click on this balloon, my AVG pops up with

Threat Detected! C:\Doc&Settings\April\Installer.exe
Trojan Horse SHeur.BHNQ

I move it to the vault, but the balloon still doesn't go away. I have scanned with AVG Free 7.5, Ad-Aware 2007 Free. They don't find anything.

I've been researching but I'm not getting anywhere.

I am running XP.. Here's my Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:39:42 PM, on 5/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Mediafour\XPlay 3\XPlay... Read more

Answer:Solved: "Your Computer is Infected" virus

If you still need help please post a new hijackthis log.
 

1 more replies
Relevance 77.9%

a few days ago i aquired some type of infection that changes my background, i dont have the ability to change it, my pc is slower now and when i try to open IE it freezes my whole pc except when in safe mode. all my previous restore dates are gone. my log and panda scan were done in safe mode, i tried to do all five steps. i am unable to log into normal mode windows so i am doing everything in safe mode. i have ran scans with norton and trend micro and they both come up with infections but neither get rid of them.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:50 PM, on 8/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http:... Read more

Answer:background says "your computer is infected with spyware"

ended up just wiping the whole computer thanks anyways

2 more replies
Relevance 77.9%

I'm a n00b with a problem.
With nearly every click of the mouse,
I get a nasty popup:

Your computer was infected by unknown trojan.
It's dangerous for your system (critical files can be lost)!

Click OK to download the antispyware program to clean your system! (Recommended)

it comes from 89.149.227.195

so far I sort of followed this thread:
http://www.techsupportforum.com/security-center/hijackthis-log-help/226377-am-i-trouble.html

The problem is still here,
but now you have something to work with. ;)

spybot, VirusScan, RegScrubxp, spyhunter3 all didn't work

Can anyone help me?
please?:(
------------------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 016, on 25-3-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\V... Read more

Answer:"Your computer was infected by unknown trojan."pop-up

I have a quick question:
will the simple solution of making the system go back in time to the checkpoint of last friday work?

2 more replies
Relevance 77.9%

I recently got this little alert in my system trey with a ballon tip saying my computer is infected with something. Clicking on the icon takes me to some website for some scaning software.

I have run ad-ware which detects nothing, but kick started AVG to detect several trojans. Runing hijack this didn't bring up anything too alarming (fixed a few things which didn't resolve it - see bellow for most reset scan/log), ran ad-aware vx2, nothing, windoss "defender" nothing, spybot which detected a few things but didn't fix it, cwshreder, again nothing. So I'm really not sure where to go next.
Logfile of HijackThis v1.99.1
Scan saved at 2:37:17 PM, on 23/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5299.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CNAB3RPK.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\ASUS\PC... Read more

Answer:Solved: "You computer is infected" now buy our product...

* Click here to download smitRem.exe.
Save the file to your desktop.
It is a self extracting file.
Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop.
Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.

* Download the trial version of Ewido Security Suite here.
Install ewido.
During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido
It will prompt you to update click the OK button and it will go to the main screen
On the left side of the main screen click update
Click on Start and let it update.
DO NOT run a scan yet. You will do that later in safe mode.
* Click here for info on how to boot to safe mode if you don't already know how.
* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.
* Restart your computer into safe mode now. Perform the following steps in safe mode:
* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
* Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop
* Go to... Read more

3 more replies
Relevance 77.9%

Hi,

OK ive ran the latest versions of ad-aware, spybot and AVG, CW shredder and still i have a couple of problems with my PC.

One is that is the taskbar at the bottom a mock message is displayed saying that your computer is infected with malware and please visit this site to get rid of it.

The other is that whenever i run internet explorer the first page to come up is not my home page (which i have checked and is the same as ever), but www.updatesystempage.com which is another dodgy spyware thingy.

Apart from that i think its OK.

I think hijackthis could fix the problem but im not sure what to delete can anyone help?

heres my log...
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\Program Fi... Read more

Answer:malware infection "Your computer is infected!"

* Click here to download smitRem.exe.
Save the file to your desktop.
It is a self extracting file.
Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop.
Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.
* Download the trial version of Ewido Security Suite here.
Install ewido.
During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido
It will prompt you to update click the OK button and it will go to the main screen
On the left side of the main screen click update
Click on Start and let it update.
DO NOT run a scan yet. You will do that later in safe mode.
* Click here for info on how to boot to safe mode if you don't already know how.
* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.
* Restart your computer into safe mode now. Perform the following steps in safe mode:
* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
* Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop
* Go t... Read more

3 more replies
Relevance 77.9%

My families computer has become infected with some sort of virus or spyware. The wallpaper has been changed to "Your Computer Is Infected" and also a red "X" icon in the system tray gives pop ups telling me I'm infected as well. Also I am suffering from redirects and popups. I also cannot access Task Manger because its been disabled by Administrator. Even if I log in through "Administrator" on Safe Mode it won't let me access task manger. I have Windows XP SP2.




DDS (Ver_09-12-01.01) - NTFSx86
Run by Luke at 0:54:54.78 on Sun 01/03/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.169 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
... Read more

Answer:"Your Computer Is Infected" Wallpaper/Redirects

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my ins... Read more

11 more replies
Relevance 77.9%

A pop up comes constantly in my task bar that says:
Your computer is infected!
Dangerous malware infection was detected on your PC
The system will now download and install most efficient
antimalware program to prevent data loss and your private
information theft.
Click here to protect your computer from the biggest malware
threats.

(I copied it exactly, no grammer errors on my end)

Then my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 9:34:01 PM, on 1/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\AOL\1133595674\ee\AOLSoftware.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
c:\program files\common files\aol\1133595674\ee\aim6.exe
C:\WINDOWS\System32\svchost.exe
... Read more

Answer:"Your computer is infected!" Message & Spyaxe

I have the exact same problem....though I have no clue how to fix it.

6 more replies
Relevance 77.9%

Dont know whats wrong. Heres my HJT log after a restart.
Logfile of HijackThis v1.99.1
Scan saved at 6:46:08 PM, on 6/29/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\S4F\Filter7.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\intel32.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Yahoo!\Messenger\YPAGER.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\PHIL\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/i... Read more

Answer:Getting a "Your computer is infected" in tray on start up

16 more replies
Relevance 77.9%

So recently my computer has seemed to have caught a nasty virus. It's changed my background to a green screen with in a black box the words "Your system is infected! etc." and a program internet security 2010 has installed itself which keeps prompting me to scan/update etc.

I have avg free security and would really appreciate some help on this issue. Im not exactly the greatest with computers.

Answer:green screen, "your computer is infected"

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 77.9%

Help! I keep getting windows pop-up balloons from the start bar next to the clock telling my my PC is infected with a "back-door" trojan (at least I think that's what it said). What do I do? I have Nod32 but clearly it hasn't blocked it and I'm not quite sure how to use it. I have run Spysweeper, but am still getting these messages. All help appreciated.
 

Answer:Solved: Computer infected with "trojan"?

16 more replies
Relevance 77.9%

Hello, I am new to this forum and I need help. I keep getting a message from a blinking icon on the bottom right hand side of my screen next to the clock. It is a message warning me that my computer is infected. I ran the following programs in the follwing order:

1.AdAware
2.Spybot
3.CleanUp4.0
4.A-squared
5.ewido
6.smitfraudfix
7.hijack this

I ran this b/c I saw someone post this and they said it worked pretty good. Now I have problems such as getting the windows installer to execute everytime I open an MS Office program or even if I want to open the Internet Explorer. I cancel them and then the programs do open...wierd.

Well, after I ran hijack this, I recorded the log and thoght I'd post it, so here it is:
--------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:52:10 PM, on 3/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Share... Read more

Answer:"Keep geting notice that computer is infected"

hi, welcome to TSG.
Disable ewido security guard until we are finsihed!
you don't appear to have a firewall, even if you have a router you still need
a software frewall, downlaod the one from the link below!
Filseclab Personal Firewall Professional Edition
http://www.filseclab.com/eng/download/downloads.htm
use this site to confgure filseclab , see page 7 and post 165 of that thread!

http://www.wilderssecurity.com/showthread.php?t=92710
Use this site's shields up to test filseclab and see if it is stealthing, some rules may have to be changed to " out " to pass the tests!
http://grc.com/


Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129
* Click the Free Trial link under "Downloads/SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits
o Please UNCHECK Do not Sweep System Restore Folder.
* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the... Read more

1 more replies
Relevance 77.9%

Yesterday, I was browsing causually, I cant remember which site I was on. Anyway, A window Came up, a genuine firewall window, "Firewall is Blocking Certain Aspects of Svchost.exe. Keep Blocking?" As i thought scvhost must have been corrupted or something, i clicked on Keep Blocking.

Immediately, my computer just restarted, and when i turned my computer on, I got a dodgy message about "Your Computer is Infected! You Spyware!" or something along those lines. There was a red X Which was somewhat different than my Usually Icon As i have a vista iconpack mod ( im sure this is not the cause). The Red X would be shiny usual, but this time it wasnt. I read the message and there were many grammar and spelling mistakes such as "pervent" instead of "prevent" etc. Also, my Internet Explorer, not my Firefox hompage, had been changed to Google from something else.

I was offline and I was sure nothing could happen, so i clicked it and the download window came up, but the fake antispyware couldnt download. I traced the process using Task Manager and came up with the result "wini10801.exe" I then did a search for it, after ending its process tree, and found it in the system32 dir, where i scanned it and moved it to AVG Virus Vault. I have worked out some of the anatomy of the virus. "brastk.exe" is loaded at startup causing the message to appear and "wini10801.exe" is the downloader and installer. The rest of the corrupt... Read more

More replies
Relevance 77.9%

I am running XP Pro Symantec detected spyware. File was quaranteened and deleted. A white X in a red circle is now in teh systrey. Dialogue box states "Your Computer is Infected! Windows has detected spyware infection! It is recommended to use a special antispyware tools to prevent data loss. Windows is now download and install the most up-to-date antispyware for you. Click here to protect your computer from spyware!"

there is no redirection from left or right mouse clicks over the red Circle X.
I took the computer off line, stopped system restore, rebooted into safe mode, ran a full system scan with nothing found. rebooted and teh circle X remains. Can someone please assist.
 

Answer:Solved: Red X in systray "your computer is infected"

16 more replies
Relevance 77.9%

Hello, today norton anti virus informed me that i had trojan.nebular on my computer but it couldnt be deleted nor quarantined. I read another post about someone with the same problem so i did the first step of scanning my computer with hijackThis. Any help would be
greatly appreciated ASP. Thankyou.
Here is my log:
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theglobeandmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesea... Read more

Answer:My Computer Is Infected With "Trojan.Nebular" !

Hi and welcome to TSG,

Download AVG Anti-Spyware from HERE and save that file to your desktop.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.

Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.

Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:

Launch AVG Anti-Spyware by ... Read more

1 more replies
Relevance 77.9%

Hello All,

I am getting a popup on my taskbar telling me I have "Windows security problems", and "infected files found". Also, when i search using google, when i click on links it redirects me to various sites and I must go back numerous times to be able to access the actual site.

I followed the 5 steps, here are the logs:

Panda:

Incident Status Location

Adware:Adware/AVSystemCare Not disinfected E:\WINDOWS\system32\encde.dll
Spyware:Cookie/RealMedia Not disinfected E:\Documents and Settings\Christofi\Cookies\[email protected][1].txt
Spyware:Cookie/YieldManager... Read more

Answer:Hijack Log Help - "Your computer is infected" on taskbar

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

I see from your Panda log that you may already have ComboFix on your machine. I need you to delete it, and get the latest version from one of the links below. ComobFix is updated frequently, and should never be used unsupervised.
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Place combofix.exe on your Desktop
Disconnect from the internet....pull the plug!
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
Double click on combofix.exe & follow the prompts. Type 1, then press Enter to start the fix.
Your desktop may go... Read more

7 more replies
Relevance 77.9%

I have followed the 5 steps to take prior to posting a thread:

After startup, when I get to the desktop I receive the following message in the tray:
"Your Computer is infected! Windows has detected spyware infection. It is recommended to use special antispyware tools to prevent data loss. Windows will now download and install the most up-to-date antispyware for you. Click here to protect your computer from sysware".

Within 10 seconds the PC automatically restarts and the above will repeat without end. I don't even have enough time to open the task manager prior to the restart, the screen just goes black immediatley and it starts up from a complete shutdown.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:37 PM, on 10/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://... Read more

Answer:"Your Computer is infected" Continuous shutdown

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Use Safe Mode for running ComboFix if necessary.

------------------------------------------------------

Download Combofix from any of the links below. You must r... Read more

5 more replies
Relevance 77.9%

I have searched to see if this was asked before without any success. Maybe someone has run into this problem before.
When I open "my computer" or "control panel" after I close it...it automatically goes into Internet Explorer as a blank page. Most of the time, when I close the IE blank page...it stops responding and I have the control-alt-delete to "end the program"
Thanks in advance for any help.
 

Answer:closing "my computer" or "Control Panel" open internet explorer window

Possibly malware - anything openning ie on its own raises an alarm in my books. Post a HJT log to the malware removal section of the forum and let the experts take a look at it
 

3 more replies
Relevance 77.9%

The hard drive is a Western Digital 320 GB that I've had plugged into this computer before (and worked). Then i got a virus and had to do a recovery of windows.

Ever since then I can't get windows to recognize/show it in my computer. I just "disabled" and "enabled" it in device manager to no effect. I have a C, D, and E drive which are: two partitions on the hard drive, and then the CD drive (respectively).

So i'm stuck, not sure where to proceed since it's obviously not the hard drive itself, I use it on my xbox all the time. What next?

Answer:External Hard Drive doesn't show up in "my computer" but does in "device manager"

Does it show in Disk Management ? ?
Right clik My Computer...select Manage...then Disk Management.
Find the drive...right clik it and select Properties.
Report back with your findings.

15 more replies
Relevance 77.49%

About a month ago Computer Associates' internet security suite (free through my ISP) told me it couldn't update. Tried a couple of things and gave up. Uninstalled CA and installed AVG Free. Same thing. AVG Free can't update. Today I got a message "attention...trojan spm/lx...etc." with a prompt for a web page, but instead I closed the window from the top right corner. Today I also got a background on my desktop that said "your system is infected, system has been stopped due to a serious malfunction".

I started through some of the threads on this site, and was looking at a promising thread (855938-trojan-spm-lx-infection..) that cybertech posted and instructing kramer8886 to run malwarebytes. I installed malwarebytes and it opens but self closes in a matter of seconds (regardless if I hit quick scan or not).

Some additional symptoms:
1. Can't open computer in Safe Mode
2. Can't use "run" from start menu
3. Can't use volume on computer
4. Malware is redirecting my url choice to its own choices

This is the first virus that I can't seem to deal with myself. Any help is appreciated
 

Answer:Malware indicates "trojan spm/lx" and "your system is infected"

Windows XP operating system
It has also disabled my Task Manager and is currently running something in the background
 

2 more replies
Relevance 77.49%

Today at some point all this "Antivirus Software" started popping up telling me how my computer was terribly infected and I need to downloaded their software to get rid of it etc. Well I never had that software so I knew something was wrong. Now I keep getting these "Antivirus software alert" popups that say INFILTRATION ALERT - Your computer is being attacked by an internet virus etc etc and gives details and asks if I want to block this attack. But mainly popups come up every 30 seconds or so saying, "Application cannot be executed. The file wmiadap.exe is infected. Do you want to activate your antivirus software now?" I noticed the file changes. Sometimes rundll32.exe or wuauclt.exe. I ran SuperAntiSpyware before I found here because it was the only thing suggested that I could find. I only got it to work in the short window that I had when I would restart my computer, then could download the file quickly, then I had to restart again and start the scan because after about 2 minutes, everything on my computer is worthless. Can't open any files, downloads, anything. So I'm typing this through a sea of popups and Security Warning windows and past porn popups. Anyways, any help would be greatly appreciated. Thanks in advance!

Jonathan L.

Answer:"Application cannot be executed. The file "---" is infected"

Solved: booted in safe mode and system restored to last week. \o/ victory. hope this might help someone :)

4 more replies
Relevance 77.49%

I am trying to rebuild by search index because my computer won't let me arrange items using the "Arrange By" option... However, when I try and load my indexing options to rebuild the index it will sit there and say "Waiting to receive indexing status". If I click the "Advanced" button it will freeze... I also receive an icon and loading display problem SEE PIC#1. Also when I click on "My Computer" it sometimes will sit there searching and it won't load. SEE PIC#2

I have tried the following:
1. Restarting the "Windows Search" service multiple times at different boots.
2. Deleting the files contained in the folder "C:\Windows\System32\config\TxR\". http://support.microsoft.com/kb/2484025
3. Stopping the "Windows Search" service then I opened up "regedit". I went to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSearch, SetupCompletedSuccessfully" I changed the value from a 0 to a 1. Then I rebooted my PC. I then went back to the same key and changed it back to a 0 and rebooted my PC again.
4. Turning the "indexing service" on and off from the "Turn Windows Features on or off" menu.
5. Microsoft Fixit Indexing Troubleshooter
6. Sfc /scannow
7. Tried this hotfix http://support.microsoft.com/kb/977380
8. Tried another user account and creating a new user account
9. Tried resetting folder view to "defaults" http://www.sevenforums.com/tutorials/15692-... Read more

Answer:"My Computer" won't load, Disappearing Icons, & "Arrange By" option won't work. Help?

13 more replies
Relevance 77.49%

my computer was hijacked by "support tool" a so called virus protection hijacker. i'm in safe mode with networking now & attached you see my hjt log file. help please. THanks!

actually, i'm on a different computer. it has windows xp home ed. & its a dell inspiron 530S

also, in trying to fix the problem initially, my wife deleted the file "rundll32" beacause the virus stated that had a virus error. so this file may be missing as well & we may need to replace it.
 

Answer:Computer Hijacked by "Support Tool" "Virus Protection" Prog

I posted this yesterday to get help for a "Support Tool" hijack on a computer. Please help. Log file attached. Thanks.
 

3 more replies
Relevance 77.49%

Which one should I do? I originally wanted to just do "Return computer to factory condition" but Theog just suggested "Use A System Image Created Earlier." I have no idea what to do. So confusing!

Answer:"Return computer to factory condition" or "Use A System Image Crea..."

Hello M4TE and welcome to Seven Forums. Sorry for the delay in responding but I just came across your question.

Most newer manufactured computers have a hidden recovery partition on the hard drive. The manufacturer provides specific instructions on how to access that partition in case you want to restore your machine to the exact condition it was in when it left the factory. That means you'd have to go through the time consuming process of cleaning out factory bloatware (like free trials of programs you'll never need), installing programs you do need, updating everything, creating your personal settings, etc. Here is a general idea of how to access the hidden recovery partition.

HP Recovery From Partition

Let's say it took you a day or two to set up your machine to your liking using the hidden recovery partition. A System Image is like a snapshot of your entire hard drive. It will include everything from the operating system to all your programs, files, photos, music, all updates ... everything. Most folks keep it on a separate external hard drive. Let's say a week later you get a virus or your machine crashes for some reason. You can use that System Image to return your machine to the exact condition it was in when you made the image. Usually takes about 30 minutes or so and you're back in business. It's a lot faster and more convenient to only worry about a week of updates compared to probably months with the hidden recovery partition. The newer a System Image is the... Read more

1 more replies
Relevance 77.49%

I have a big problem here,
I have used my hard disk for 9month,
Yesterday when I watched movie on the half way,
My hard disk suddenly disfuntion,
And I thought my laptop problem due to always lagging so I restart my computer.
But after that I can't read my hard disk (WD)in my computer.
It can read in computer management there.

Ways I try:
1)I try to uninstall and reinstalled again,BUT it doesn't work.
2)I try to unchecked the hide folder and device at view.
3)I try to update the software BUT it still disfunction.
4)I try to use disk management and initialized it BUT there appeared CANNOT INITIALIZED Due to I/O device error.

Any solution for me ?

Answer:Hard Disk can't read in "my computer ", "initialized",I/O device error

The most usual cause is that the Hard Drive is beginning to fail. Back up your stuff. Go to the website of the manufacturer and test the drive.

8 more replies
Relevance 77.49%

Not a major issue, of course, purely cosmetic, but still a minor annoyance none-the-less:

I have a number of card reader drives that I never use (haven't even removed that plastic cover tape from them to help keep the dust out) that show when viewing the "Computer" window that displays drives. Is there any way to hide specific unused drivers from this view? Not remove drive entirely, of course, I may need to use one in the future, but just to hide them so they aren't visible, until I may chose to make them visible again?

Thanks as always,

Russell

Answer:Hiding unused "removable storage" devices from "Computer" folder

Hello Russell,

You could check Hide empty drives in the Computer folder in Folder Options to have them stay hidden until you insert a card. When a card is inserted, the drive will display in Computer.

Drives - Hide or Show Empty Drives in Computer Folder

Hope this helps,
Shawn

3 more replies
Relevance 77.49%

Does anybody know how I can change these icons?

I changed the default icon for the network one in HKEY_CLASSES_ROOT\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C} but it didn't change.
Appreciate any help,

B

Answer:Changing "Computer" and "Network" icons in explorer navigation pane

Hello, and welcome to Seven Forums.

If you like, you could use the method in the tutorial below to change the icon of "Computer" and "Network" to what you like, and have it applied everywhere in Windows.

Desktop Icons - Change or Restore Default Icon

3 more replies
Relevance 77.49%

Hewlett-Packard
HP Pavilion dv7 Notebook PC
Intel(R) Core(TM) i7 CPU
RAM: 6 GB
64-bit Operating System

It started while i was browsing anime viewing websites on Firefox.(Both of which I've used for years.) Also note AVG's Resident Shield was online, and i don't remember going anywhere strange or downloading strange files. I had scanned used malwarebytes anti-malware the day before and found nothing.
Randomly, I received a blue screen stating something like "Client side encryption is not supported by the remote server even though it claims to"

After restarting, my computer failed to start normally.(I think it failed to load the operating system?) It went to some kind of auto repairing thing to fix itself in order to startup properly. But it failed.

Safe mode = same as above

Last Known Good Configuration = same as above

Bootlogging? Debugging? Description was it would mention at which startup file it failed to load. It loaded files from the top of my screen to almost the middle, which is about < 10 things. It failed, and without telling me any new information, did the "same as above".

3 attempts of system restore. One was more than a month ago. It would get to the end and "finish" restoring for a brief moment, then immediately show an error pointing to "...Appdata/Roaming/Firefox/(jumble of letters).profile/session(the rest was cut off, but i thought i could see half an "s") It said it couldn't replace the file?

chkds... Read more

Answer:"Client Side Encryption not supported by..." --> "computer failing to load"

Its the server that you were on, it did not like the encryption that that server was using.

4 more replies
Relevance 77.49%

Problem:

Everything was running fine until yesterday, when my PC crashed with the BSOD giving me the "IRQL not less or equal" error. I ignored it and carried on- which resulted in the computer crashing with "Memory management" blues whenever I started something that was not the browser (It later started crashing on browser start too).

I first thought it was the temperature - Memtest95 and GPUtemp said otherwise.

So I started testing the RAM (taking one DIMM out) with Memtest86- It passed 4 cycles, so I shut the PC down and put the other DIMM in.

When I turned the PC on again, there was no signal sent to my screen, and none to my keyboard (and the HDD light on the front of the case did not start blinking like usual). The fans were running, so I figured something might be wrong with the DIMMs I put in. I removed the graphics card and plugged the screen into the motherboard.

Now the screen gets a signal, background lighting starts up, and then it shuts down to hibernation again. This repeats itself until the machine is shut down manually.

I got no idea what to do.

System specs: http://pastebin.com/DQwejZLx
I can not post the Minidump folder, since the PC can't start and I did not back it up. Sorry.

Thank you for your help.
 

More replies
Relevance 76.67%

My son is going to take his old desktop to his school to let a specific group use it.
We do not want to 'just reformat' since it's an older Sony that had Me on it originally (yuck) and we installed XP. If anyone has ever done this w/ a Sony, then they know how time consuming it was: you have to d/l many programs, drivers, etc; install some before XP and some after. In short, it's a chore.

Therefore, I'd like to use some program(s) that will help me completely delete programs and files from the HDD. Obviously, I want to make sure none of the data deleted can be recovered if someone were to go playing around (most of these folks are not very computer savvy, but I don't want to leave it to too much chance).

You folks have always been the BEST help to me in the past, and I'm looking forward to more of the same :>... any suggestions for reliable (hopefully free!) software to do this?

Thanks in advance!
Maggie
 

Answer:Donating Computer - Need to "clean" out all personal "stuff" -- Best Program(s) ?

I dont think you will find a software program smart enough to delete what you dont want and keep what you want, use the remove option in the control panel, and go to my documents and delete your personal things. ed
 

15 more replies
Relevance 76.67%

I have some irritating hijackers/adwares on my computer! There are the Home Search Assistent/Search Extender/Shopping Wizard programs that I cannot delete. There is also the about:blank hijacker that keeps taking over my home page. Then, I also see this fake warning about "your computer might be at risk" and that wants me to download a searchclick.cc file or something.

I would appreciate any help.

Here is my HJT log:

Logfile of HijackThis v1.99.0
Scan saved at 1:19:49 PM, on 3/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\acs.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\javaot.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\V... Read more

Answer:"Home Search Assistent" and "about:blank" hijackers have taken over my computer!

Hi there and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.


We also suggest that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

regards
alba

4 more replies
Relevance 76.67%

Well, about an hour into my Vista Expirance... maybe after my 4th or 5th reboot... I couldnt open Control Panel. No error or anything.. just you see a small window where control pantel should be, then closes in less than 1 second. If you try to right click on My Computer, then go to properties (to see like computer info) it dosent do anything at all....

?

So I format.... everything is Good to go.. and at a totally different time, before I even load any drivers... same deal. No Control Panel or anything.

I tried pressing F8 and trying Disable Driver signature enforcement and it worked for 1 reboot... now again, no control panel... ?

WTF?

Thanks
 

Answer:Vista - Cannot Open Contol Pantel or "Properties" of "Computer"

Set the overclock in your sig back to default before installing?
A Mobo BIOS update available?
Innecessary peripherals disconnected whilst installing?
Just thoughts. It sounds like a hardware related glitch of some sort or other.
 

17 more replies
Relevance 76.67%

I have run webroot antivirus with antispyware, several times. Every time I do, it finds the same virus (sometimes others with similar names). This is from the latest scan:

Mal/EncPk-CZ
Troj/FakeAle-FK

and some cookies. However often I quarantine them, they reappear on the next scan and I also can't get the desktop to go back to its normal appearance, it's gone white with a big warning (as above) and refers to:

win32/adware.virtumonde
win32/privacyremover.M64

having been detected on my computer.

I have gone through the 5 steps.

This is the active scan log:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-21 18:37:14
PROTECTIONS: 1
MALWARE: 13
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Webroot AntiVirus with AntiSpyware 5.8.1.55 Yes Yes
;==============================================================================================... Read more

Answer:Can't get rid of "Troj/FakeAle-FK" and "Warning! Spyware detected on your Computer!"

Hi Henry


Disable SpySweeper's realtime protection. Open Spysweeper and click on Options
Choose Program Options and uncheck
load at windows
startup
.
On the left click
shields
and then uncheck everything.
Uncheck
home page shield
.
Uncheck
automatically restore default without notification
.
Exit the program.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any... Read more

19 more replies
Relevance 76.67%

Are both these things features built into Windows? I've never seen them on my PC (I have an HP notebook + docking station).

Pics were taken on a Lenovo Thinkpad T61 FWIW....

And how would I enable the docking in Windows? Must I install Windows with the machine docked?
 

Answer:"Undock Computer" & "Run in separate memory space" Qustions...

I don't know about the first question, but the undocking option should be on every laptop that's docked. I've often installed XP on my previous laptop while undocked....and that option has appeared the first time I popped it on the dock.
 

4 more replies
Relevance 76.67%

Hi there,

I didn't really know how to google for this (although I did), so I didn't find anything proper and like to ask you: How do I remove the "labels" from drive types in "Computer" window? What I mean:
These labels above the different drives are really annoying, as I'm accustomed at one item after another and somehow one could change it to that view in every OS every since (XP, Vista), but now it doesn't seem to work? (I tried all the context menu items )

Any ideas? Thanks for your help in advance, much appreciated!

Kind regards

Answer:Remove "labels" from drive types in "Computer" window?

you can change the view a bit by using the button highlighted below - i don't know if you can remove the labels though...

7 more replies
Relevance 76.67%

Just formatting an old PC HDD, it is in a caddy and is an old PATA disk.
When plugged in to my PC it always appeared as three seperate drives.
I have deleted and amalgamated these to a single volume, and am attempting to format NTFS.
After completing the wizard, I notice it's formatting as RAW.
Should I stop it....and how?
Can I make it format as NTFS?

Answer:"Computer Management" formatting disk as "RAW", how to force it to use NTFS?

It'll only show RAW when its not formatted
Wait until its finished ad see what it says then.

7 more replies
Relevance 76.67%

Last night when I turned my computer on, it came on and was running scan disk--I think someone shut it down without logging off. I hit the "enter" key and all of the sudden the computer went dead and the off/on light went from green for on to orange/yellow. Does anyone know what this means?
Thanks
 

Answer:Computer shut down - CPU Light went from "green (on)" to "orange/yellow"

I have no idea, but I bet someone else on these forums does. But if I were you, while I was waiting for a response I would look on google...
 

4 more replies
Relevance 76.67%

My hard drive not showing in "my computer" or "Disk Management" but is showing under device manager. I got the hard drive from a friend and his dad had put a Password encryption on it. Any Ideas?

Answer:Hard drive not showing in "my computer" or "Disk Managment" help?

Have you installed the Windows 10 anniversary update, could be that giving problems i lost my 3 TB HD but luckily came back when i rebooted

1 more replies
Relevance 76.67%

My hard drive not showing in "my computer" or "Disk Management" but is showing under device manager. I got the hard drive from a friend and his dad had put a Password encryption on it. Any Ideas?

More replies
Relevance 76.67%

My office just upgraded, and I can no longer use Windows XP. On this system, I was able to add a separate taskbar to facilitate quick access to commonly-browsed folder locations on our vast network, and another one expedited the launching of useful programs and lists. Each task on each taskbar was represented with a big custom icon to save eye strain. I had them installed in opposite vertical margins, and they were set on auto-hide to keep them out of the way when not being used. Just move your mouse pointer to the left or right margin, and BAM! Sorry for the cliche, but I really got used to the convenience of what I had set up, and I just don't think I can be as efficient without anything comparable.

Now there appears to be nothing comparable in the Windows 7 GUI, and it's making me sick with rage! I see only the option to put a "toolbar" on an existing "taskbar", and no option to create any additional taskbars! This cramps up your one-and-only taskbar, plus the tiny toolbar access buttons require way too much precision for anything that's supposed to be quick. When you've figured out how to bring up that ridiculous button, the list that it yields is small enough to cause painful eyestrain - nothing efficient, much less cool about this at all! I have seen customization options in other OS GUIs that may have resolved some of these issues, but I see none such in W7.

I have tried every google search string that I can think of, and found... Read more

Answer:Need to add "TASKBARS" (MSese for "Launchpads", "Docks" NOT "Toolbars"

Several possibilities here: Second taskbar in windows7? [Solved] - Windows 7 - Windows 7

1 more replies